This document is written to give system administrators and installation technicians a quick introduction to the Foundation1 System Privileges concepts in IFS Applications.
System privileges are used to grant a user the necessary rights to use a specific functionality, unrelated to data or method authorization. Foundation1 defines five different system privileges:
It is not possible to create or modify system privileges. In general a system
privilege gives elevated authority in the system and should be used very
carefully.
These are the existing system privileges and their usage.
Privilege | Purpose |
---|---|
ADMINISTRATOR | This system privilege lets the logged on user act as Appowner, with the exception of method security. This system privilege also gives the user the ability to see more, but not necessarily all, data. This privilege is granted to the FND_ADMIN permission set. This is a very high privilege and should be used with care. |
CONNECT | Any user that wants to access IFS Applications through an
IFS Client must have Connect system privilege. It is possible to access IFS
Applications methods from non IFS Clients, like SQLPlus, without having this
privilege. Allow access to IFS Middleware Server activities and services. Without this privilege a user will never reach any backend method at all (will return a HTTP 401 Unauthorized response). |
IMPERSONATE USER | Allow the authenticated user the possibility to impersonate (run as) some other user. This is a very high privilege and should be used with care. |
DEFINE SQL | Allows the user to enter SQL statements that should be executed by the application through some system service. This is a very high privilege and should be used with care. With the ability to define SQL the user can add or change SQL statements that defines what data to retrieve from the system. A user with this privilge will therefore get access to any data that can be reached through database views. |
DEBUGGER | This privilege gives ability to get server debug stack trace in the IFS Enterprise Explorer debug console |
Detailed information about system privileges
System privilege | Used in |
---|---|
ADMINISTRATOR | Methods
Views
|
DEFINE SQL | Services
|
System privileges are always granted to permission sets, never directly to users. Use IFS Solution Manager to administrate permission sets and the system privileges granted.