What are the possible solutions Available to implement Data level Access control in IFS, apart from existing Company, Site and access control functionality in CRM. For E.g. Oracle provides different access permissions for Data and Screen how can that be achieved in IFS.
Are there any new functionalities added to security / permission setup around data access control?
It depends which part of IFS you are trying to partition data for.
Some modules have their own additional security e.g. Document Management & HR
As I understand it, IFS also provide an Export Compliance module.
Question is around Procurement, Inventory, Warehouse, Work order and related transactions
Question is around Procurement, Inventory, Warehouse, Work order and related transactions
As far as I have seen in apps nine in those areas it is only company and site that restrict. So if you have access to all of purchase orders in company a site 1 you can see it in company b site 4 if you have access via sites per user.
Permission sets control the access e.g. you could block access to the new button on purchase orders so everything needs to be created by req, but that would be for all sites.
What applies for one applies for all.
That said if anyone knows different please comment - it has been causing us some issues of late!
Requirement we have observed is that within a company and site, PRs and POs raised by Department 1 should not be visible to Department 2, and PRs raised by requisitioner 1 should not be visible to requisitioner 2 whilst the department manager / line manager or the authorizer should be able to view those PRs and POs.
I think this is not possible - at least from my experiences.
Interested if it is.
+1
Requirement we have observed is that within a company and site, PRs and POs raised by Department 1 should not be visible to Department 2, and PRs raised by requisitioner 1 should not be visible to requisitioner 2 whilst the department manager / line manager or the authorizer should be able to view those PRs and POs.
So, we cannot configure the security in this case?
Or, we can make it real with more money for customization.
+21
InfAnkurS,
Standard this is not possible (not in IFS9 and IFS10).
This means a customization as the default where clause of the window should be changed or the connected view should be extended with additional selection criteria (such as person belongs to certain department).
Bear in mind that you will, most likely, have to pay for the customization every update of IFS Applications.
Steve
+7
Hey InfAnkurS,
as mentioned above IFS does not have any settings for this. Easiest way (as mentioned) is to adjust the view(s) you want to restrict the access to.
The other option would be to setup access restrictions on the database level using application context. It needs a bit of setup and you need to know what you are doing there though. I have only done smth similar for MySql and it works quite well there. It is even considered in e.g. Quick Reports without having to add an extra conditon. If setup correctly once you won’t need to adjust every single view. You can read up on it here:
https://docs.oracle.com/cd/B19306_01/network.102/b14266/accessre.htm#DBSEG424 (section Application Context)
Check with IFS before doing anything there though as this could have a lot of impact on your processes. I have never set it up for an IFS standard table. Don’t use it unless you are sure it won’t impact existing functionalities/interfaces and the like.
Johannes
+21
Johannes,
Never knew that one. Great to know. I think that if you perform any changes you might infringe your license with IFS.
As Johannes noted, check with IFS.
Steve
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
