I am a first time user and first time permission set creator for my company. Since I have never done this before, what is the most efficient and effective way to create new permission sets? I was thinking for Purchasing, to have a permission set for the Operational Buyer to do the basics like issuing POs, processing requisitions and quotes, and then tracking arrivals etc and then create a set for Requisition Authorizer, and another set for PO Authorizer, etc. Is it easier to navigate and control when you have bite-sized permission sets that you can control and assign to users rather than a whole role a user might have at once?
Hi
The best and the most efficient way to create new permission set is to first define the list of business roles used within the company. As you have figured out, Operational Buyer, PO Authorizer, Financial Controller, AP Ledger Clerk etc.… Those will be created as end_user roles (end_user type permission sets).
Then, you need to analyze and make a list of functional roles (business functions) each business role need to perform. Those can be created as functional roles (functional type permission sets). For an example, for an operational buyer, the business functions to perform would be creating and releasing purchase requisions and converting to orders (basically creating and releasing Purchase Requisitions and orders) and analyzing the purchases made. So, functional type permission sets can be made for each of the above activity, and connect them to the Operational Buyer (OP_BUYER) end_user permission set, which can be granted to the users directly.
Like this, it can be easy to analyze the permission sets and there is a clear structure.
Another thing to note is that, there is a limit to the number of permission sets (sum of end_user or functional type permission sets) which can be granted to a user. A user cannot be granted more than a total number of permission sets of 48 (I couldn’t remember the exact number, but it is around 48). This is a limitation of oracle roles, not a limitation of IFS itself.
After creating a permission set, read-only and read-write access can be granted to the permission set very easily through the Presentation Object By Navigator tab, by locating the certain navigation for the screen in the application using Grant Query (which provides read-only access) and Grant (which provides both read-write access) options.
Best Regards
Thushitha
Thank you so much for the advice! You’ve laid it out very clearly and thoroughly. I will get started using your instructions and let you know if I have more questions.
thank you!
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.