A quick introduction of the IFS Applications user concept for system administrators and installation technicians.
To be able to logon to IFS Applications you need to be a Foundation1 User. IFS Applications has its own User Registry in the database where all users need to be registered.
Most business logic authorization rules are mapped to the Foundation1 User.
If
Database Authentication is used then the Foundation1 User also must be an
active Oracle User. This is done by a one to one mapping on name between the
Foundation1 user and the Oracle database user.
If other authentication mechanisms (such as Active Directory or Windows
Integrated Authentication) are used, then the Foundation1 user must be mapped to
the corresponding user identity in the external user registry.
There are also a few other Oracle users that are of great importance to IFS Applications, see Special Users in IFS Applications.
There are some "users" which are not mapped to actual end-users (as in humans) but only for technical purposes. These users all have some elevated privileges and should be considered security critical.
| User | Name | Purpose | Special privileges |
|---|---|---|---|
| Application owner Appowner |
Any name, but often called <IFSAPP> | Provides views, tables, packages methods for IFS Applications. | Database schema owner. Grants on SYS views and system privileges grants. |
| IFS System User | IFSSYS | IFS Middleware Server always connects to the database as user IFSSYS. | SELECT on all views, EXECUTE on all methods, SELECT, UPDATE, INSERT on tables with LOB columns |
| IAL Owner | Any name, but often called <IFSINFO> | Owner of all created IAL objects used for reporting and statistics for end-users. | SELECT on all views |
| Oracle System user | SYS and SYSTEM | The System accounts for the database, owns or is granted most Oracle
internal tables. Some installation steps must be run as SYS. |
Has privileges to perform anything in the database |
IFS Applications comes with a few pre-defined accounts that are granted pre-defined roles. These accounts are created during installation and are locked by default. Information about how to unlock and set these pre-defined users passwords can be found in Create Foundation1 Users / Set passwords.
| User | Purpose | Role |
|---|---|---|
| IFSADMIN | Used to administrate IFS Applications using IFS Solution Manager, especially right after installation when no other user accounts have yet been created. | FND_ADMIN |
| IFSPRINT | Used by the IFS Report Formatter. | FND_PRINTSERVER |
| IFSPLSQLAP | Used to authenticate PL/SQL Access Provider calls to IFS Middleware Server. | FND_PLSQLAP |
| IFSCONNECT | Used by IFS Connect | FND_CONNECT |
| IFSANONYMOUS | Used when doing anonymous database calls, such as when populating data in the IFS Enterprise Explorer login dialog (this needs to happen before user authentication). | FND_ANONYMOUS |
| IFSWEBCONFIG | Used by the IFS Web Client framework. | FND_WEBCONFIG |
| IFSMOBILITY | Used by the IFS Touch Apps framework for registering push notifications. | FND_TOUCHAPPS_CONFIG |