Skip to main content

Hi everyone,

I'm having trouble getting a Permission Set Filter (PSF) to work correctly in IFS. I've followed the steps outlined in the documentation, but I'm still able to access records that should be filtered out.

Here's what I've done:

  • Created a PSF: I've defined a simple filter with the following WHERE clause: &AO.PART_NO <> '120150' This should restrict access to records in the ServiceEngApp >PartSerialCatalog entity where the PART_NO is not '120150'.
  • Granted the PSF to an Activity: I've added the PSF to the relevant activity that grants access to the PartSerialCatalog entity.
  • Assigned the Permission Set: I've created a permission set with this activity and assigned it to a user.
  • Cleared Cache: I've cleared the security cache and reinitialized the client.

Despite these steps, I can still see and access all records in PartSerialCatalog, including those with PART_NO '120150'.

Has anyone else encountered this issue? Are there any common pitfalls or configuration settings I might be missing? Any help or guidance would be greatly appreciated.

Additional Information:

  • IFS Version: Apps 10 Version 21
  • Entity Path: ServiceEngApp > PartSerialCatalog
  • Activity Name: ServiceEngApp 1.PartSerialCatalog

Thanks in advance for your assistance!

Can you make sure to initialize on an App that you’ve configured the user to record traces and then paste the initialization traces ?

 

The traces will show the whether the permission set filter is applied or not.

 

Also this “ &AO.PART_NO <> '120150' “ is a bit weird. This syntax would mean “ifsapp.part_no”, which is view or table name, not a column.

 

Can you show what your PSF actually looks like ?

 

This is what it should really be looking like:

 

 

 

Note that this would just remove Parts from the list of serials in the PartSerialCatalog, that Part No would still be available just in general from other entities where Part No is present , such as InventoryPart, InventoryPartInStock, etc.


SimonTestard

 

Thank you so much. I have altered the where clause below are the sync traces 

Trace 1:
<PLSQLTRACE> 7^299734909^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_API.Set_Fnd_User 9^299734909^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_Util_API.Set_Fnd_User_ 13^299734909^APPLICATION^TRACE^Application^==========================================  13^299734909^APPLICATION^TRACE^Application^Set_Fnd_User_  13^299734909^APPLICATION^TRACE^Application^==========================================  13^299734909^APPLICATION^TRACE^Application^Foundation User is set to K.BLACKHALL. 7^299734909^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_API.Set_Directory_Id__ 9^299734909^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_Util_API.Set_Directory_Id_ 7^299734909^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_API.Set_Property 9^299734909^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_Util_API.Set_Property_ 7^299734909^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_Util_API.Clear_User_Properties_ 5^299734909^FRAMEWORK^INFORMATION^Framework^============================  5^299734909^FRAMEWORK^INFORMATION^Framework^Login_SYS.Init_Fnd_Session__  5^299734909^FRAMEWORK^INFORMATION^Framework^============================  5^299734909^FRAMEWORK^INFORMATION^Framework^Directory Id: K.BLACKHALL@GILKES.COM 5^299734909^FRAMEWORK^INFORMATION^Framework^Foundation User: K.BLACKHALL 5^299734909^FRAMEWORK^INFORMATION^Framework^Current Language Code Rfc3066: en-GB 5^299734909^FRAMEWORK^INFORMATION^Framework^Language Code Rfc3066: en-GB 5^299734909^FRAMEWORK^INFORMATION^Framework^Current Language Code: gb 5^299734909^FRAMEWORK^INFORMATION^Framework^Language Code: gb 5^299734909^FRAMEWORK^INFORMATION^Framework^Calendar: GREGORIAN 6^299734909^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_API.Set_Property 8^299734909^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_Util_API.Set_Property_ </PLSQLTRACE>


Simon,

 

Here is a 2nd sync trace too.

<PLSQLTRACE> 8^299734910^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_API.Set_Rfc3066__ 10^299734910^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_Util_API.Set_Rfc3066_ 8^299734910^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_API.Set_Language 10^299734912^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_API.Set_Calendar__ 12^299734912^FRAMEWORK^INFORMATION^Framework^Security not checked for ASSERT_SYS.Encode_Single_Quote_String 12^299734912^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_Util_API.Set_Calendar_ 10^299734912^FRAMEWORK^INFORMATION^Framework^Security not checked for ASSERT_SYS.Encode_Single_Quote_String 10^299734912^FRAMEWORK^INFORMATION^Framework^Security not checked for ASSERT_SYS.Encode_Single_Quote_String 10^299734912^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_Util_API.Set_Language_ 10^299734912^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_Util_API.Set_Lang_Code_Version_ 7^299734912^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_Util_API.Clear_User_Properties_ 5^299734912^FRAMEWORK^INFORMATION^Framework^============================  5^299734912^FRAMEWORK^INFORMATION^Framework^Login_SYS.Init_Fnd_Session__  5^299734912^FRAMEWORK^INFORMATION^Framework^============================  5^299734912^FRAMEWORK^INFORMATION^Framework^Directory Id: K.BLACKHALL@GILKES.COM 5^299734912^FRAMEWORK^INFORMATION^Framework^Foundation User: K.BLACKHALL 5^299734912^FRAMEWORK^INFORMATION^Framework^Current Language Code Rfc3066: en-GB 5^299734912^FRAMEWORK^INFORMATION^Framework^Language Code Rfc3066: en-GB 5^299734912^FRAMEWORK^INFORMATION^Framework^Current Language Code: gb 5^299734912^FRAMEWORK^INFORMATION^Framework^Language Code: gb 5^299734912^FRAMEWORK^INFORMATION^Framework^Calendar: GREGORIAN 6^299734912^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_API.Set_Property 8^299734912^FRAMEWORK^INFORMATION^Framework^Security not checked for Fnd_Session_Util_API.Set_Property_ </PLSQLTRACE>


You’d need to provide the init trace fully, it’s a BIG file, not what you’ve provided here :)

 

Do you still have an issue wen changing the permission set filter as I’ve highlighted above though ? If so can you describe how you’re troubleshooting the issue ?

 

Where in the app exactly are you encountering these part serials and you believe that the permission set filter is not being applied ? Screenshots would help


The Trace should be like this:

 

 

If you RMB Show Details, it’ll open a Window like this:

 

 

You should copy the entire text of that window (it’s very long, so careful to pick the entire thing) in a text file.

 

In that text file search for the entity you’re initializing (PartSerialCatalog) and look around and you’ll end up finding the select statement being done and filters (if any) applied to them

 

For example:

 

13:51:40,907 ??? ifs.application.mobileclientruntime.impl.MobileDataSyncUtilitiesImpl.initializeRecords(): initializeRecords - App: 'ServiceEngApp', User: 'SIMON.TESTARD', Device: '1916', Entity: 'PartSerialCatalog, View: 'PART_SERIAL_CATALOG_CFV', Filter:' AND (1=2)
 AND (part_no in (select part_no from mobile_user_invent_part where user_id = (select fnd_user from fnd_session)) AND
            Inventory_Part_API.check_exist_anywhere(part_no) = 'TRUE' AND objstate IN ('Issued', 'InFacility', 'Contained','ReturnedToSupplier')
   AND part_ownership_db NOT IN ('COMPANY RENTAL ASSET', 'SUPPLIER RENTED'))'

 

 

 

Orange stuff above is a filter I applied for testing purposes (and the rest after AND is the default WHERE condition for the entity) :

 

 


Yeah its not showing in the init trace. Basically the field service engineers are getting the full PSC to there phone 55000 records and they will only need 400 records max,


Well can you show how your user is set up perm set wise, and which perm set has had its filter applied on the activity etc?


Reply