User roles - Arc protection - Bay control and measurement - Merging unit - Transformer protection - 2 winding - Feeder protection - Voltage regulation - Capacitor bank protection - Busbar differential protection (high impedance) - Back-up protection - Motor protection - Busbar protection (voltage and frequency) - Interconnection protection - Power management/Load shedding - Cyber Security Deployment Guideline - 620 series Relion Protection and Control - 2.0 FP1 IEC - IEC - 31.05.2023

620 series Cyber Security Deployment Guideline

Four user categories have been predefined for the LHMI and the WHMI, each with different rights and default passwords.

The default passwords in the protection relay delivered from the factory can be changed with Administrator user rights. Relay user passwords can be changed using LHMI, WHMI or the IED User Management tool in PCM600 and the user information is stored to the protection relay's internal memory.

If the relay-specific Administrator password is forgotten, ABB can provide a one-time reliable key to access the protection relay. For support, contact ABB. The recovery of the Administrator password takes a few days.

Note: User authorization is disabled by default for the LHMI and can be enabled with the Local override parameter via the LHMI path Main Menu > Configuration > Authorization > Passwords. WHMI always requires authentication. Changes in user management settings do not cause the protection relay to reboot. The changes are taken into use immediately after committing the changed settings on menu root level.
Table 1. Predefined user categories
Username User rights
VIEWER Read only access
OPERATOR
  • Selecting remote or local state with (only locally)
  • Changing setting groups
  • Controlling
  • Clearing indications
ENGINEER
  • Changing settings
  • Clearing event list
  • Clearing disturbance records
  • Changing system settings such as IP address, serial baud rate or disturbance recorder settings
  • Setting the protection relay to test mode
  • Selecting language
ADMINISTRATOR
  • All listed above
  • Changing password
  • Factory default activation

If the Remote override parameter from the Main menu > Configuration > Authorization > Passwords menu has been disabled, changes have to be made in the IED's object properties in PCM600. When the protection relay uses remote authentication, the activated user level and its password are required when the protection relay is configured using PCM600.

Table 2. Object properties to change
Object Properties field Value
Is Authentication Disabled False
Is Password used True
Password Write the correct password

When communicating with the protection relay with PCM600 tools and with the relay authentication enabled, the relay username and password must be given when prompted. When setting the technical key, the username and password must be given twice.

Tip: If the PCM600 authentication has been enabled in PCM600 System Settings, a relay user can be linked to the current PCM600 user by selecting the Remember me check box in the Login dialog. After that, the user credentials are no longer asked at tool communication as logging in PCM600 also provides the authentication credentials to the protection relay.
Note: When Remote override is disabled, also MMS clients need authentication using correct password.
Note: FTP always requires authentication.