Permission Sets in IFS Aurena

The foundation for Permission Sets in Aurena are grants of Projections, Lobby Pages, Reports and System Privileges. A Permission Set structure also makes it possible to grant Permission Sets to another.

Permission Set Concepts, Expressions and Terms

Permission Sets in IFS Aurena has concepts, expressions and terms which purpose is to visualize and simplify the Permission Set management.

Legacy Grants

This indicates if a Permission Set has grants for to IFS Enterprise Explorer, which can only be seen or edited in that client.

Security Objects that currently counts as Legacy:

Limited Task User (LTU)

A LTU Permission Set only allows editing of the Projections that was delivered with the Permission Set. It can be granted to Users.

Additional Task User (ATU)

An ATU Permission Set cannot be edited. It can be granted to Users and other Permission Sets in a Grant Structure

IFS Managed

Permission Sets with this badge cannot be changed in anyway except from adding/removing Users to them. They are predefined by IFS and can be subject to change, for example in an update.

All Permission Sets prefixed with FND are considered IFS Managed.

Projections and APIs

An API (application programming interface) is an access point for retrieving and posting data. It acts as a layer between the server and database on one side and a client on the other side. A web-API is accessible using a normal browser or other applications that can send http-requests.

The IFS Projection is a self-contained web-API which implements a defined business function. It describes data types, data sources and functions that can be utilized from the API. It is also the main point for security settings. It is in this layer that it is decided what data to return and which actions that are allowed.

The IFS Aurena client communicates with the database through Projections(APIs). The pages in IFS Aurena depend on Projections for retrieval of data and to perform actions. When granting access to a Projection all client pages using that projection will become available.

Access Level

Projections can have four different Access Levels in relation to a Permission Set: None, Read-Only, Custom and Full.

Read-Only Access Level Full Access Level Custom Access Level None Access Level

A Read-Only Projection grant allows a User granted the Permission Set to read from all data sources and invoke all functions of a Projection. It also makes pages using the Projection available to the User. Projections that only contains readable data, like functions, will always be shown as Read-Only.

A Full grant not only allows read access from data sources and functions but also create, update and delete access to all data sources of the projection and possibility to invoke all actions exposed by the projection.

A Projection can only be read-authorized as a single unit but can be write-authorized on individual action level (Create, Update, Delete and Custom Actions). A Projection that is granted, but has edited Action grants between Full and Read-Only is considered Custom

For example: A Projection that was granted Full had a Projection Action revoked. The Projection is now considered to have the Access Level Custom.

Access Level None indicates that the Projection is currently not granted to the Permission Set.

No of Pages

The number of pages depending on a Projection can vary. An indication is given by this badge that can have the following values

Aurena Client Pages and granting

Pages are granted through there respective Projection. When granting access to a Projection all client pages using that projection will become available.

Badges for Currently Available and Will be Available will show up in Assistant when managing Projection Grants by Pages. These indicate what the state of the pages will be after completing the Assistant.

Not all pages are shown in the navigator menu, like the Manage by Page assistant. Some pages are only available through commands or other workflows. The badge In Navigator shows whether a page is in the navigator menu or not.

Lobby Pages

Information on Lobby Pages can be found here

Reports

Information on Reports can be found here:

System Privileges

Read more about the concept of System Privileges here.

Permission Set Structure

The total permissions of a Permission Set is the sum of permissions granted directly to the Permission Set and all permissions granted indirectly through other Permission Sets granted to the Permission Set.

Example of Permission Set Structure

In the above example Permission Set A would include all the permissions from Permission Sets B, C, D and E. It is not possible to create a circular grant, where a Permission Set in someway gets granted to itself.