A Permission Set groups several privileges and other Permission Sets, so that they can be granted to and revoked from users simultaneously. Privileges are always granted to users through Permission Sets.
Note: Permission Set is also referred to as FndRole and have a one-to-one mapping to Oracle Role in the database.
When installing Oracle database software Oracle creates several roles for
varying functions, see Oracle database documentation for full description. It is
recommended that these predefined Oracle roles are left as they are and that any
new roles that are created should grant
Application functionality and/or objects to the desired users. Example of such predefined Oracle roles
are CONNECT
, DBA
, RESOURCE
, EXP_FULL_DATABASE
,
IMP_FULL_DATABASE
, JAVA_ADMIN
,
etc.
Predefined Foundation1 roles are created upon installation of IFS Applications. Predefined Foundation1 Roles should not be modified, but rather, new custom roles can be created as necessary to grant Application functionality and objects. It is recommended to use functional roles and end user roles in a hierarchy. See section below for more information.
Note! Predefined roles in Foundation1 and in Oracle should not be modified in the security administration tools, nor handled by using the import and export tool. One reason for this is limitations regarding internal packages, see Reference manual for details.
Role | Description |
---|---|
FND_RUNTIME | Role needed for a user to logon to IFS Enterprise Explorer. |
FND_WEBRUNTIME | Role needed for a user to logon to IFS Aurena. |
FND_ENDUSER | Role that contains grants to all of the Foundation1 forms that by default are included in all executables. FND_RUNTIME is granted to this role. This role is in most cases to be seen as the basic functional role for all IFS Enterprise Explorer users. |
FND_WEBENDUSER_MAIN | Role that contains framework functionality for IFS Aurena for a user. FND_WEBRUNTIME is granted this role. This role is a basic end user role for all IFS Aurena main users. |
FND_WEBENDUSER_B2B | Role that contains framework functionality for IFS Aurena for a Business to Business (B2B) user. FND_WEBRUNTIME is granted this role. This role is a basic end user role for all IFS Aurena B2B users. |
FND_ADMIN | Role needed for a user to be an administrator of IFS Foundation1. FND_ENDUSER, FND_WEBENDUSER_MAIN, FND_WEBENDUSER_B2B and FND_CUSTOMIZE are granted to this role. |
FND_PRINTSERVER | Role needed for a user to run IFS Print Agent. |
FND_CONNECT | Role needed for a user to run IFS Connect framework. |
FND_ANONYMOUS | Role needed for a user to use Anonymous Gateway. Granted activity AnonymousAccess. Used by predefined user IFSANONYMOUS. |
FND_PLSQLAP | Role needed for IFS PL/SQL Access Provider user. |
FND_DEVELOPER | This role is for users that are developing IFS Applications. It gives rights to for instance debugging and analyzing functionality. Developers using IFS Developer Studio also need this role. |
FND_CUSTOMIZE | Role needed for customizing clients. |
FNDMIG_EXCEL_ADDIN | Grants the user access to use the IFS Data Migration Excel Addin. |
TOUCHAPPS_ADMIN | Role needed for a user to be an administrator of Touch Apps. FND_RUNTIME is granted to this role. |
TOUCHAPPS_RUNTIME | Role needed for a mobile user to logon and run a Touch Apps application. FND_RUNTIME is granted to this role. |
FND_TOUCHAPPS_CONFIG | Role needed for a user to register push notifications for mobile users and to load Aurena Native Apps configuration into the IFS Middleware Server. FND_RUNTIME is granted to this role. Used by predefined user IFSMOBILITY. |
FND _TOUCHAPPS_SYNC_TRACE | Role granted to a mobile user when synchronization traces are enabled. |
FND_QUICK_REPORTS | Role needed for creating and publishing Quick Reports. |
FND_MONITORING | Required grants to query application monitoring results. |
FNDSCH_WEBSERVICE | Role needed for IFS Planning and Scheduling Optimization to broadcast messages to IFS. FND_RUNTIME is granted to this role. |
FNDSCH_RUNTIME | Role needed for IFS Planning and Scheduling Optimization Workbench users |
FNDSCH_ADMIN | Role needed for IFS Planning and Scheduling Optimization Workbench Administrator users |
The predefined roles in Foundation1 are internally granted in the following hierarchy:
This is to be considered when administrating security. I.e. it is not necessary to grant more than one of the predefined roles to any end user or application role, since they are contained in each other.
The following predefined roles are obsolete and will no longer contain predefined grants or grant methods delivered with an installation of IFS Applications:
IFS_ADMIN
, IFS_APPLICATION
, IFS_CONNECT
,
IFSAPP_NORMAL
, FND_MOBILE_ADMIN
,
FND_MOBILE_RUNTIME
and FND_NORMAL
Environments upgraded from previous IFS Applications will still contain these roles and grants. We recommend cleaning up these obsolete roles/grants to avoid confusion.
Read about how to