Permission set Overview¶

A Permission Set is a collection of access grants assigned to objects and privileges that define what a user can and cannot do in the IFS Cloud. Permission Sets cover access to Projections, Reports, Lobbies, Workflows, Database Tasks, and Task Chains.

Permission Set Types

You can create two types of Permission Sets: Functional Roles and End-user Roles. The only difference between these two is the user grants. You can directly grant End-User Roles to Users or User Groups, but not to Functional Roles.

A Functional Role should be used to cover a particular small business flow. A collection of functional roles can be added to the structure of end-user roles, which together will cover a complex business flow.

It is recommended that the Functional Roles be reused as much as possible. This will allow you to maintain fewer Permission Sets.

Permission Set Delivery Types

Permission Set Delivery Types are used to differentiate IFS Predefined Permission Sets from others. There are three Delivery types - IFS_MANAGE_BASE, IFS_MANAGE, and CUSTOM.

IFS_MANAGE_BASE - These are the base Permission Sets which are delivered and maintained by IFS Frameworks. They are used to handle special authorization needs and are allowed to have in LTU Permission Set structure.

IFS_MANAGE - The IFS Standard Permission Sets are delivered and maintained by IFS. These Permission Sets cover specific business flows.

CUSTOM - All the Permission Sets that are created from the IFS Cloud are set as CUSTOM Permission Sets. The entire life cycle of these permission sets can be managed through Solution Manager.

Note: Both IFS_MANAGED_BASE & IFS_MANAGE delivery type Permission Sets cannot be changed in any way except adding/removing users.