Configuring roles and permissions in IFS is a major challenge for many organizations. Due to the technical complexity, this task often seems overwhelming without help. For this reason, methods for setting up roles and permissions in IFS have become established. In this post, we will provide a simple, two-level hierarchy for permission sets and a step-by-step guide for implementing, testing, improving, and maintaining permissions


1. Structure

Our methodology shows how roles and permissions can be structured and implemented in IFS. Based on our experience in numerous projects, we recommend a two-level hierarchy of permission sets: end user roles and functional roles. The functional roles contain permissions for various IFS masks (via the Navigator) and can be configured as read-only or with read/write permission. The end user roles, on the other hand, do not have access to individual masks. They contain functional roles and are assigned to individual users. While it is possible to stack multiple levels of functional and end user roles, we recommend keeping it simple with this two-level hierarchy.


2. Implementing Roles and Permissions

To start implementing your roles and permissions, you should first list the necessary end user roles. You can use an existing structure (e. g. an organizational chart or a legacy ERP system) or create a new one. It is important to consider the needs and responsibilities of each role and ensure that roles are clearly defined and do not overlap. This helps ensure that users have the appropriate level of access to perform their tasks and that permissions are not unnecessarily restrictive or permissive.


After you have defined your end user roles, you need to determine your functional roles. These are the roles that contain the actual permissions for the various IFS masks (via the Navigator). Here, we recommend you to follow best practice and define these broadly so that they can be reused by multiple end user roles and across multiple process teams. For example, you could grant access to an entire second or third level folder in the Navigator, rather than granting access to individual masks within that folder. This allows you to create a more scalable and flexible permission structure.


So to speak, your roles are now defined “on paper”. Now it is time to implement them in IFS. You can do this manually, for example, by creating the roles in IFS and assigning them to the appropriate permissions. Alternatively, you can use tools that simplify this process and allow you to create and manage your roles in a more user-friendly way.


3. Testing, Improving and Maintaining

Once your roles and permissions are implemented in IFS, it is crucial to test them thoroughly. IFS permissions can be prone to bugs. So our tip for you is to schedule enough time for testing and correcting issues. One approach to do this is to create a dummy user for each process team and assign them an end user role. Then, open a second IFS session with the dummy user and go through the process to identify any missing items or error messages. Document these issues and report them to the permissions responsible for correction. Repeat this process for each end user role in each process team until you reach a satisfactory level of quality.


It is also important to periodically review and update your roles and permissions. This will ensure that they are still relevant and meet the needs of your organization. If your organization has evolved or changed in the meantime, you may need to add new roles or adjust the permissions of existing roles. This way, changes in business processes or technology are reflected accordingly. By continuously maintaining an up-to-date and well-defined roles and permissions structure, you ensure that your users have the access they need to perform their tasks effectively and efficiently.


Conclusion

In our experience, a well-defined methodology for setting up roles and permissions in IFS is very helpful for many companies. The complexity of this task is noticeably reduced. This can save companies time during the setup, use and maintenance of your roles and permissions. Tools can also help simplify processes. In addition, you should also take the following tip to heart: Allow enough time for testing to ensure a smooth and successful implementation. By following a structured approach and paying attention to all relevant details, you will ensure that your roles and permissions in IFS are set up correctly and effectively. This way, you not only optimize the use of IFS in your organization, but you can also simplify the processes for your users.


It is also important to keep in mind that the scope of this article is limited  to IFS "permission sets" and does not cover other aspects such as user groups, business roles, or site/company setup. Nevertheless these are also important considerations when configuring roles and permissions in IFS. By focusing on the methodology outlined here, you can take the first steps towards a well-organized and effective role and permission structure in IFS.


About 2BCS AG

2BCS AG, based in St. Gallen and Zurich, was founded in 2006 as an independent, process-oriented consulting company in the field of digitalization. Our offer includes digitization strategies, evaluations in the ERP, CRM and MES environment as well as implementation services. More than 300 medium-sized industrial and commercial companies in Switzerland and abroad have used our services to date and, according to the "Neue Zürcher Zeitung", 2BCS is the largest and most successful independent evaluation and implementation consulting company in Switzerland. Our secret of success is competent consultants and the ability to bring in knowledge, experience and competencies in such a way that our clients benefit maximally.

Contact us

Contact person

CONTACT
Senior Consultant