Permission Sets¶
A Permission Set groups several privileges and other Permission Sets, so that they can be granted to and revoked from users simultaneously. Privileges are always granted to users through Permission Sets.
Note: Permission Set is also referred to as FndRole.
Premission Set¶
A permission set is a collection of several privileges. It contains grants for Projections, Quick reports, Database tasks, Lobbies and Workflows. Further possible to set a System Privilege that grants a user the necessary rights to use a specific functionality. A permission set can grant to another permission set and vice versa. Hence it contains a structure.
Predefined Permission Sets in Platform¶
Predefined Platform permission sets are created upon installation of IFS Cloud. These should not be modified, but rather, new custom roles can be created as necessary to grant Application functionality and objects. It is recommended to use functional roles and end user roles in a hierarchy. See section below for more information.
Permission Set | Description |
---|---|
FND_WEBRUNTIME | Role needed for a user to logon to IFS Aurena. |
FND_WEBENDUSER_MAIN | Role that contains framework functionality for IFS Aurena for a user. FND_WEBRUNTIME is granted this role. This role is a basic end user role for all IFS Aurena main users. |
FND_WEBENDUSER_B2B | Role that contains framework functionality for IFS Aurena for a Business to Business (B2B) user. FND_WEBRUNTIME is granted this role. This role is a basic end user role for all IFS Aurena B2B users. |
FND_ADMIN | Role needed for a user to be an administrator of IFS Platform. FND_WEBENDUSER_MAIN, FND_WEBENDUSER_B2B and FND_CUSTOMIZE are granted to this role. |
FND_PRINTSERVER | Role needed for a user to run IFS Print Agent. |
FND_CONNECT | Role needed for a user to run IFS Connect framework. |
FND_ANONYMOUS | Role needed for a user to use Anonymous Gateway. Granted activity AnonymousAccess. Used by predefined user IFSANONYMOUS. |
FND_DEVELOPER | This role is for users that are developing IFS Applications. It gives rights to for instance debugging and analyzing functionality. Developers using IFS Developer Studio also need this role. |
FND_CUSTOMIZE | Role needed for customizing clients. |
FNDMIG_EXCEL_ADMIN | Grants the user access to use the IFS Data Migration Excel Addin. |
AURENA_NATIVE_ADMIN | Role needed for a user to be an administrator of Aurena Native. FND_RUNTIME is granted to this role. |
AURENA_NATIVE_RUNTIME | Role needed for a mobile user to logon and run a Aurena Native Apps application. FND_RUNTIME is granted to this role. |
FND_AURENA_NATIVE_SYSTEM | Role needed for IFS Aurena System User |
FND _AURENA_NATIVE_SYNC_TRACE | Role needed for IFS Aurena Native end user to enable synchronization traces. |
FND_QUICK_REPORTS | Role needed for creating and publishing Quick Reports. |
FND_MONITORING | Required grants to query application monitoring results. |
FNDSCH_WEBSERVICE | Role needed for IFS Planning and Scheduling Optimization to broadcast messages to IFS Cloud. FND_WEBRUNTIME is granted to this role. |
FNDSCH_RUNTIME | Role needed for IFS Planning and Scheduling Optimization Workbench users |
FNDSCH_ADMIN | Role needed for IFS Planning and Scheduling Optimization Workbench Administrator users |
FND_REM_ASST_ADMIN | Required grants of all the RA admin projections and Actions |
FND_REM_ASST_ENDUSER | Required grants of all the enduser related Projections and Actions |
FND_REM_ASST_SERVICE | Required grants of RA service user |
FND_SCIM_ADMIN | Role used for handling SCIM container requests |
The following predefined permission sets are obsolete and will no longer contain predefined grants or grant methods delivered with an installation of IFS Applications:
IFS_ADMIN
, IFS_APPLICATION
, IFS_CONNECT
, IFSAPP_NORMAL
, FND_MOBILE_ADMIN
, FND_MOBILE_RUNTIME
, FND_NORMAL
, FND_ENDUSER
and FND_RUNTIME
Environments upgraded from previous IFS Cloud will still contain these roles and grants. We recommend cleaning up these obsolete roles/grants to avoid confusion.
Links¶
Read about how to