A permission set groups several privileges and other permission sets, so that they can be granted to and revoked from users simultaneously. Privileges are always granted to users through permission sets.
Note: Permission Set is also referred to as FndRole and have a one-to-one mapping to Oracle Role in the database.
When installing Oracle database software Oracle creates several roles for
varying functions, see Oracle documentation for full description. It is
recommended that these predefined Oracle roles is left as they are and that new roles
be created to grant
Application functionality or objects. Example of such predefined Oracle roles
are CONNECT, DBA, RESOURCE, EXP_FULL_DATABASE,
IMP_FULL_DATABASE, JAVA_ADMIN,
etc.
Predefined Foundation1 roles are created upon installation of IFS Applications. Predefined Foundation1 Roles should not be modified, but rather, new custom roles can be created as necessary to grant Application functionality and objects. It is recommended to use functional roles and end user roles in a hierarchy. See section Role hierarchy for more information.
Note! Predefined roles in Foundation1 and in Oracle are not to be modified in the security administration tools, nor handled by using the import and export tool. One reason, among others, is limitations regarding internal packages, see Reference manual for details.
| Role | Description |
|---|---|
| FND_RUNTIME | Role needed for a user to logon and run a Foundation1 application. It contain all necessary runtime grants for Foundation1. |
| FND_ENDUSER | Role that contain grants to all of the Foundation1 forms that by default are included in all executables. FND_RUNTIME is granted to this role. This role is in most cases to be seen as the basic functional role for all users. |
| FND_ADMIN | Role needed for a user to be an administrator of IFS Foundation1. FND_ENDUSER is granted to this role. FND_CUSTOMIZE is granted to this role. |
| FND_PRINTSERVER | Role needed for a user to run IFS Print Server/IFS Print Agent. |
| FND_CONNECT | Role needed for a user to run IFS Connect framework. |
| FND_MOBILITY | Role needed for a user to run IFS Mobility framework. |
| FND_PLSQLAP | Role needed for IFS PL/SQL Access Provider user. |
| FND_DEVELOPER | This role is for users that are developing IFS Applications. It gives rights to for instance debugging and analyzing functionality. Developers using IFS Developer Studio also need this role. |
| FND_WEBCONFIG | Role needed for a user to run IFS Web Client framework. System privileges PLSQL GATEWAY and IMPERSONATE USER and role FND_ADMIN are granted to this role. This role is only granted to the pre-defined user IFSWEBCONFIG. |
| FND_CUSTOMIZE | Role needed for customizing clients |
The predefined roles in Foundation1 are internally granted in the following hierarchy:
This is to be considered when administrating security. I.e. it is not necessary to grant more than one of the predefined roles to any end user or application role, since they are contained in each other. See section Predefined Foundation1 roles and Role hierarchy.
The following predefined roles are obsolete and will no longer contain predefined grants or grant methods delivered with an installation of IFS Applications. Environments having been upgraded from previous IFS Applications will still contain these roles and grants. We recommend cleaning up these obsolete roles/grants to avoid confusion
IFS_ADMIN, IFS_APPLICATION, IFS_CONNECT,
IFSAPP_NORMAL and FND_NORMAL,
Read about how to