5-20 G30 GENERATOR PROTECTION SYSTEM – INSTRUCTION MANUALPRODUCT SETUP CHAPTER 5: SETTINGS5LOGIN — This setting is applicable for Device authentication only. This setting allows a user to log in with a specific role, asoutlined here. For the Supervisor role, enable the “Supervisor Role” setting. Log out by right-clicking the device in EnerVistaand selecting the Disconnect option.Whenever a new role is logged in, the user is prompted to enter a password. Passwords must obey the requirementsspecified earlier in the chapter in the Password Requirements section.The UR device supports five roles. Roles have theircorresponding passwords, except the Observer role, which does not require a password.The roles are defined as follows:• Administrator — Complete read/write access to all settings and commands. This role does not allow concurrentaccess. This role has an operand to indicate when it is logged on.• Engineer — Complete read/write access to all settings and commands except configuring Security settings andfirmware upgrades. This role does not allow concurrent access.• Operator — The Operator has read/write access to all settings under the Commands menu/section. This role does notexist offline.• Supervisor — This is only an approving role. This role’s authentication commits setting changes submitted byAdministrator or Engineer. The Supervisor role authenticates to unlock the UR relay for setting changes and notapprove changes after the fact. Only a Supervisor can set the Settings Lock and Firmware Lock in the Securitysettings. This role also has the ability to forcefully log off any other role and clear the security event log. This role canalso be disabled, but only through a Supervisor authentication. When this role is disabled its permissions are assignedto the Administrator role.• Observer — This role has read-only access to all G30 settings. This role allows unlimited concurrent access but it hasno download access to any files on the device. Observer is the default role if no authentication has been done to thedevice. This role displays as "None" on the front panel. When local authentication is used, no password is required forthis role. When RADIUS server authentication is used, a password is required.Change local passwordsSETTINGS PRODUCT SETUP SECURITY CHANGE LOCAL PASSWORDSThe menu is shown on the front panel upon successful login of the Administrator role.The LOGIN setting in this menu is similar to that described in SETTINGS > PRODUCT SETUP > SECURITY except for the factoryrole.Passwords are stored in text format. No encryption is applied. RESTORE DEFAULTSSee page 5-21 SUPERVISORYSee page 5-21 SYSLOG IP ADDRESS:0.0.0.0Range: 0.0.0.0, 255.255.255.255 SYSLOG PORT NUMBER:514Range: 1 to 65535The Factory service role is not available. It is for factory use only.The Local Access Denied message on the front panel can mean that you need to log in to the UR in order tocomplete the action. CHANGE LOCAL PASSWORDS LOGIN:NoneRange: 20 alphanumeric characters NEW PASSWORD: Range: 20 alphanumeric characters CONFIRM PASSWORD: Range: 20 alphanumeric characters
