1. Field of the Invention
The present disclosure relates to power substations generally, and more particularly, to a new intelligent electronic device (“IED”) for use in power substation control systems and to methods for granting role-based access to the new IED.
2. Discussion of Related Art
Power substations include primary equipment, such as transformers, capacitor banks, and generators; and secondary equipment, such as cables, switches, relays, protective equipment, and control equipment. Primary equipment is located in the substation yard and controlled via (fiber-optic and/or metallic) cables. Providing all weather protection and security for the control equipment, a substation control house contains switchboard panels, batteries, battery chargers, supervisory control equipment, power-line carriers, meters, and relays. Located within the control house, the switchboard control panels contain meters, control switches, and recorders used to control the substation equipment, to send power from one circuit to another, or to open or close circuits when needed.
In the past, hundreds of discrete electro-mechanical and/or solid-state control devices were needed to monitor and manage the operation of a single substation's primary equipment. Recently, microprocessor-based devices, called intelligent electronic devices (“IEDs”), have become popular, not only because a single IED can be programmed and configured to monitor and manage a variety of substation equipment, but also because new substations constructed using IEDs cost less to construct than substations constructed using electro-mechanical and/or solid-state control devices. Properly positioned and configured, an IED can receive and relay status signals from primary equipment to a master computer located in the control house. Additionally, an IED can receive and relay command signals from the master computer to the primary equipment.
Today, many companies are forced to maintain multiple IEDs for a single piece of power equipment, where each IED performs a separate function (or group of functions), so that a user servicing one IED does not interfere with functions performed by another IED, which is serviced by different user. Such an approach is not only unnecessarily redundant, but also expensive. Although beneficial in many regards, consolidating multiple functions within a single IED has its drawbacks. One disadvantage is that two or more people, each of whom has different experience levels, different roles, different responsibilities, etc., will need to access the IED for different purposes. It is thus important that one user's work be restricted only to the hardware/software portions of the IED that control/perform the functions which the user is permitted to service. Another problem faced by industry is that, once an action has been carried out on the IED, the identity and/or role of the person who undertook the action, cannot be determined. Yet another problem is that the users accessing the IEDs periodically change employers, as well as roles (e.g., engineer, senior engineer, etc.), which makes implementing and managing a role-based access system difficult.
What is needed is a new IED, as well as methods and systems for implementing and managing role-based access (“RBAC”) to the IED that comply with ANSI INCITS 359-2004 Information technology—Role Based Access Control standard. “ANSI” refers to the American National Standards Institute. “INCITS” refers to the International Committee for Information Technology Standards. The 359-2004 standard describes RBAC features that have achieved acceptance in the commercial marketplace and is available on the Internet at http://webstore.ansi.org. The standard includes a reference model and functional specifications for the RBAC features defined in the reference model.