8-10 D30 Line Distance Protection System GE Multilin8.2 CYBERSENTRY 8 SECURITY8Table Notes:1. RW = read and write access2. R = read access3. Supervisor = RW (default), Administrator = R (default), Administrator = RW (only if Supervisor role is disabled)4. NA = the permission is not enforced by CyberSentry Securityd) REMOTE AUTHENTICATIONThe UR has been designed to automatically direct authentication requests based on user names. In this respect, localaccount names on the UR are considered as reserved, and not provided on a RADIUS server.The UR automatically detects whether an authentication request is to be handled remotely or locally. When an externalRADIUS server is used, the UR forwards all authentication requests for non-local user accounts to a remote RADIUSserver, and no authentication is managed at the UR itself.As there are only five local accounts possible on the UR, if the user ID credential does not match one of the five localaccounts, the UR automatically forwards the request to a RADIUS server when one is provided.If a RADIUS server is provided, but is unreachable over the network, remote authentication requests are denied. In this sit-uation, use local UR accounts to gain access to the UR system.See the specific RADIUS server instructions for information on how to provide user accounts and user roles on theRADIUS server itself. User roles provided in the server must conform to those specified above.Remote user IDs must reside on an external RADIUS server, and must be provided with the requisite user role (see the fol-lowing example). Users are specified in the RADIUS server configuration file for users. Roles are specified in the RADIUSserver dictionary.Example:In the file ‘users’:exampleusername User-Password == "examplepassword"|------------ Change Front Panel RW RW RW R R|------------ Update Firmware Yes No No No No|------------ Retrieve File RW R R R RRoles Administrator Engineer Operator Supervisor ObserverNOTE
