Predefined Permission Sets
Predefined Permission Sets are created upon installation of IFS Cloud. These are tagged as 'IFS_MANAGED' or 'IFS_MANAGED_BASE' and should not be modified.
IFS Managed Base Permission Sets
The Permission Sets required for login and performing basic functionalities in IFS Cloud.
| Permission Set |
Description |
Type |
| FND_WEBRUNTIME |
The Functional Role needed for a user to logon to IFS Cloud. |
Functional Role |
| FND_WEBENDUSER_MAIN |
Role that contains framework functionality for IFS Cloud Web for a user. FND_WEBRUNTIME is granted this role. This role is a basic end user role for all IFS Cloud Web main users. |
End User Role |
| FND_WEBENDUSER_B2B |
Role that contains framework functionality for IFS Cloud Web for a Business to Business (B2B) user. FND_WEBRUNTIME is granted this role. This role is a basic end user role for all IFS Cloud Web B2B users. |
End User Role |
| MOBILE_APP_RUNTIME |
Role needed for a mobile user to logon and run a IFS Cloud Mobile app. FND_RUNTIME is granted to this role. |
Functional Role |
| FND_WEBENDUSER_MAIN_FNDWF |
Basic role for end users of IFS Cloud. Contains Business Process Automation Workflow functionality for users |
Functional Role |
| FND_WEBENDUSER_B2B_FNDWF |
Basic role for B2B users of IFS Cloud. Contains Business Process Automation Workflow functionality for B2B users |
Functional Role |
| FND_WEBENDUSER_MAIN_BISERV |
Business Reporter- FND Web end-user. |
Functional Role |
| FND_CONTACT_WIDGET_USER_ENTERP |
Role needed for Contact Widget to display customer and supplier information. |
End User Role |
Administration
| Permission Set |
Description |
Type |
| FND_ADMIN |
Role needed for a user to be an administrator of IFS Platform. FND_WEBENDUSER_MAIN, FND_WEBENDUSER_B2B and FND_CUSTOMIZE are granted to this role. |
End User Role |
| FND_SCIM_ADMIN |
Role used for handling SCIM container requests |
End User Role |
Development & Translations
| Permission Set |
Description |
Type |
| FND_DEVELOPER |
This role is for users that are developing IFS Applications. It gives rights to for instance debugging and analyzing functionality. Developers using IFS Developer Studio also need this role. |
End User Role |
| FND_DEVELOPER_FNDDEV |
Role for Developers which needs for Translation Management. |
Functional Role |
| FND_DEVELOPER_FNDMOB |
This role is for users that are developing IFS Applications. It gives rights to for instance debugging and analyzing functionality. Developers using IFS Developer Studio also need this role. |
Functional Role |
| FND_TRANS_MAN |
Role contains grants related to Translations Management in central scanning environments. |
End User Role |
| FND_TRANS_MAN_FNDDEV |
Role contains grants related to Translations Management in central scanning environments. |
Functional Role |
| FND_CUSTOMIZE |
Role needed for customizing clients. |
End User Role |
IFS Connect
| Permission Set |
Description |
Type |
| FND_CONNECT |
Role needed for a user to run IFS Connect framework. |
End User Role |
| FND_CONNECT_APPSRV |
Role needed for IFS Connect framework user. |
Functional Role |
| FND_CONNECT_BISERV |
Role needed for IFS Connect framework user. |
Functional Role |
| FND_CONNECT_TABMFW |
Role needed to handle Tabular Models background jobs with IFS Connect framework user. |
Functional Role |
Data Migration, Excel Addin, Data synchronization and Data catalog
| Permission Set |
Description |
Type |
| FNDMIG_EXCEL_ADMIN |
Grants the user access to use the IFS Data Migration Excel Addin. |
End User Role |
| FND_ADMIN_FNDRRE |
Grants to Fndrre Administration forms not requiring App owner privileges. |
Functional Role |
| IFS_SSRSORINT |
IFS SSRSOR Integration. |
End User Role |
| FND_DCAT_ADMIN |
Required grants for Data Catalog admin user |
End User Role |
| FND_DCAT_USER |
Required grants for Data Catalog user |
End User Role |
| FND_SYNC |
Required grants for Data Synchronization service user |
End User Role |
| FND_SYNCADMIN |
Required grants for Data Synchronization admin user |
End User Role |
| FND_CLOUD_DMM |
Role needed for data migration manager admin actions. |
End User Role |
Configurations
| Permission Set |
Description |
Type |
| CUSTOM_OBJECTS_ADMIN |
Required grants for administration of Configuration Items |
Functional Role |
| FND_LOBBY_ADMIN |
End user role administrating IFS Lobby |
End User Role |
| FND_LOBBY_SQLDS_ADMIN |
End user role administrating IFS Lobby and manipulating SQL data sources |
End User Role |
| QUERY_DESIGNER_ADMIN |
Required grants for administration of Query Objects |
Functional Role |
Mobile Framework and Services
| Permission Set |
Description |
Type |
| MOBILE_APP_ADMIN |
Role needed for a user to be an administrator of IFS Cloud Mobile. FND_WEBRUNTIME is granted to this role. |
End User Role |
| MOBILE_APP_RUNTIME |
Role needed for a mobile user to logon and run a IFS Cloud Mobile app. FND_RUNTIME is granted to this role. |
Functional Role |
| FND_MOBILE_APP_SYSTEM |
Role needed for IFS Cloud System User |
End User Role |
| FND_MOBILE_APP_SYNC_TRACE |
Role needed for IFS Cloud Mobile end user to enable synchronization traces. |
End User Role |
| VIRTUAL_MAP_USER |
Role needed to grant for objects in Virtual Map solution. |
End User Role |
Analysis Model
| Permission Set |
Description |
Type |
| AAAS_ADMINISTRATOR |
Role needed for Analysis Models - Power BI admin user. |
End User Role |
| AAAS_DL_USER |
Role needed for Analysis Models - Power BI Data Lake user. |
End User Role |
| AAAS_UPLOAD_USER |
Role needed for Analysis Models - Power BI upload models. |
End User Role |
| TABM_SETUP_ADMIN |
Analysis Models Self Hosted administrator role for environment setup. |
End User Role |
| TABM_ADMIN |
Analysis Models Self Hosted administrator role for general actions. |
End User Role |
Aviation Maintenance
| Permission Set |
Description |
Type |
| FLOPS_FLIGHT_CONTROLLER |
Required grants for the Flight Controller user in the Forward Flight Operations solution. |
End User Role |
| MM_ADMINISTRATOR |
Required grants for the Administrator user configuring Mobile Maintenance for Aviation for end users. |
End User Role |
| MM_FLIGHT_API |
Required grants for third-party flight following systems to update flights in Mobile Maintenance for Aviation using the IFS Cloud Open API. |
End User Role |
| MM_LINE_PLANNER |
Required grants for the Line Planner user in the Mobile Maintenance for Aviation solution. |
End User Role |
| MM_MAINT_OPERATIONS_CONTROLLER |
Required grants for the Maintenance Operations Controller user in the Mobile Maintenance for Aviation solution. |
End User Role |
| MM_OVERRIDE_HARD_STOP |
Required grants to release an aircraft, overriding a release restriction due to missing mandatory components or overdue maintenance. |
End User Role |
| MM_SUPERVISOR |
Required grants for the Supervisor user in the Mobile Maintenance for Aviation solution. |
End User Role |
| MM_TECHNICIAN |
Required grants for the Line Technician user in the Mobile Maintenance for Aviation solution. |
End User Role |
| AC_CONFIG_CON_BOARD |
Required permissions for the Allowable Configuration Board in the Aviation Technical Content Manager solution. |
End User Role |
| AC_CONFIG_SPECIALIST |
Required permissions for the Allowable Configuration Specialist in the Aviation Technical Content Manager solution. |
End User Role |
| AC_ENG_SERVICE_PARTNER |
Required permissions for the Allowable Configuration Engineering Service Partner in the Aviation Technical Content Manager solution. |
End User Role |
Remote Assistance
| Permission Set |
Description |
Type |
| FND_REM_ASST_ADMIN |
Required grants of all the RA admin projections and Actions |
End User Role |
| FND_REM_ASST_ENDUSER |
Required grants of all the enduser related Projections and Actions |
End User Role |
| FND_REM_ASST_SERVICE |
Required grants of RA service user |
End User Role |
IFS Signature Service
| Permission Set |
Description |
Type |
| FND_DSS_ASST_ADMIN |
Required grants of all the Digital Signature admin Actions |
End User Role |
| FND_DSS_ASST_ENDUSER |
Required grants of all the enduser related Actions for Digital Signature |
End User Role |
| FND_DSS_ASST_SERVICE |
Required grants of Digital Signature service user |
End User Role |
IFS AI Services
| Permission Set |
Description |
Type |
| FNDGPT_RUNTIME |
Role needed to access IFS.ai Copilot Chat |
End User Role |
IFS Planning and Scheduling Optimization
| Permission Set |
Description |
Type |
| FNDSCH_RUNTIME |
Role needed for IFS Planning and Scheduling Optimization Workbench users |
End User Role |
| FNDSCH_ADMIN |
Role needed for IFS Planning and Scheduling Optimization Workbench Administrator users |
End User Role |
| FNDSCH_WEBSERVICE |
Role needed for IFS Planning and Scheduling Optimization to broadcast messages to IFS Cloud. FND_WEBRUNTIME is granted to this role. |
End User Role |
IFS Human Capital Management
| Permission Set |
Description |
Type |
| ABSENCE_INTEGRATION_USER |
Role needed for Absence Integration users |
End User Role |
| PAYROLL_INTEGRATION_USER |
Role needed for Payroll Integration users |
End User Role |
| TIMECLOCK_USER |
Role needed for Time Clock Integration users |
End User Role |
| EMPLOYEE_INTEGRATION_USER |
Role needed for Employee Integration users |
End User Role |
| TRIP_TRACKER_USER |
Role needed for Trip Tracker Mobile App user |
End User Role |
Business Process Automation (BPA) Workflow
| Permission Set |
Description |
Type |
| FND_BPA_ADMIN_FNDWF |
Role required for Business Process Automation Workflow functionality for admin user |
Functional Role |
| FND_WEBENDUSER_MAIN_FNDWF |
Basic role for end users of IFS Cloud. Contains Business Process Automation Workflow functionality for users |
Functional Role |
| FND_WEBENDUSER_B2B_FNDWF |
Basic role for B2B users of IFS Cloud. Contains Business Process Automation Workflow functionality for B2B users |
Functional Role |
| FND_BPA_AUTHOR_FNDWF |
Permission set needed for managing Business Process Automation Workflows and its configurations in IFS Cloud |
End User Role |
Manufacturing Execution Controller
| Permission Set |
Description |
Type |
| MANUF_EXECUTION |
Permission set for Manufacturing Execution integration services. |
End User Role |
IFS Relationship Management Panel
| Permission Set |
Description |
Type |
| EXCHANGE_SYNC_USER |
Permission set for exchange sync users |
End User Role |
| MASTER_SYNC_ROLE |
Permission set for Master sync user |
End User Role |
IFS Business Reporter
| Permission Set |
Description |
Type |
| BA_REPORT_ADMIN |
End user role to be granted to an end user that should manage Configuration and Administration of IFS Business Reporter-related functionality in IFS Cloud Web client. This role also provides the necessary grants to handle report administration in Business Reporter as well as access to all published BR reports. |
End User Role |
| BA_REPORT_DESIGNER |
End user role to be granted to an end user that is supposed to work with report design within IFS Business Reporter client. This role has access to all necessary functionality/activities needed for a report designer but has NO default access to published Reports. |
End User Role |
| BA_USER |
End user role to be granted to an end user that executes IFS Business Reporter reports either from within IFS Business Reporter or in IFS Cloud. This role has access to all necessary functionality/activities needed for an end user but has NO default access to published Reports. |
End User Role |
| IFS_BRES |
Role needed when using IFS BR Execution Server. |
End User Role |
| BA_ADMINISTRATOR |
Functional role for IFS Business Reporter administrators that gives access to all administrator-related activities. |
Functional Role |
| BA_DESIGNER |
Functional role that gives access to IFS Business Reporter design activities. |
Functional Role |
| BA_ENDUSER |
Functional role that gives access to necessary activities for a typical end user in IFS Business Reporter end user mode. |
Functional Role |
| BA_PUBLISHER |
Functional role that gives access to publish a report in IFS Business Reporter to IFS Cloud. |
Functional Role |
| BA_REPORT_USER |
Functional role that gives access to IFS Business Reporter report execution within IFS Cloud. |
Functional Role |
| BA_SUPER_USER |
Functional role with access to all design and end-user related functionality. |
Functional Role |
| BA_UNPUBLISHER |
Functional role that gives access to un-publish a IFS Business Reporter report from IFS Cloud. |
Functional Role |
| BA_WRITEBACK_USER |
Functional role with access to write back related functionality from IFS Business Reporter to IFS Cloud. |
Functional Role |
| BR_EXAMPLE_REPORT_ACCESS |
Functional role with access to all IFS Business Reporter reports. |
Functional Role |
| BR_FULL_REPORT_ACCESS |
Functional role with access to all IFS Business Reporter example reports. |
Functional Role |
| FND_CONNECT_BISERV |
Functional role needed for IFS Connect framework user. |
Functional Role |
| FND_ADMIN_BISERV |
Business Reporter- FND Administrator. |
Functional Role |
| FND_WEBENDUSER_MAIN_BISERV |
Business Reporter- FND Web end-user. |
Functional Role |
IFS Operational Reports and Ad hoc Reports
| Permission Set |
Description |
Type |
| FND_PRINTSERVER |
Role needed for a user to run IFS Print Agent. |
End User Role |
| FND_QUICK_REPORTS |
Role needed for creating and publishing Quick Reports. |
End User Role |
| FND_ADMIN_CRYSTL |
Grants to Crystal Administration forms not requiring App owner privileges. |
Functional Role |
| FND_DESIGNER_REPORT |
Role needed for creating and designing Report Studio - Designer type Reports. |
End User Role |
Demand Planner
| Permission Set |
Description |
Type |
| DEMAND_ML |
This permission set has access only to the Demand ML message communication. |
End User Role |
| DEMAND_SUPER |
This permission set has access to everything related to Demand planning, the only user that can execute manual jobs in the Demand Plan Server from the Dashboard. Only user to create new user and edit access rights for the main Demand Plan Client. |
End User Role |
| DEMAND_GENERAL |
This permission set has access to everything related to Demand planning apart from the basic data set up. The user will be able to add and delete new forecast parts, publish forecast parts to DEMAND_FORECAST users, look at the finished forecasts. The user cannot create/delete/edit base or combined flows or do anything to the Demand Plan Server Setup but can view the Dashboard without being able to execute any jobs on the Demand Plan Server |
End User Role |
| DEMAND_FORECAST |
This permission set has access only to the Demand Forecast Client. This will only allow to examine, and evaluate the forecast published to the user in the Demand Forecast Client. |
End User Role |
| IPR_SUPER |
This permission set has access to everything related to IPR. For example IPR Supply Plan, Manage IPR Supply Plan, Analyze Demand Derivation, Refresh Inventory Part Unit Cost Snapshot, IPR Planning Details for Inventory Parts, Planning Hierarchy Basic Data, the IPR Excel Sheet menu on Inventory Part Planning. |
End User Role |
IFS Document Management
| Permission Set |
Description |
Type |
| DOCUMENT_ATTACHMENT_CLOUD_B2B |
Grants create and read grants to Attachments / Documents in IFS Cloud B2B. |
End User Role |
| DOCMAN_ADMINISTRATOR |
System privilege with full administration rights to Document Management functionality. |
End User Role |
| DOCUMENT_ATTACHMENT_CLOUD |
Grants create and read grants to Attachments / Documents in IFS Cloud. |
End User Role |
| DOCUMENT_ESIGN |
Grants permission to send and receive documents for e-signing. |
End User Role |
Application Services
| Permission Set |
Description |
Type |
| MEDIA_LIBRARY |
Required grants to media library methods for Media Attachment use. |
End User Role |
Warehouse Data Collection
| Permission Set |
Description |
Type |
| WADACO_MOBILE_USER |
Required grants for WADACO mobile clients |
End User Role |
Microsoft Project Integration
| Permission Set |
Description |
Type |
| MSP_INTEGRATION |
Required grants for MS Project Integration users. |
End User Role |
IFS Provider for Oracle Primavera Gateway
| Permission Set |
Description |
Type |
| OPG_SYNCHRONIZER |
Required grants for Oracle Primavera Gateway (OPG) integration, Project & master data synchronization users. |
End User Role |
Export Control Administrator
| Permission Set |
Description |
Type |
| EXPCTR_ADMINISTRATOR |
Grants right to act as Administrator in component Export Control |
End User Role |
Several of the roles above include component specific sub roles with component suffix. Example: FND_ADMIN_FNDMIG. These are included in main Permission Sets structure.
Read more: