Hello,We would like to understand whether it is possible to restrict the data accessed within a screen based on the setup of the user performing the search. This is in Apps 10 Enterprise explorer. We know that Sites effectively do this, however this doesn’t suit the use case example outlined below. Invoices per User’s Cost CentreUse of a screen where Invoices are accessible, where each Invoice is mapped to a Cost Centre. At the moment, anyone with access to the screen can see Invoices for all cost centres. We would like to configure this to restrict to only that persons Cost Centre. Cost Centre is already setup per users department and is coded to each Invoice. Is there a way to configure row level security, beyond the use of Sites or Permission sets, and if so how have other IFS users achieved this? Thanks!

IFS Apps 10 - Restrict Search Results based on User Specific Data

You can’t stop the viewing of the information on the screen if the user has access to the screen and has access to another site - even if you don’t want them to see the information in the other company or the other site.

It is possible to prevent transactions through coding that does a check against a separate custom table to determine whether that user is allowed to perform transactions in that site, but you can’t restrict them from seeing information already entered using that method.

As complicated as the permission setup is in IFS, it is also limited in this regard. It is one of the significant hinderances for us in migrating to IFS Cloud. We have the IFS CRM solution (pre v9) integrated with our V9 production system and it has true row level security that has been deprecated in later versions and never introduced in V9 or V10 production or IFS Cloud.

We would want to restrict salespeople in China from seeing customers and orders in the US and vice versa as an example, but that is not possible in any version after V9.

You can’t stop the viewing of the information on the screen if the user has access to the screen and has access to another site - even if you don’t want them to see the information in the other company or the other site.

It is possible to prevent transactions through coding that does a check against a separate custom table to determine whether that user is allowed to perform transactions in that site, but you can’t restrict them from seeing information already entered using that method.

As complicated as the permission setup is in IFS, it is also limited in this regard. It is one of the significant hinderances for us in migrating to IFS Cloud. We have the IFS CRM solution (pre v9) integrated with our V9 production system and it has true row level security that has been deprecated in later versions and never introduced in V9 or V10 production or IFS Cloud.

We would want to restrict salespeople in China from seeing customers and orders in the US and vice versa as an example, but that is not possible in any version after V9.

Thank you for confirming, and I agree, interesting that even with the complex Permission Sets in IFS that this is a clear limitation.

Are you aware of this being on an IFS Cloud roadmap?

No, I’ve never found any indication that IFS recognize it as a deficiency or a customer requirement. Not on any roadmap that I’ve seen.

Hi,

I would assume you could create an event to only show invoices that should be accessible for each user. to support that you could create a custom table where User-ID and C/C is entered. The event could probably be possible to trigger on the creating of a Search in the relevant windows.

Reply

Did you find what you're looking for? If not:

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded