This document is written to give system administrators and installation technicians a quick introduction to the Foundation1 User concepts in IFS Application.
To be able to logon to IFS Applications you need to be a Foundation1 User. This means that IFS Applications has its own User registry where all users need to be registered in order to use IFS Applications from any clients.
Most business logic authorization is mapped to the Foundation1 User.
If Database Authentication is used then the Foundation1 User also must be an Oracle User. This is done by a one to one mapping on name between the Foundation1 and the Oracle user.
There are also a few other Oracle users that are of great importance to IFS Applications, see Special Users in IFS Applications.
There are some "users" which are not mapped to actual end-users (persons/humans) but only for technical purposes. These users all have some elevated privileges and should be considered security critical.
| User | Name | Purpose | Special privileges |
|---|---|---|---|
| Application owner Appowner |
Any name, but often called <IFSAPP> | Provides views, tables, packages methods for IFS Applications. | Schema owner. Grants on SYS views and system privileges grants. |
| IFS System User | <IFSSYS> | Extended Server executes Application owner methods as IFS System user, which is able to impersonate other users. | SELECT on all views, EXECUTE on all methods, SELECT, UPDATE, INSERT on tables with LOB columns |
| IAL Owner | Any name, but often called <IFSINFO> | Owner of all created IAL objects used for reporting and statistics for end-users. | SELECT on all views |
| Oracle System user | SYS and SYSTEM | The System accounts for the database, owns or is granted to most Oracle
internal tables. Some things during installation must be run as SYS. |
Has privilege to perform anything in the database |
IFS Applications comes with some pre-defined users that are granted pre-defined roles. These users are created during installation and are locked by default. Information about how to unlock and set these pre-defined users passwords can be found in Create Foundation1 Users / Set passwords.
| User | Purpose | Role |
|---|---|---|
| IFSADMIN | Used to administrate IFS Applications, especially right after installation when no administrative users are created. | FND_ADMIN |
| IFSPRINT | Used to run IFS Printserver and IFS Report Formatter. | FND_PRINTSERVER |
| IFSPLSQLAP | This user should be used to run PL/SQL Access Provider. | FND_PLSQLAP |
| IFSCONNECT | Used to run IFS Connect | FND_CONNECT |
| IFSMOBILITY | Used to run IFS Mobile Server. | FND_MOBILITY |
| IFSWEBCONFIG | Used to run IFS Web Client | FND_WEBCONFIG |