RBAC

Introduction

Role-based access control (RBAC) is a method for reducing the risk of cyber security attacks by assigning different levels of access that are based on the access privileges associated with a user's defined role.

The BMENOR2200H module uses RBAC to provide defined levels of access for users. RBAC is predefined according to IEC 62351-2, but it is also configurable according to user requirements.

These threats are defined by IEC 62351-2:

spoofing
modification
replay
eavesdropping (on the exchange of cryptographic keys)

Limitations

The maximum number of active web server user connections is 5.
Observe theses maximums for the number of DNP3 users that can participate in key management configuration:
- DNP3 SAv2: 10
- DNP3 SAv5: 64

RBAC Workflow

This is the global RBAC workflow:

Stage	Description
1	Access the RBAC management page.
2	Create a new USER and assign a role from list.
3	Enter and confirm a password.
4	Submit the RBAC configuration.
5	Access the slave key management page for DNP3 secure authentication.
6	Pick a USER from the slave user table for RBAC management.
7	Enter the other security settings for the DNP3 secure authentication version.

NOTE: A single user is now active (master only).

Available Functionality

This table shows the available functionalities for each value and its corresponding name:

Value	Name	DNP3 Protocol		Firmware	Web Page Settings		FTP	HTTPS
Value	Name	Monitor Data	Operator Control	Upgrade	Security	Diagnostic	Data Logging Server	Web Login Server
1	OPERATOR	✔	✔			✔	✔	✔
2	ENGINEER	✔				✔	✔	✔
3	INSTALLER	✔		✔		✔		✔
4	SECADM				✔	✔		✔
32768	SINGLEUSER (COMMON)	✔	✔					X