Permission Sets

A Permission Set groups several privileges and other Permission Sets, so that they can be granted to and revoked from users simultaneously. Privileges are always granted to users through Permission Sets.

Note: Permission Set is also referred to as FndRole and have a one-to-one mapping to Oracle Role in the database.

Contents

Oracle Roles

When installing Oracle database software Oracle creates several roles for varying functions, see Oracle database documentation for full description. It is recommended that these predefined Oracle roles are left as they are and that any new roles that are created should grant Application functionality and/or objects to the desired users. Example of such predefined Oracle roles are CONNECT, DBA, RESOURCE, EXP_FULL_DATABASE, IMP_FULL_DATABASE, JAVA_ADMIN, etc.

Predefined Roles in Foundation1

Predefined Foundation1 roles are created upon installation of IFS Applications. Predefined Foundation1 Roles should not be modified, but rather, new custom roles can be created as necessary to grant Application functionality and objects. It is recommended to use functional roles and end user roles in a hierarchy. See section below for more information.

Note! Predefined roles in Foundation1 and in Oracle should not be modified in the security administration tools, nor handled by using the import and export tool. One reason for this is limitations regarding internal packages, see Reference manual for details.

Role Description
FND_RUNTIME Role needed for a user to logon to IFS Enterprise Explorer.
FND_WEBRUNTIME Role needed for a user to logon to IFS Aurena.
FND_ENDUSER Role that contains grants to all of the Foundation1 forms that by default are included in all executables. FND_RUNTIME is granted to this role. This role is in most cases to be seen as the basic functional role for all IFS Enterprise Explorer users.
FND_WEBENDUSER_MAIN Role that contains framework functionality for IFS Aurena for a user. FND_WEBRUNTIME is granted this role. This role is a basic end user role for all IFS Aurena main users.
FND_WEBENDUSER_B2B Role that contains framework functionality for IFS Aurena for a Business to Business (B2B) user. FND_WEBRUNTIME is granted this role. This role is a basic end user role for all IFS Aurena B2B users.
FND_ADMIN Role needed for a user to be an administrator of IFS Foundation1. FND_ENDUSER, FND_WEBENDUSER_MAIN, FND_WEBENDUSER_B2B and FND_CUSTOMIZE are granted to this role.
FND_PRINTSERVER Role needed for a user to run IFS Print Agent.
FND_CONNECT Role needed for a user to run IFS Connect framework.
FND_PLSQLAP Role needed for IFS PL/SQL Access Provider user.
FND_DEVELOPER This role is for users that are developing IFS Applications. It gives rights to for instance debugging and analyzing functionality. Developers using IFS Developer Studio also need this role.
FND_CUSTOMIZE Role needed for customizing clients.
FNDMIG_EXCEL_ADDIN Grants the user access to use the IFS Data Migration Excel Addin.
TOUCHAPPS_ADMIN Role needed for a user to be an administrator of Touch Apps. FND_RUNTIME is granted to this role.
TOUCHAPPS_RUNTIME Role needed for a mobile user to logon and run a Touch Apps application. FND_RUNTIME is granted to this role.
FND_TOUCHAPPS_CONFIG Role needed for a user to register push notifications for mobile users and to load Aurena Native Apps configuration into the IFS Middleware Server. FND_RUNTIME is granted to this role. Used by predefined user IFSMOBILITY.
FND _TOUCHAPPS_SYNC_TRACE Role granted to a mobile user when synchronization traces are enabled.
FND_QUICK_REPORTS Role needed for creating and publishing Quick Reports.
FND_MONITORING Required grants to query application monitoring results.
FNDSCH_WEBSERVICE Role needed for IFS Planning and Scheduling Optimization to broadcast messages to IFS. FND_RUNTIME is granted to this role.
FNDSCH_RUNTIME Role needed for IFS Planning and Scheduling Optimization Workbench users
FNDSCH_ADMIN Role needed for IFS Planning and Scheduling Optimization Workbench Administrator users

Structure for Predefined Roles in Foundation1

The predefined roles in Foundation1 are internally granted in the following hierarchy:

This is to be considered when administrating security. I.e. it is not necessary to grant more than one of the predefined roles to any end user or application role, since they are contained in each other.

Obsolete Roles in Foundation1

The following predefined roles are obsolete and will no longer contain predefined grants or grant methods delivered with an installation of IFS Applications:

IFS_ADMIN, IFS_APPLICATION, IFS_CONNECT, IFSAPP_NORMAL, FND_MOBILE_ADMIN, FND_MOBILE_RUNTIME and FND_NORMAL

Environments upgraded from previous IFS Applications will still contain these roles and grants. We recommend cleaning up these obsolete roles/grants to avoid confusion.

Links

Read about how to