This document is written to give system administrators and installation technicians a quick introduction to the System Privileges concepts in IFS Cloud.
System privileges are used to grant a user the necessary rights to use a specific functionality, unrelated to data or method authorization.
- IMPERSONATE USER
- DEFINE SQL
It is not possible to create or modify system privileges. In general a system privilege gives elevated authority in the system and should be used very carefully.
Defined system privileges
These are the existing system privileges and their usage.
|ADMINISTRATOR||This system privilege lets the logged on user act as Appowner, with the exception of method security. This system privilege also gives the user the ability to see more, but not necessarily all, data. This privilege is granted to the FND_ADMIN permission set. This is a very high privilege and should be used with care.|
|CONNECT||Any user that wants to access IFS Cloud through an IFS Client must have Connect system privilege. It is possible to access IFS Applications methods from non IFS Clients, like SQLPlus, without having this privilege.
Allow access to IFS Middleware Server activities and services. Without this privilege a user will never reach any backend method at all (will return a HTTP 401 Unauthorized response).
|IMPERSONATE USER||Allow the authenticated user the possibility to impersonate (run as) some other user. This is a very high privilege and should be used with care.|
|DEFINE SQL||Allows the user to enter SQL statements that should be executed by the application through some system service. This is a very high privilege and should be used with care. With the ability to define SQL the user can add or change SQL statements that defines what data to retrieve from the system. A user with this privilge will therefore get access to any data that can be reached through database views.|
|DEBUGGER||This privilege gives ability to get server debug stack trace in the IFS Cloud debug console|
Detailed information about system privileges
|System privilege||Used in|
Granting system privileges to users
System privileges are always granted to permission sets, never directly to users. Use IFS Solution Manager to administrate permission sets and the system privileges granted.