Skip to main content
Solved

Permission sets for different sites

  • August 13, 2025
  • 7 replies
  • 177 views
M
Sidekick (Customer)
Forum|alt.badge.img+5

Hello there!

I am currently addressing an issue with our user permission sets.

We have two companies currently registered, and one of our users must have access to both companies and sites.

However, he should only be permitted to view the engineering module from site 2, not site 1.

Please, what is the proper way to adjust his permissions?

Thank you!

Best answer by Link

This is a well-known issue.

The only way to resolve this issue is to create another user account.

7 replies

Abdul
Superhero (Partner)
Forum|alt.badge.img+20
  • Abdul
  • Superhero (Partner)
  • August 14, 2025

Hi ​@MHRDonato,

Permission Sets in IFS are configured at the enterprise (global) level.

This means you cannot define or restrict permission sets per company. All users assigned to a permission set will have access to the functions it provides, regardless of the company context.

However, data-level access can still be controlled at the site or company level through User–per–Site/Company configurations

Likewise, Engineering module in IFS is also global in nature:

It is not company-specific and does not follow site-based segregation.

All users with access to Engineering functionality will see and manage data across all companies and sites, provided their permissions allowed.

 

Regards 

Abdul Rehman 

https://www.linkedin.com/in/abdul-rehman-ifscloudexpert/
M
M
Link
Superhero (Customer)
Forum|alt.badge.img+23
  • Link
  • Superhero (Customer)
  • Answer
  • August 14, 2025

This is a well-known issue.

The only way to resolve this issue is to create another user account.

Kind regards
M
Sidekick (Customer)
Forum|alt.badge.img+5
  • MHRDonato
  • Author
  • Sidekick (Customer)
  • August 14, 2025

Thank you both for your response.

@Abdul Is there any documentation/ information on this data-level access method?

S
Hero (Customer)
Forum|alt.badge.img+11
  • sholmes
  • Hero (Customer)
  • August 15, 2025

Hi You might want to add your vote to this idea Differentiate permission sets per company for one user | IFS Community

M
A
Do Gooder (Partner)
Forum|alt.badge.img+4
  • arwid
  • Do Gooder (Partner)
  • August 15, 2025

The only way to technically achieve the requested separation is through Oracle Row Level Security (RLS). RLS can be configured to restrict access at the table or view level based on, for example, site.

However, it requires SYSDBA privileges and is not officially supported by IFS.

That said, it is relatively easy to set up and does not require any core code modifications.

I have successfully used it for other modules without issues, but it should be implemented with caution and tested thoroughly before deployment.

M
K
Superhero (Partner)
Forum|alt.badge.img+17
  • knepiosko
  • Superhero (Partner)
  • August 18, 2025

Beginning from 25R1 there is new feature: Data Level Access Control. I haven’t checked this yet but it could be possible to do this. If not now maybe in future.

Piotr --> https://www.linkedin.com/in/piotr-skowronek-8425aa6/
eqbstal
Superhero (Partner)
Forum|alt.badge.img+21
  • eqbstal
  • Superhero (Partner)
  • August 21, 2025

@MHRDonato Although the idea of ​@arwid seems ok, this is nearly a no go in IFS Cloud environment (as you are more or less not allowed to touch the database outside the screens of IFS).

Most likely if you have IFS Cloud on premisse, you might get away with this.

Make sure that you either document what you change or prepare a report that shows the RLS as this might be part of an auditor requirements list.

Thanks for using the community, it helps me. I hope I can help you.
Terms & ConditionsCookie settingsAccessibility statement