CHAPTER 2: PRODUCT DESCRIPTION ORDER CODESD30 LINE DISTANCE PROTECTION SYSTEM – INSTRUCTION MANUAL 2-72Table Notes:RW = read and write accessR = read accessSupervisor = RW (default), Administrator = R (default), Administrator = RW (only if Supervisor role is disabled)NA = the permission is not enforced by CyberSentry securityCyberSentry user authenticationThe following types of authentication are supported by CyberSentry to access the UR device:• Device Authentication (local UR device authenticates)• Server Authentication (RADIUS server authenticates)The EnerVista software allows access to functionality that is determined by the user role, which comes either from the localUR device or the RADIUS server.The EnerVista software has a device authentication option on the login screen for accessing the UR device. When the"Device" button is selected, the UR uses its local authentication database and not the RADIUS server to authenticate theuser. In this case, it uses its built-in roles (Administrator, Engineer, Supervisor, Observer, Operator, or Administrator andSupervisor when Device Authentication is disabled) as login names and the associated passwords are stored on the URdevice. As such, when using the local accounts, access is not user-attributable.In cases where user-attributable access is required especially to facilitate auditable processes for compliance reasons, useRADIUS authentication.When the "Server" Authentication Type option is selected, the UR uses the RADIUS server and not its local authenticationdatabase to authenticate the user.No password or security information is displayed in plain text by the EnerVista software or UR device, nor is suchinformation ever transmitted without cryptographic protection.CyberSentry server authenticationThe UR has been designed to direct automatically the authentication requests based on user names. In this respect, localaccount names on the UR are considered as reserved and not used on a RADIUS server.The UR detects automatically whether an authentication request is to be handled remotely or locally. As there are five localaccounts possible on the UR, if the user ID credential does not match one of the five local accounts, the UR forwardsautomatically the request to a RADIUS server when one is provided.If a RADIUS server is provided, but is unreachable over the network, server authentication requests are denied. In thissituation, use local UR accounts to gain access to the UR system.2.3 Order codesThe order code is on the product label and indicates the product options applicable.|---------- Records R R R R R|---------- Product Info R R R R RMaintenance RW RW R R R|---------- Modbus Analyzer NA NA NA NA NA|---------- Change front panel RW RW RW R R|---------- Update firmware Yes No No No No|---------- Retrieve file Yes No No No NoAdministrator Engineer Operator Supervisor Observer