We are currently on version 9 and are starting to create lobbies for user review. I was able to grant access to the lobby that I created to a permission set, however, the it appears that the user(s) now have access to all of the IFS standard lobbies as well. I don’t see a way to deactivate these or restrict access to them. I tried to explicitly revoke access in the permission set to specific lobbies but they are still showing up in the lobby overview, although the data isn’t pulling through. The issue is that the lobby overview is messy with all of the IFS standard lobbies and I’d like to make that a little cleaner.
Solved
Restricting access to IFS standard lobbies
Best answer by CallumW
Struggling to find you the answer here…
You have stated another user has no lobby access - however the IFS Welcome start page is a lobby in its own right.
Try this and see if it can shed some light
- Go to the welcome lobby
- Click the padlock in the top right
- Click the cog in the top right
- Scroll down in the window which appears and click on the blue presentation object URL
- Check the permission sets tabs and the users tab to determine if it is permission sets granting the lobby
If it is not this, I would double check the ADMINISTRATOR system privilege just to make sure its not been assigned to any functional role which in turn has been granted to an end user role.
Here is an SQL statement you can run:
SELECT r.identity, r.role
FROM system_privilege_grant s,
fnd_user_role_runtime_tab r
WHERE r.role = s.role
AND s.privilege_id = 'ADMINISTRATOR'
+15Hi,
It should be as simple as checking the grants at the presentation object level
(IFSAPP will see all lobbies)
Regards, Callum
Callum Wells - https://uk.linkedin.com/in/callum-wells
1 person likes this
I did try this but it is still not restricting access. The user that I am testing does not have the permission set that is listed as a grantee but he can still see all of the lobbies in the lobby overview screen.
+15Does the user have the ADMINISTRATOR System Privilege assigned?
No they do not. I have tried this with other users as well and I am getting the same result.
It seems that by giving access to the lobby overview screen they can see everything, even though their permission sets do not include everything.
Another user does not have access to the lobby overview screen and has no lobby access that I can tell. However, when using the IFS Welcome start page they can get to the lobbies by clicking on the lobbies element and it takes them to the Lobby Overview screen and they can click on and see the lobby information.
+15Struggling to find you the answer here…
You have stated another user has no lobby access - however the IFS Welcome start page is a lobby in its own right.
Try this and see if it can shed some light
- Go to the welcome lobby
- Click the padlock in the top right
- Click the cog in the top right
- Scroll down in the window which appears and click on the blue presentation object URL
- Check the permission sets tabs and the users tab to determine if it is permission sets granting the lobby
If it is not this, I would double check the ADMINISTRATOR system privilege just to make sure its not been assigned to any functional role which in turn has been granted to an end user role.
Here is an SQL statement you can run:
SELECT r.identity, r.role
FROM system_privilege_grant s,
fnd_user_role_runtime_tab r
WHERE r.role = s.role
AND s.privilege_id = 'ADMINISTRATOR'
Thank you so much! There was an old permission set that had administrator privileges. Once I removed it they can no longer see all of the lobbies. Thank you again for your help!
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.