Skip to content

Permission Sets

A Permission Set groups several privileges and other Permission Sets, so that they can be granted to and revoked from users simultaneously. Privileges are always granted to users through Permission Sets.

Note: Permission Set is also referred to as FndRole.

Premission Set

A permission set is a collection of several privileges. It contains grants for Projections, Quick reports, Database tasks, Lobbies and Workflows. Further possible to set a System Privilege that grants a user the necessary rights to use a specific functionality. A permission set can grant to another permission set and vice versa. Hence it contains a structure.

Predefined Permission Sets in Platform

Predefined Platform permission sets are created upon installation of IFS Cloud. These should not be modified, but rather, new custom roles can be created as necessary to grant Application functionality and objects. It is recommended to use functional roles and end user roles in a hierarchy. See section below for more information.

Permission Set Description
FND_WEBRUNTIME Role needed for a user to logon to IFS Aurena.
FND_WEBENDUSER_MAIN Role that contains framework functionality for IFS Aurena for a user. FND_WEBRUNTIME is granted this role. This role is a basic end user role for all IFS Aurena main users.
FND_WEBENDUSER_B2B Role that contains framework functionality for IFS Aurena for a Business to Business (B2B) user. FND_WEBRUNTIME is granted this role. This role is a basic end user role for all IFS Aurena B2B users.
FND_ADMIN Role needed for a user to be an administrator of IFS Platform. FND_WEBENDUSER_MAIN, FND_WEBENDUSER_B2B and FND_CUSTOMIZE are granted to this role.
FND_PRINTSERVER Role needed for a user to run IFS Print Agent.
FND_CONNECT Role needed for a user to run IFS Connect framework.
FND_ANONYMOUS Role needed for a user to use Anonymous Gateway. Granted activity AnonymousAccess. Used by predefined user IFSANONYMOUS.
FND_DEVELOPER This role is for users that are developing IFS Applications. It gives rights to for instance debugging and analyzing functionality. Developers using IFS Developer Studio also need this role.
FND_CUSTOMIZE Role needed for customizing clients.
FNDMIG_EXCEL_ADMIN Grants the user access to use the IFS Data Migration Excel Addin.
AURENA_NATIVE_ADMIN Role needed for a user to be an administrator of Aurena Native. FND_RUNTIME is granted to this role.
AURENA_NATIVE_RUNTIME Role needed for a mobile user to logon and run a Aurena Native Apps application. FND_RUNTIME is granted to this role.
FND_AURENA_NATIVE_SYSTEM Role needed for IFS Aurena System User
FND _AURENA_NATIVE_SYNC_TRACE Role needed for IFS Aurena Native end user to enable synchronization traces.
FND_QUICK_REPORTS Role needed for creating and publishing Quick Reports.
FND_MONITORING Required grants to query application monitoring results.
FNDSCH_WEBSERVICE Role needed for IFS Planning and Scheduling Optimization to broadcast messages to IFS. FND_RUNTIME is granted to this role.
FNDSCH_RUNTIME Role needed for IFS Planning and Scheduling Optimization Workbench users
FNDSCH_ADMIN Role needed for IFS Planning and Scheduling Optimization Workbench Administrator users
FND_REM_ASST_ADMIN Required grants of all the RA admin projections and Actions
FND_REM_ASST_ENDUSER Required grants of all the enduser related Projections and Actions
FND_REM_ASST_SERVICE Required grants of RA service user
FND_SCIM_ADMIN Role used for handling SCIM container requests

The following predefined permission sets are obsolete and will no longer contain predefined grants or grant methods delivered with an installation of IFS Applications:

IFS_ADMIN, IFS_APPLICATION, IFS_CONNECT, IFSAPP_NORMAL, FND_MOBILE_ADMIN, FND_MOBILE_RUNTIME, FND_NORMAL, FND_ENDUSER and FND_RUNTIME

Environments upgraded from previous IFS Cloud will still contain these roles and grants. We recommend cleaning up these obsolete roles/grants to avoid confusion.

Read about how to