Skip to main content

Hi,

 

What do you do/what is your routine regarding permission sets, when you have hade an update in IFS?

 

Do you, for example regrant all presentation objects or only regrant presentation objects with status; NEW, MODIFIED or CHANGED?

 

Thank you!

 

Best regards,

Erla Sandholt

Hi,

 

After applying an update you do not need regrant all permissions again. What you have to do is identify the new changes introduced from the update (to the press objects) and apply them to the existing user roles if needed. Existing permissions will be there without any changed after deploying the UPD.

 

BR,
Deepthi


Hi Deepthi,

 

Thank you for our answer. 

Your answer was a confirmation on my thoughts as well, which is good 🙂.

 

Thank you!

 

Best regards,

Erla Sandholt


Hi there, 

After installing UPD13 we notice a lot of changes in our permission sets. Before update a method we had revoked in a permission set is after the update now not revoked.

We have checked random permission sets and there are a lot of these examples, here some:

Work_Order_Api.Get_Objid 

BUSINESS_OPPORTUNITY_LINE_API.Get_All_Lines_Profit__

COMPANY_PERSON_API.Emp_Exist_Count

We have a lot of these examples where after UPD13 our permission sets has more granted roles than before UPD13. 

Can anyone explain how this can happen? 


Depending on the way your permission sets were created - using out of the box IFS permissions or your own version.  And depending on what was touched during the update by IFS, by changes to table, view, and column names, you can see your permissions appear altered.

The most common is if you’ve taken an out of the box IFS permission and made changes to it, you will always be at the mercy of whatever IFS wants to do with that permission set.  In most instances, you will see it reset to the way it was before you made changes.  We don’t use the IFS permissions unless we can do so without alteration for this reason, and in truth, there are none of the IFS permissions that conform to what we need, so they are not integral to our security model.


We have not touched the IFS out of the box permission sets, we have created our own. It is our own permission sets that have changed after Update13. It looks like the REVOKE statement in XML for a lot of methods is missing.


OK, then I can only say that I’m not surprised, I have seen this before on updates.  When the presentation object is granted or re-granted either by the update as part of the script or to clear errors after the application of the update, the revoked branches will be lost.  it is quite the pain to deal with sometimes but I’ve heard it is much worse in IFS Cloud, so I’m trying to figure out a better way for us to document these things to future proof on updates.


@Irene Røn 

Irene good day to you, how did you get on with the issue of changes to your own permission sets post upgrade?

 

Thanking you in advance.

 

John