GE Multilin D60 Line Distance Protection System 2-52 PRODUCT DESCRIPTION 2.1 INTRODUCTION2Example: Administrative functions can be segmented away from common operator functions, or engineering typeaccess, all of which are defined by separate roles, as shown in the following figure, so that access of UR devices by multi-ple personnel within a substation is allowed. Permission for each role are outlined in the next section.Figure 2–3: CYBERSENTRY USER ROLESThere are two types of authentication supported by CyberSentry that can be used to access the UR device:• Device Authentication (local UR device authenticates)• Server Authentication (RADIUS server authenticates)The EnerVista software allows access to functionality that is determined by the user role, which comes either from the localUR device or RADIUS server.The EnerVista software has a device authentication option on the login screen for accessing the UR device. When the"Device" button is selected, the UR uses its local authentication database and not the RADIUS server to authenticate theuser. In this case, it uses its built-in roles (Administrator, Engineer, Supervisor, Observer, Operator) as login names and theassociated passwords are stored on the UR device. As such, when using the local accounts, access is not user-attribut-able.In cases where user attributable access is required especially to facilitate auditable processes for compliance reasons, useRADIUS authentication only.When the "Server" Authentication Type option is selected, the UR uses the RADIUS server and not its local authenticationdatabase to authenticate the user.No password or security information are displayed in plain text by the EnerVista software or UR device, nor are they evertransmitted without cryptographic protection.CYBERSENTRY USER ROLESCyberSentry user roles (Administrator, Engineer, Operator, Supervisor, Observer) limit the levels of access to various URdevice functions. This means that the EnerVista software allows for access to functionality based on the user’s logged inrole.Example: Observer cannot write any settings.The table lists the roles that are supported and their corresponding capabilities.Table 2–3: PERMISSIONS BY USER ROLE FOR CYBERSENTRYRoles Administrator Engineer Operator Supervisor ObserverComplete access Complete accessexcept forCyberSentrySecurityCommandmenuAuthorizeswritingDefault roleDevice Definition R R R R RSettings|------------ Product Setup|--------------- Security (CyberSentry) RW R R R R|--------------- Supervisory see table notes R R see table notes R|--------------- Display Properties RW RW R R R
