Table 4:Predefined user categoriesUsername User rightsVIEWER Read only accessOPERATOR • Selecting remote or local state with (only locally)• Changing setting groups• Controlling• Clearing indicationsENGINEER • Changing settings• Clearing event list• Clearing disturbance records• Changing system settings such as IP address, serial baud rateor disturbance recorder settings• Setting the IED to test mode• Selecting languageADMINISTRATOR • All listed above• Changing password• Factory default activationFor user authorization for PCM600, see PCM600 documentation.2.4.1 Audit trailThe IED offers a large set of event-logging functions. Normal process-relatedevents can be viewed by the normal user with Event Viewer in PCM600. Criticalsystem and IED security-related events are logged to a separate nonvolatile audittrail for the administrator.Audit trail is a chronological record of system activities that allows thereconstruction and examination of the sequence of events and changes in an event.Past user and process events can be examined and analyzed in a consistent methodwith the help of Event List and Event Viewer in PCM600. The IED stores 2048system events to the nonvolatile audit trail. Additionally, 1024 process events arestored in a nonvolatile event list. Both the audit trail and event list work accordingto the FIFO principle.User audit trail is defined according to the selected set of requirements from IEEE1686. The logging is based on predefined usernames or user categories. The useraudit trail events are supported in IEC 61850-8-1, PCM600, LHMI and WHMI.Table 5:Audit trail eventsAudit trail event DescriptionConfiguration change Configuration files changedFirmware changeSetting group remote User changed setting group remotelyTable continues on next pageSection 2 1YHT530004D05 D615 series overview40 615 seriesTechnical Manual