Setting up Permissions in IFS, why is it such a challenge?

Implementing and running an ERP solution is a challenge. IFS Applications is one of the most successful solutions for mid-market industrial companies. Roles and permissions are needed to manage the usage rights in an ERP solution. Designing, implementing, running, and validating these roles and permissions is becoming increasingly important. IFS offers some roles & permissions functionality. 2BCS AG, with its vast experience in leading and supporting IFS implementations, sees numerous areas where improvements need to be made.

When selecting an ERP solution, process requirements, the implementation partner, and hosting issues are usually high on the priority list. Technical issues such as setting-up and managing end-user roles and permissions are hardly ever questioned. Most customers assume that roles & permissions are industry best practice and the different ERP suppliers all have similar functionality.

Setting up roles & permissions requires business, process, and technical know-how. Very often the settings influence other processes. From a RACI (responsible, accountable, consulted, informed) perspective this implementation task is a customer task. The customer is accountable and responsible. Customers usually accept this task without knowing what is available and how much work is associated with the task.

2BCS has done an analysis of the last 10 IFS projects and carried out interviews with customers. The following deficits were identified. We have grouped the deficits into two groups, the first group related to implementation projects and the second related to running operations.

IFS Implementation Projects

  • Missing methodology
    Implementing roles & permissions in IFS is a big challenge for our clients. As far as we know, IFS does not offer an official methodology or guideline on how customers should proceed when designing and implementing roles & permissions, only an initial technical training is offered. In addition to this initial training, the most that IFS customers can expect from IFS are some tips and tricks but no practical implementation support.
  • Too early
    The roles & permissions training is usually held in combination with other trainings such as layouts, customizations etc. This technical training is held at the beginning of the implementation project and given to IT people. Practical usage of the knowledge gained usually happens much later in the project. Very often a lot of know-how is lost during this long period of time. We suggest carrying out the training much later.
  • Missing standard roles & permissions
    One of the biggest deficits that IFS has are missing standard roles & permissions or templates. IFS customers expect to receive standardized poles and the associated permissions that are already set-up and working in IFS. Adapting these standard roles & permissions to the specific needs of a customer is common best practice and state of the art for many other ERP solutions such as SAP and Microsoft Dynamics 365.
  • Buggy permissions system
    One aspect of the IFS permission system is how buggy it can seem in many situations. Often if a specific permission is granted, the user will not actually get all the permissions that one might expect – often one needs to dig deeper into the system and grant additional permissions. This leads to the effort of setting up roles & permissions in IFS exceeding customer’s expectations.
  • Company and site neutral roles
    Roles & permissions in IFS are company and site neutral, meaning the individual user has the same permissions in all companies and sites he or she is assigned to. Whereas other ERP systems often allow roles & permissions to be set up company and site specifically, IFS does not, or at most only for certain aspects (but this set up requires a lot of effort to configure).
  • Little consulting support from IFS
    Customers trying to implement roles & permissions often tend to get advice from experienced IFS consultants. The availability of knowledgeable IFS consultants, at least in the DACH region, is low. Very often customers ask experienced consultancies like 2BCS, to help design and implement roles & permissions.
  • Good functionality, not intuitive
    There are numerous possibilities to manage roles & permissions in IFS. The functions are very powerful but are often not obvious (e.g., IAL) and not trained by the experts.
  • Missing visualization
    Customers implementing IFS are usually faced with hundreds of future users in various countries, dozens of different end user roles, and even more functional permission sets. Not being able to visualize all these elements and their dependencies, not being able to visualize dependencies, missing connections or circular relationships is a major weakness of IFS.

Running IFS Systems

IFS installations run for many years. Unfortunately, the slogan “Never change a running system” is not possible. Employees join an organization, grow into new tasks and responsibilities, and leave. Processes and systems are optimized. Issues such as compliance, SOX reporting, cyber security or GDPR require changes to a running installation. In these areas we also see deficits of what IFS offers in the roles & permissions area. Here are some details:

  • Missing Reporting
    Publicly listed, as well as privately owned companies, must periodically carry out various tasks related to roles & permissions. These can include specific reporting on roles & permissions, the usage of “all” functionality, last logins, last password changes and alignment with corporate governance policies, etc. Very often external auditors from PWC, KPMG etc. require these reports when auditing. IFS offers little support in these areas. Very often downloads in Excel must be carried out and aggregations and identification of critical issues must be done there manually.

Next Steps

The deficits listed above are important for customers selecting, implementing, and running IFS. This blog article is an initial analysis of the situation and what needs to be improved. 2BCS as a consulting company has been aware of these issues for some years. The consultants have created solutions (e.g., methods, standard roles & permissions) to remedy the largest problems. In the upcoming weeks 2BCS will publish additional blog articles covering a future method, a new add-on to IFS for roles & permissions and a success story showing how the methods and tools help to successfully implement and run roles & permissions in IFS.


Who is 2BCS?

2BCS AG is a Swiss leader in business and IT transformation. We support our client’s digital initiatives by providing thought leadership, independent expertise and hands-on implementation support based on dozens of years of experience. The IFS competence center at 2BCS has supported dozens of IFS implementations in Europe and the world. Our clients are national and international industrial and trading companies who demand and expect best practice professional support. 2BCS AG is a spin-off of HSG and is based in St. Gallen and Zurich.


About Author

Dr. Martin Brogli
Dr. Martin Brogli founded 2BCS AG. He has been supporting national and international clients as a process and IT consultant since 1995. After studying information management he did his PhD on the digitalization and management of processes at the University of St. Gallen (HSG). Martin is a well-known expert in application strategies, process optimization, evaluations and setting up and running PMOs.