Skip to main content

Hello experts,

We’ve been exploring different approaches to defining permission sets in IFS Cloud 24R1, and have recently tested the ‘Manage by Navigator’ option within Permission Set » Projections.

 

With this approach, we’re able to grant access to projections for pages and lobby pages that fall under the selected navigator segments.

However, we’ve run into an issue: when testing with a user account, certain operations which are directly linked to these pages are still unavailable.

Example:

We granted a user full access to:

  • Procurement > Requisition

  • Procurement > Order

The user has access to all pages under these folders.

 

However, they’re unable to convert a purchase requisition to a purchase order because the CreateRequisitionToPurchaseOrder projection (which is linked to an assistant) isn’t granted by default — since it’s not connected to any navigator item. We can grant this using the ‘Manage by Page’ option, but this means we only discover these gaps reactively, when a user reports missing access.

 

What approaches have you followed when defining the permission sets, when going to cloud from a legacy IEE version? Excited to see other possibilities and any tips/tricks related to this tedious work. 

Hi, 

In my opinion, I would assume that "Manage by Navigator" should lead to the same result as "Manage by Page." I may have misunderstood part of your explanation, but based on my understanding, I would classify this as a bug in the "Manage by Navigator" functionality and report it accordingly.

kind regards

Tobias 

Thanks ​@tofuse for the input.

 

As it seems “Manage by Navigator” shows all the navigator entries which we can see on the navigator panel on the left side of the screen, and because of that we cannot see the assistant pages which are not accessible as a navigator item (ie: there is no direct navigator item for purchase requisition to purchase order transfer). However “Manage by Page” shows all the available pages, including the assistant pages. But it is not an easy/straightforward task to search for pages one by one and assign it to the users/groups. 

My point being is that - if you grant access to a page using ‘Manage by Navigator’ and that page contains a command that opens an assistant or dialog, then it is somewhat reasonable to assume that the assistant is included in what you want to grant. At least by default.

The problem as you state is that it is very hard for an administrator to figure out what dialogs and assistants that may be addressed. So to get them included would be beneficial. Then if the users should not have those, you could go to the specific item and remove it from the permission set. 

 

yes. Totally agree with you ​@tofuse . As you also said, it would be much easier to create and manage permission sets if the system automatically granted all commands for assistant pages within the selected navigator item. Unfortunately, this doesn’t seem to be the case, which is why I’m very interested in exploring other ways to construct permission sets using the current IFS functionality

Reply


Terms & ConditionsCookie settings