System Privileges
This document is written to give system administrators and installation
technicians a quick introduction to the Foundation1 System Privileges concepts in IFS
Applications.
Contents
System privileges are used to grant a user the necessary rights to use a
specific functionality, unrelated to data or method authorization. Foundation1
defines four different system privileges:
- ADMINISTRATOR
- CONNECT
- IMPERSONATE
USER
- DEFINE SQL
It is not possible to create or modify system privileges.
These are the existing system privileges and their usage.
| Privilege |
Purpose |
| ADMINISTRATOR |
This system privilege lets the logged on user act as
Appowner, with the exception of method security. This system privilege also
gives the user the ability to see more, but not necessarily all, data. This privilege is granted to
the FND_ADMIN permission set. |
| CONNECT |
Any user that wants to access IFS Applications through an
IFS Client must have Connect system privilege. It is possible to access IFS
Applications methods from non IFS Clients, like SQLPlus, without having this
privilege. Allow access to IFS Middleware Server activities and services.
Without this privilege a user will never reach any backend method at all (will
return a
HTTP 401 Unauthorized response). |
| IMPERSONATE USER |
Allow the authenticated user the possibility to impersonate
(run as) some other user. This is a very high privilege and should be used
with care. |
| DEFINE SQL |
Allows the user to enter SQL statements that should be
executed by the application through some system service. |
| DEBUGGER |
This privilege gives ability to get server debug stack trace
in the IFS Enterprise Explorer debug console |
Detailed information about system privileges
| System privilege |
Used in |
| ADMINISTRATOR |
Methods
- Archive_API.Remove_User_Instance
Allows you to delete any report
- Batch_SYS.Init_All_Processes_
Allows to execute
- Batch_SYS.Process_Batch_Schedule_
Allows you to execute any Scheduled Task
- Batch_Queue_API.Delete___
Allows you to delete any Batch Queue
- Batch_Schedule_API
Allows you to perform operations on all scheduled tasks
- CONNECTIVITY_SYS.Init_All_Processes__
Allows you to start Connectivity background process
- Data_Archive_API.Init_All_Processes_
Allows you to start Data Archiving background process
- Fnd_User_API.Get_User_Security_Info_
Returns % for ADMINISTRATOR, otherwise Fnd_User
- Fnd_User_API.Set_Property
Allows you to set properties on any user
- Fnd_User_Properties_API
Allows you to set properties on any user
- Oracle_Account_API.Alter_User__
Allows you to Alter any user
- Oracle_Account_API.Expire_Password__
Allows you to expire any users password
- Oracle_Account_API.Lock_Account__
Allows you to lock any user account
- Oracle_Account_API.Unlock_Account__
Allows you to unlock any user account
- Performance_Analyze_API.Remove
Allows you to remove any Performance Analyze
- Replication_SYS.Init_All_Processes__
Allows you to start Replication background process
- Report_Definition_API.Count_Available_Reports
Returns all reports
- Report_Definition_API.Report_Definition__
Returns all reports
- Transaction_SYS.Init_Processing__
Allows you to start Background Queues background process
- Transaction_SYS.Init_All_Processing__
Allows you to start all Background Queues background process
Views
- ARCHIVE_DISTRIBUTION
Lets you see all rows
- BATCH_JOB
Allows you to see all background jobs
- BATCH_SCHEDULE
Allows you to see all scheduled tasks
- BATCH_SCHEDULE_METHOD
Allows you to see all tasks
- DEFERRED_JOB
Allows you to see all background jobs
- HISTORY_LOG
Allows you to see all History logs
- PRINT_JOB
Allows you to see all Print Jobs
- QUICK_REPORT
Allows you to se all Quick Reports
|
| DEFINE SQL |
Services
- Define scheduled tasks
- Define data archive objects and data archive orders
- Define monitoring entries
- Define quick reports
|
System privileges are always granted to permission sets, never directly to
users. Use IFS Solution Manager to administrate permission sets and the system
privileges granted.