Users

A quick introduction of the IFS Applications user concept for system administrators and installation technicians.

Contents

Foundation1 Users

To be able to logon to IFS Applications you need to be a Foundation1 User. IFS Applications has its own User Registry in the database where all users need to be registered.

Most business logic authorization rules are mapped to the Foundation1 User.

Oracle Users

If Database Authentication is used then the Foundation1 User also must be an active Oracle User. This is done by a one to one mapping on name between the Foundation1 user and the Oracle database user.
If external Open ID Connect Providers (such as ADFS or Azure AD) are used, then the Foundation1 user must be mapped to the corresponding user identity in the external user registry. This mapping happens using the directory-id field of the fnd_user_tab.

There are also a few other Oracle users that are of great importance to IFS Applications, see Special Users in IFS Applications.

Special users and service users used for integrations does not have to be mapped to a corresponding user identity in the external user registry.

Special Users in IFS Applications

There are some "users" which are not mapped to actual end-users (as in humans) but only for technical purposes. These users all have some elevated privileges and should be considered security critical.

User Name Purpose Special privileges
Application owner
Appowner
Any name, but often called <IFSAPP> Provides views, tables, packages methods for IFS Applications. Database schema owner.
Grants on SYS views and system privileges grants.
IFS System User IFSSYS IFS Middleware Server always connects to the database as user IFSSYS. SELECT on all views,
EXECUTE on all methods,
SELECT, UPDATE, INSERT on tables with LOB columns
IAL Owner Any name, but often called <IFSINFO> Owner of all created IAL objects used for reporting and statistics for end-users. SELECT on all views
Oracle System user SYS and SYSTEM The System accounts for the database, owns or is granted most Oracle internal tables.

Some installation steps must be run as SYS.

Has privileges to perform anything in the database

Pre-defined Foundation1 users

IFS Applications comes with a few pre-defined accounts that are granted pre-defined roles. These accounts are created during installation and are locked by default. Information about how to unlock and set these pre-defined users passwords can be found in Create Foundation1 Users / Set passwords. These Foundation1 users should always be mapped to an active Oracle user. These users must not be mapped to external user registries even if an external user registry (for example ADFS, Azure AD) is used for interactive user authentication.

User Purpose Role
IFSADMIN Used to administrate IFS Applications using IFS Solution Manager, especially right after installation when no other user accounts have yet been created. FND_ADMIN
IFSPRINT Used by the IFS Report Formatter. FND_PRINTSERVER
IFSPLSQLAP Used to authenticate PL/SQL Access Provider calls to IFS Middleware Server. FND_PLSQLAP
IFSCONNECT Used by IFS Connect FND_CONNECT
IFSMOBILITY Used by the IFS Touch Apps framework for registering push notifications and for loading Aurena Native Apps configuration into the IFS Middleware Server. FND_TOUCHAPPS_CONFIG
IFSSCHEDULING Used by the IFS PSO Integration framework to send/receive scheduling data with IFS PSO (Planning and Scheduling Optimization) FNDSCH_WEBSERVICE
IFSSYNC Used by the Data Synchronization functions. This user is used to configure the required environment setups and also to route data among sites. FND_SYNC
IFSMONITORING Used by the IFS System Monitoring functions. FND_MONITORING

Special Users for IFS Aurena Native Apps

For some IFS Aurena Native Apps there are some "users" which are not mapped to actual end-users (as in humans). These users have no elevated privileges and are used to collect data that is to be synchronized to the mobile users for the IFS Aurena Native Apps. These users should not be set active or used for any purpose othat than that which they are intended so to not be considered a security risk.

User Name Purpose
Grouped Push User for IFS Aurena Native App IFS<APP_NAME> Used by the Grouped Push functionality in IFS Aurena Native Apps to collect data that will be sent to the mobile users.
AA Grouped Push User will be created for each IFS Aurena Native App that is deployed into the environment that has at least one entity defined in Synchronization Rules with Grouped Push as the Delivery Method. For these entities the Grouped Push User must have access to all business roles that are used to filter the data to the mobile users. These business roles could be access to all Companies and/or Sites that will be used by the mobile users running the IFS Aurena Native App.