Skip to content

Predefined Permission Sets

Predefined Platform permission sets are created upon installation of IFS Cloud. These should not be modified, but rather, new custom roles can be created as necessary to grant Application functionality and objects. It is recommended to use functional roles and end user roles in a hierarchy. See section below for more information.

Permission Set Description
FND_WEBRUNTIME Role needed for a user to logon to IFS Aurena.
FND_WEBENDUSER_MAIN Role that contains framework functionality for IFS Aurena for a user. FND_WEBRUNTIME is granted this role. This role is a basic end user role for all IFS Aurena main users.
FND_WEBENDUSER_B2B Role that contains framework functionality for IFS Aurena for a Business to Business (B2B) user. FND_WEBRUNTIME is granted this role. This role is a basic end user role for all IFS Aurena B2B users.
FND_ADMIN Role needed for a user to be an administrator of IFS Platform. FND_WEBENDUSER_MAIN, FND_WEBENDUSER_B2B and FND_CUSTOMIZE are granted to this role.
FND_PRINTSERVER Role needed for a user to run IFS Print Agent.
FND_CONNECT Role needed for a user to run IFS Connect framework.
FND_ANONYMOUS Role needed for a user to use Anonymous Gateway. Granted activity AnonymousAccess. Used by predefined user IFSANONYMOUS.
FND_DEVELOPER This role is for users that are developing IFS Applications. It gives rights to for instance debugging and analyzing functionality. Developers using IFS Developer Studio also need this role.
FND_CUSTOMIZE Role needed for customizing clients.
FNDMIG_EXCEL_ADMIN Grants the user access to use the IFS Data Migration Excel Addin.
AURENA_NATIVE_ADMIN Role needed for a user to be an administrator of IFS Cloud Mobile. FND_RUNTIME is granted to this role.
AURENA_NATIVE_RUNTIME Role needed for a mobile user to logon and run a mobile app. FND_RUNTIME is granted to this role.
FND_AURENA_NATIVE_SYSTEM Role needed for IFS Cloud Mobile System User
FND _AURENA_NATIVE_SYNC_TRACE Role needed for mobile app end user to enable synchronization traces.
FND_QUICK_REPORTS Role needed for creating and publishing Quick Reports.
FND_MONITORING Required grants to query application monitoring results.
FNDSCH_WEBSERVICE Role needed for IFS Planning and Scheduling Optimization to broadcast messages to IFS Cloud. FND_WEBRUNTIME is granted to this role.
FNDSCH_RUNTIME Role needed for IFS Planning and Scheduling Optimization Workbench users
FNDSCH_ADMIN Role needed for IFS Planning and Scheduling Optimization Workbench Administrator users
FND_REM_ASST_ADMIN Required grants of all the RA admin projections and Actions
FND_REM_ASST_ENDUSER Required grants of all the enduser related Projections and Actions
FND_REM_ASST_SERVICE Required grants of RA service user
FND_SCIM_ADMIN Role used for handling SCIM container requests
FND_DSS_ASST_ADMIN Required grants of all the Digital Signature admin Actions
FND_DSS_ASST_ENDUSER Required grants of all the enduser related Actions for Digital Signature
FND_DSS_ASST_SERVICE Required grants of Digital Signature service user
FND_DCAT_ADMIN Required grants for Data Catalog admin user
FND_DCAT_USER Required grants for Data Catalog user
FND_SYNC Required grants for Data Synchronization service user
FND_SYNCADMIN Required grants for Data Synchronization admin user
FND_CLOUD_DMM Role needed for data migration manager admin actions.

Several of the roles above include component specific sub roles, like FND_ADMIN_FNDMIG, FND_ADMIN_FNDSCH are included in FND_ADMIN, FND_DEVELOPER_FNDDEV is included in FND_DEVELOPER, etc. These are functional roles and should normally not be granted to any other role or user then their master role, i.e. to FND_ADMIN and FND_DEVELOPER.

The following predefined permission sets are obsolete and will no longer contain predefined grants or grant methods delivered with an installation of IFS Applications:

IFS_ADMIN, IFS_APPLICATION, IFS_CONNECT, IFSAPP_NORMAL, FND_MOBILE_ADMIN, FND_MOBILE_RUNTIME, FND_NORMAL, FND_ENDUSER and FND_RUNTIME

Environments upgraded from previous IFS Cloud will still contain these roles and grants. We recommend cleaning up these obsolete roles/grants to avoid confusion.

Note :The permission set SDT_CLOUD_FULL, STD_CLOUD_MIG_FULL, DMM_CLOUD_MIG_FULL are obsolete new permission set FND_CLOUD_DMM and DMM_CLOUD_FULL have been introduced. view

Read about how to