IEC 62351-8:20 20旨在促进电力系统管理中基于角色的访问控制（RBAC）。RBAC将人类用户、自动化系统和软件应用程序（在本文档中统称为“主体”）分配给指定的“角色”，并限制他们仅访问安全策略确定为其角色所必需的那些资源。 随着电力系统自动化程度的提高和网络安全问题的日益突出，确保对数据（读、写、控制等）的访问受到限制变得越来越重要。正如在安全性的许多方面一样，RBAC不仅仅是一种技术；这是一种经营企业的方式。RBAC不是一个新概念；事实上，它被许多操作系统用来控制对系统资源的访问。具体来说，RBAC提供了一种替代所有-或无超级用户模型，其中所有主体都可以访问所有数据，包括控制命令。 RBAC是满足最小特权安全原则的主要方法，该原则规定任何主体都不应被授权超过执行该主体任务所需的权限。使用RBAC，授权与身份验证是分开的。RBAC使组织能够细分超级用户功能，并将其打包到称为角色的特殊用户帐户中，以便根据特定个人的相关职责分配给他们。这种细分使安全策略能够确定允许谁或什么系统访问其他系统中的哪些数据。因此，RBAC提供了一种重新分配由组织策略定义的系统控制的方法。特别地，RBAC可以保护敏感的系统操作免受未授权用户的无意（或故意）动作的影响。显然，RBAC并不局限于人类用户；它同样适用于自动化系统和软件应用，即独立于用户交互操作的软件部分。 以下交互在范围内: -人类用户对对象的本地(直接有线)访问；通过本地和自动化计算机代理，或内置HMI或面板； -人类用户对对象的远程(经由拨号或无线介质)访问； -由远程自动化计算机代理远程(经由拨号或无线介质)访问对象，例如另一变电站处的另一对象、终端用户设施处的分布式能源或控制中心应用。 虽然本文档定义了一组要支持的强制角色，但已定义的特定或自定义角色的交换格式也在本文档的范围内。与本地和远程访问的角色和访问令牌的定义没有直接关系的所有主题都超出了本文档的范围，尤其是管理或组织任务。

IEC 62351-8: 2020 is to facilitate role-based access control (RBAC) for power system management. RBAC assigns human users, automated systems, and software applications (collectively called "subjects" in this document) to specified "roles", and restricts their access to only those resources, which the security policies identify as necessary for their roles.
As electric power systems become more automated and cyber security concerns become more prominent, it is becoming increasingly critical to ensure that access to data (read, write, control, etc.) is restricted. As in many aspects of security, RBAC is not just a technology; it is a way of running a business. RBAC is not a new concept; in fact, it is used by many operating systems to control access to system resources. Specifically, RBAC provides an alternative to the all-or-nothing super-user model in which all subjects have access to all data, including control commands.
RBAC is a primary method to meet the security principle of least privilege, which states that no subject should be authorized more permissions than necessary for performing that subject’s task. With RBAC, authorization is separated from authentication. RBAC enables an organization to subdivide super-user capabilities and package them into special user accounts termed roles for assignment to specific individuals according to their associated duties. This subdivision enables security policies to determine who or what systems are permitted access to which data in other systems. RBAC provides thus a means of reallocating system controls as defined by the organization policy. In particular, RBAC can protect sensitive system operations from inadvertent (or deliberate) actions by unauthorized users. Clearly RBAC is not confined to human users though; it applies equally well to automated systems and software applications, i.e., software parts operating independent of user interactions.
The following interactions are in scope:
– local (direct wired) access to the object by a human user; by a local and automated computer agent, or built-in HMI or panel;
– remote (via dial-up or wireless media) access to the object by a human user;
– remote (via dial-up or wireless media) access to the object by a remote automated computer agent, e.g. another object at another substation, a distributed energy resource at an end-user’s facility, or a control centre application.
While this document defines a set of mandatory roles to be supported, the exchange format for defined specific or custom roles is also in scope of this document.
Out of scope for this document are all topics which are not directly related to the definition of roles and access tokens for local and remote access, especially administrative or organizational tasks.