IEC 62351-8-2020 pdf free download

IEC 62351-8-2020 pdf free download.Power systems management and associated information exchange — Data and communications security — Part 8: Role-based access control for power system management
Gestion des systèmes de puissance et échanges d’informations associés — Securite des communications et des donnees — Partie 8: Contrôle d’accès base sur les roles pour Ia gestion de systèmes de uissance.
— Subjects include human users, automated systems, and software applications. Examples in the power management system domain include John Doe, SCADA system, outage management system, power flow application in an EMS, maintenance test application in a maintenance laptop.
— Roles are associated with job functions within the context of an organization with some semantics associated regarding the authority and responsibility conferred on the subjects assigned to the role. Examples include transmission system operator, power scheduler, RTU maintenance, protection engineering.
— Sessions are the mapping of one subject to one or possibly many roles, thus indicating which roles a subject is allowed to take on. Each session is associated with a single subject and each subject is associated with one or more roles. One example is a human user allowed to to be a system operator, a power scheduler, or a supervisor. Another example is a power flow application allowed to access a real-time dataset or to access a set of historical data in a database.
— Actions are operations on objects that can be permitted or denied. Examples include read or write on data objects.
— Permissions are the actions that are assigned to specific objects (resources). Examples include viewing data (information on a screen), reading data (monitoring data, downloading documents), writing data (setting parameters, updating protection settings, updating assignment of subjects to roles), issuing control commands (issue trip command, enable function), configuring (updating firmware), and managing files (create and delete files)
— Objects separate the different actions that may be invoked. Examples include protective relays that separate the actions (read) for reading protective parameters, for updating (write) protective parameters, and for configuring the firmware.
The arrows in Figure 2 indicate relationships (e.g., a subject can be assigned to one or more roles, and a role can be assigned to one or more subjects). This provides great flexibility and granularity in assigning permission to roles and subjects to roles to realize the least priviledge principle. Without these options, there is a danger that a subject may be granted more access to resources than is needed because of limited control over the type of access that can be associated with subjects and resources.IEC 62351-8-2020 pdf free download.