5-20 L30 Line Current Differential System GE Multilin5.2 PRODUCT SETUP 5 SETTINGS5SupervisoryPATH: SETTINGS PRODUCT SETUP SECURITY SUPERVISORYThe Supervisory menu settings are available for Supervisor role only or if the Supervisor role is disabled then for theAdministrator role only.DEVICE AUTHENTICATION: This setting is enabled by default, meaning "Yes" is selected. When enabled, Device Authen-tication with roles is enabled. When this setting is disabled, the UR only authenticates to the AAA server (Radius). How-ever, the Administrator and Supervisor (when enabled) remain active even after device authentication is disabled and theironly permission is to re-enable device authentication. To re-enable device authentication, the Supervisor unlocks thedevice for setting changes, then the Administrator re-enables device authentication.BYPASS ACCESS: The bypass security feature provides an easier access, with no authentication and encryption for thosespecial situations when this is considered safe. Only the Supervisor, or the Administrator when the Supervisor role is dis-abled, can enable this feature.The bypass options are as follows:• Local — Bypasses authentication for push buttons, keypad, RS232, and RS485• Remote — Bypasses authentication for Ethernet• Local and Remote — Bypasses authentication for push buttons, keypad, RS232, RS485, and EthernetWhen CyberSentry is enabled, Modbus communications over Ethernet is encrypted, which is not always tolerated bySCADA systems. The UR has the Bypass Access feature for such situations, which allows unencrypted Modbus overEthernet. Setting it to "Remote" ensures no authentication is required over Ethernet and Modbus communication is unen-crypted. Only a Supervisor or Administrator (if Supervisor role is disabled) can enable this feature. Note that other protocols(DNP, 101, 103, 104, EGD) are not encrypted, and they are good communications options for SCADA systems whenCyberSentry is enabled.LOCK RELAY: This setting uses a Boolean value (Enable/Disable) to indicate if the device accepts setting changes andwhether the device can receive a firmware upgrade. This setting can be changed only by the Supervisor role, if it is enabledor by the Administrator if the Supervisor role is disabled. The Supervisor role enables this setting for the relay to startaccepting setting changes or command changes or firmware upgrade. After all the setting changes are applied or com-mands executed, the Supervisor disables to lock setting changes. SUPERVISORYDEVICEAUTHENTICATION:YesRange: Yes, NoMESSAGE BYPASS ACCESS:DisabledRange: Local, Remote, Local and Remote, DisabledMESSAGE LOCK RELAY:DisabledRange: Enabled, DisabledMESSAGE FACTORY SERVICE:MODE: DisabledRange: Enabled, DisabledMESSAGE SELF TESTS See belowMESSAGE SUPERVISOR ROLE:DisabledRange: Enabled, DisabledMESSAGE SERIAL INACTIVITYTIMEOUT: 1 minRange: 1 to 9999 minutesMODE FRONT PANEL OR SERIAL (RS232, RS485) ETHERNETNormal mode Authentication — Role Based Access Control (RBAC)and passwords in clearAuthentication — RBAC and passwords encryptedSSH tunnelingBypass access mode No passwords for allowed RBAC levels No passwords for allowed RBAC levelsNo SSH tunneling
