Permission Sets is the base for administrating authorities in IFS Applications. A Permission Set is a set of permissions which you can grant to users to give them the authority to perform tasks like view or update certain information. There are different types of permissions like access to Database Objects, Activities, Services or System Privileges.
Read more about Security
Note: A Permission Set is also referred to as an FndRole. Read more about Permission Sets in the section About Roles.
Which Permission Sets that are granted to a user can be viewed and modified in the User form for a single user. To view or modify which Permission Sets is granted a user for several users at the same time is done in the Grant Permission Sets to Users form.
Navigate to this form from the Security Administration start page by clinking on the link Grant Permission Set to Users. You can also select a set of Users and invoke View Permission Sets or select a set of User Groups and invoke View Permission Sets.
A Permission Set is granted to the user if the checkbox in the intersection is set and revoked if not set. You can grant and revoke several Permission Sets to several users by using operations on the menu available when you right-click Permission Sets or Users. You can also just click in the checkboxes to set/unset the checkbox and thus grant /revoke the Permission Set to the user.
You can show the users in this form as a simple list in the left column or have them grouped by user group. Toggle these view modes by clicking on the toolbar button "View Grants by User" or "View Grants by User Group".
Export and Import of what permission sets are granted to what user can be done in this window. See Export and Import User Grants for details.
Additionally the information shown in this matrix can be exported to a csv file. Right-click and select Export to csv. The select users and permission sets will be exported to a file and a associated program to view csv files (like Excel) will be opened. The result is a matrix with the permission sets on the X axis and the users on the Y axis and a marker if granted or not. The markers can be be set in the Export to csv settings. Here you define what the granted marker should be for instance Yes, 1, Granted, X etc and the same for the revoked marker. By default the revoked marker shows as blank character. The exported data to csv is for view only and cannot be imported back through any built-in import functionality.
The Security Summary form shows which Presentation Objects in a selected Navigator that are granted to any of the Permission Sets listed in the form.
To view the Security Summary for a user, select a user in the Users form, right-click and select View Security Summary. All the Permission Sets that the user is granted and all Permission Sets that these Permission Sets are granted are shown in the list at the top. The navigator shows nodes as granted if the Presentation Object is granted to the user, which means granted to any of the listed Permission Sets. You can also navigate to this form by clicking on the link View Security Summary in the Security Settings in the User form. To see the details for a Permission Set, select it, right-click and navigate either to the Permission Set details or Permission Set Structure.
To view the Security Summary for a custom set of Permission Sets open the Permission Sets form and select precisely those Permission Sets you wish to see the summary for. Right-click one of the selected and select View Security Summary. You will see which Presentations Objects that is granted any of these Permission Sets. Important to observe is that it is only the listed Permission Sets that is used in the summary and you have the option to combine any Permission Sets. This means that Permission Sets which are granted to a Permission Set explicitly have to be selected and included in the list in order to be used in the summary.
Examples:
User - Alan Smith is granted Permission Set "Purchasing". Permission Set "Purchasing" is granted Permission Set "Buyer". Security Summary for Alan Smith will show the Permission Sets "Purchasing" and "Buyer". A Presentation Object is granted to Alan Smith if it is granted to either "Purchasing" or "Buyer".
You select Permission Sets "Purchasing" and "Order" and navigate to Security Summary. Security Summary will show these Permissions Sets and which Presentation Objects that are explicitly granted any of these. Presentation Objects which are granted to "Buyer" and not to "Purchasing" or "Order" will be shown as revoked.
Which Permission Sets that are granted to a user can be viewed and edited in User form for a single user or in the Grant Permission Sets to Users form as described in Grant_Permission_Set_to_Users. This connection between users and permission sets can also be exported to the file system as a backup or to be able to import the information into another environment. This function is available in the Security_Administration_Start_Page and in the Grant_Permission_Set_to_Users form.
Note: When exporting User Grants you only export the connection between the user and the permission set. You do not export the users and you do not export the permission sets. If the permission set is defined in a different way in an another installation the user will get different security access.
In the Security Administration start page you can can click "Export all User Grants". This will save which Permission Sets each user is granted into a single xml file. Click "Import User Grants" to import this information into a system.
In the Grant Permission Set to Users form you can select which users you want to include in the export file. Select a number of users and then right click and select "Export Grants for selected users". Current limit is maximum 1000 users. There is also the possibility to export all user grants from this page by using the menu option "Export Grants for all user".
Import User Grants function will grant the permission sets to the users according to the user grants information in the selected file. If a user does not exist, when importing, you will get a warning and you have the option to cancel the operation or ignore setting grants for this user. If a Permission Set does not exist you will get a warning and the options to cancel the operation or ignore setting grants to this Permission Set or create an empty Permission Set and grant this to the user. The last option is also possible to select in the Import User Grants dialog by selecting the "Create empty permission set if the permission set does not exist" option.