A permission set groups several privileges and other permission sets, so that they can be granted to and revoked from users simultaneously. Privileges are always granted to users through permission sets.
Note: Permission Set is also referred to as FndRole and have a one-to-one mapping to Oracle Role in the database.
When installing Oracle database software Oracle creates several roles for
varying functions, see Oracle database documentation for full description. It is
recommended that these predefined Oracle roles are left as they are and that any
new roles that are created should grant grant
Application functionality and/or objects to the desired users. Example of such predefined Oracle roles
are CONNECT, DBA, RESOURCE, EXP_FULL_DATABASE,
IMP_FULL_DATABASE, JAVA_ADMIN,
etc.
Predefined Foundation1 roles are created upon installation of IFS Applications. Predefined Foundation1 Roles should not be modified, but rather, new custom roles can be created as necessary to grant Application functionality and objects. It is recommended to use functional roles and end user roles in a hierarchy. See section Role hierarchy for more information.
Note! Predefined roles in Foundation1 and in Oracle are not to be modified in the security administration tools, nor handled by using the import and export tool. One reason, among others, is limitations regarding internal packages, see Reference manual for details.
| Role | Description |
|---|---|
| FND_RUNTIME | Role needed for a user to logon and run a Foundation1 application. It contain all necessary runtime grants for Foundation1. |
| FND_ENDUSER | Role that contain grants to all of the Foundation1 forms that by default are included in all executables. FND_RUNTIME is granted to this role. This role is in most cases to be seen as the basic functional role for all users. |
| FND_ADMIN | Role needed for a user to be an administrator of IFS Foundation1. FND_ENDUSER is granted to this role. FND_CUSTOMIZE is granted to this role. |
| FND_PRINTSERVER | Role needed for a user to run IFS Print Agent. |
| FND_CONNECT | Role needed for a user to run IFS Connect framework. |
| FND_ANONYMOUS | Role needed for a user to use Anonymous Gateway. Granted activity AnonymousAccess. Used by predefined user IFSANONYMOUS. |
| FND_PLSQLAP | Role needed for IFS PL/SQL Access Provider user. |
| FND_DEVELOPER | This role is for users that are developing IFS Applications. It gives rights to for instance debugging and analyzing functionality. Developers using IFS Developer Studio also need this role. |
| FND_WEBCONFIG | Role needed for a user to run IFS Web Client framework. System privileges PLSQL GATEWAY and IMPERSONATE USER and role FND_ADMIN are granted to this role. This role is only granted to the pre-defined user IFSWEBCONFIG. |
| FND_CUSTOMIZE | Role needed for customizing clients. |
| FNDMIG_EXCEL_ADDIN | Grants the user access to use the IFS Data Migration Excel Addin. |
| TOUCHAPPS_ADMIN | Role needed for a user to be an administrator of Touch Apps. FND_RUNTIME is granted to this role. |
| TOUCHAPPS_RUNTIME | Role needed for a mobile user to logon and run a Touch Apps application. FND_RUNTIME is granted to this role. |
| FND_TOUCHAPPS_CONFIG | Role needed for a user to register push notifications for mobile users. FND_RUNTIME is granted to this role. Used by predefined user IFSMOBILITY. |
| FND _TOUCHAPPS_SYNC_TRACE | Role granted to a mobile user when synchronization traces are enabled. |
| FND_QUICK_REPORTS | Role needed for creating and publishing Quick Reports |
The predefined roles in Foundation1 are internally granted in the following hierarchy:
This is to be considered when administrating security. i.e. it is not necessary to grant more than one of the predefined roles to any end user or application role, since they are contained in each other. See section Predefined Foundation1 roles and Role hierarchy.
The following predefined roles are obsolete and will no longer contain predefined grants or grant methods delivered with an installation of IFS Applications. Environments having been upgraded from previous IFS Applications will still contain these roles and grants. We recommend cleaning up these obsolete roles/grants to avoid confusion
IFS_ADMIN, IFS_APPLICATION, IFS_CONNECT,
IFSAPP_NORMAL, FND_MOBILE_ADMIN, FND_MOBILE_RUNTIME and FND_NORMAL
Read about how to