Permission sets (ifs app8)
Permission setsA permission set groups several privileges and other permission sets, so thatthey can be granted to and revoked from users simultaneously. Privileges arealways granted to users through permission sets.Note: Permission Set is also referred to as FndRole andhave a one-to-one mapping to Oracle Role in the database.Contents
[*]Oracle Roles
[*]Predefined Roles in Foundation1
[*]Structure for Predefined Roles in Foundation1
[*]Obsolete Roles in Foundation1
Oracle RolesWhen installing Oracle database software Oracle creates several roles forvarying functions, see Oracle documentation for full description. It isrecommended that these predefined Oracle roles is left as they are and that new rolesbe created to grantApplication functionality or objects. Example of such predefined Oracle rolesare CONNECT, DBA, RESOURCE, EXP_FULL_DATABASE,IMP_FULL_DATABASE, JAVA_ADMIN,etc.
Predefined Roles in Foundation1Predefined Foundation1 roles are created upon installation of IFSApplications. PredefinedFoundation1 Roles should not be modified, but rather, new custom roles can becreated as necessary to grant Application functionality and objects. It isrecommended to use functional roles and end user roles in a hierarchy. Seesection Role hierarchy for more information.
Note! Predefined roles in Foundation1 and in Oracle are not to be modified inthe security administration tools, nor handled by using the import and exporttool. One reason, among others, is limitations regarding internal packages, seeReference manual for details.
RoleDescription
FND_RUNTIMERole needed for a user to logon and run a Foundation1 application. It contain all necessary runtime grants for Foundation1.
FND_ENDUSERRole that contain grants to all of the Foundation1 forms that by default are included in all executables. FND_RUNTIME is granted to this role. This role is in most cases to be seen as the basic functional role for all users.
FND_ADMINRole needed for a user to be an administrator of IFS Foundation1. FND_ENDUSER is granted to this role. FND_CUSTOMIZE is granted to this role.
FND_PRINTSERVERRole needed for a user to run IFS Print Server/IFS Print Agent.
FND_CONNECTRole needed for a user to run IFS Connect framework.
FND_ANONYMOUSRole needed for a user to use Anonymous Gateway. Granted activity AnonymousAccess. Used by predefined user IFSANONYMOUS.
FND_PLSQLAPRole needed for IFS PL/SQL Access Provider user.
FND_DEVELOPERThis role is for users that are developing IFS Applications. It gives rights to for instance debugging and analyzing functionality. Developers using IFS Developer Studio also need this role.
FND_WEBCONFIGRole needed for a user to run IFS Web Client framework. System privileges PLSQL GATEWAY and IMPERSONATE USER and role FND_ADMIN are granted to this role. This role is only granted to the pre-defined user IFSWEBCONFIG.
FND_CUSTOMIZERole needed for customizing clients
Structure for PredefinedRoles in Foundation1The predefined roles in Foundation1 are internally granted in the followinghierarchy:
http://www.iot.idv.tw/ucenter/data/attachment/forum/201706/04/080608a566fwff66wwi6z6.gif
This is to be considered when administrating security. I.e. it is notnecessary to grant more than one of the predefined roles to any end user orapplication role, since they are contained in each other. See section PredefinedFoundation1 roles and Role hierarchy.
Obsolete Roles in Foundation1The following predefined roles are obsolete and will no longer containpredefined grants or grant methods delivered with an installation of IFSApplications. Environments having been upgraded from previous IFS Applicationswill still contain these roles and grants. We recommend cleaning up theseobsolete roles/grants to avoid confusion
IFS_ADMIN, IFS_APPLICATION, IFS_CONNECT,IFSAPP_NORMAL and FND_NORMAL,
LinksRead about how to
[*] How to manage permission set hierarchies
[*] Manage Permission Sets
頁:
[1]