Purpose and Context of the Document
The purpose of this document is to explain, in the simplest and most concise way possible, a complex subject found in every ERP system: rights management.
This document is based on version 23R1, but remains compatible with later versions up to 25R1 (verified).
Here, we will describe the IFS standard. If your version has been modified (in the “M” sense by IFS), some elements may differ between this document and your version.
Rights management includes several aspects:
- Understanding the IFS rights system across the different components.
- How to assign these rights to users.
- Managing module-specific rights.
We will cover each of these aspects in detail throughout this document so that nothing is left unexplained!
To maximize value for you, each section includes a “Our Recommendations” chapter. These insights come directly from our experience with clients, so don’t skip them!
Great stories have a personality. Consider telling a great story that provides personality. Writing a story with personality for potential clients will assist with making a relationship connection. This shows up in small quirks like word choices or phrases. Write from your point of view, not from someone else's experience.
Great stories are for everyone even when only written for just one person. If you try to write with a wide, general audience in mind, your story will sound fake and lack emotion. No one will be interested. Write for one person. If it’s genuine for the one, it’s genuine for the rest.
Understanding the IFS Rights System
Introduction
There are several categories of rights:
- Rights to projections (pages and buttons)
- Rights to lobbys
- Rights to workflows
- Rights to database tasks
- Rights to database tasks chains
- Rights to system privileges
Great stories have a personality. Consider telling a great story that provides personality. Writing a story with personality for potential clients will assist with making a relationship connection. This shows up in small quirks like word choices or phrases. Write from your point of view, not from someone else's experience.
Great stories are for everyone even when only written for just one person. If you try to write with a wide, general audience in mind, your story will sound fake and lack emotion. No one will be interested. Write for one person. If it’s genuine for the one, it’s genuine for the rest.
Permission Sets
Permission sets are of two types:
- End User Role
- Functional User Role
Projections can be assigned to permission sets of both types.
This will make no difference.
The main difference between these two types is that only End User Roles can be connected to users, but we will come back to this later.
End User Roles and Functional User Roles are provided by IFS.
Two strategies are available to you:
- Analyze those provided by IFS and build on them.
- Create your own permission sets.
Whichever option you choose, it is strongly recommended to stick to only one, otherwise access management can quickly become complex to maintain.
An exception to this rule: the End User Role “FND_WEBENDUSER_MAIN” must in any case be used, whatever strategy is chosen. It is the baseline permission for each user that allows access to the application.
⚠️ Important: in IFS, the broadest permission always prevails.
For example, if you grant Read-Only rights in one permission set and Write rights in another, and both are linked to the same user, the broader right, Write, will apply.