Module 3 — Security & IFS Permissions

Who has access to what across
your IFS environments? Finally, a clear answer.

Scan IFS Permission Sets across every environment, compare rights between CFG, UAT and PROD, detect drifts before they reach production — with GDPR and critical flags on every projection.

Request a demo See the features

Example of a detected drift

Permission Set — Accountant

INVOICE_WRITE

UAT ✓ PROD ✗

Permission Set — Buyer

SUPPLIER_DELETE

UAT ✓ PROD — to audit

Permission Set — Admin

PERSONAL_DATA_READ

GDPR to justify

3 drifts detected in 40 seconds of scanning

< 1 min

to scan all rights
in one environment

100%

of Permission Sets
covered

undetected drift
before PROD

GDPR

sensitive projections
flagged and justified

The problem

IFS rights are a blind spot for the vast majority of organisations

In IFS, Permission Sets are configured environment by environment. There is no consolidated view of rights, no native comparison across environments, no alert on drifts. The result: in production, access exists that no one consciously validated.

When an auditor or DPO asks "who has access to personal data in PROD?", the honest answer is often: "we don't know exactly". ERP Control changes that.

What your IFS security teams experience

No consolidated view of rights by role across multiple environments

Impossible to compare UAT vs PROD rights without manual extraction

GDPR projections unidentified — invisible non-compliance risk

An IFS security audit takes several days without a dedicated tool

What the module does

Total visibility over your IFS rights — in under a minute

From automated scanning to cross-environment comparison, including GDPR flagging — everything your security teams and auditors need.

Automated Permission Set scanning

Run a full scan of all Permission Sets in an IFS environment with one click. Scans are schedulable — trigger them automatically after every rights update.

Cross-environment comparison

Compare the projections granted to each role between two environments (e.g. UAT vs PROD). Gaps — missing projections or differing access levels — are highlighted immediately.

GDPR and Critical flagging

Each IFS projection can be flagged as GDPR or Critical, with a mandatory written justification. Your DPO gets a living map of sensitive data access, always up to date.

Proactive drift detection

Identify roles that hold rights in UAT which they should not have in PROD — or vice versa. Detection happens before go-live, not after the incident.

Timestamped scan history

Every scan is stored with its timestamp, status (ok / empty / error) and full result detail. Compare scans over time to detect unplanned rights changes.

Edit rights directly from the interface

Adjust or revoke access directly from ERP Control, without navigating the technical IFS screens. Assign a permission set to one or several users in just a few clicks.

User profiles

A module built for three very different profiles

Each profile finds exactly what they need — without having to train the others.

CISO / Security Manager

Instant overview of all IFS rights by environment. Detection of gaps and unjustified access in PROD. Audit report ready to share.

"An IFS audit that used to take 3 days now takes 40 minutes."

DPO / Data Protection Officer

Exhaustive mapping of GDPR projections in IFS. Mandatory justification for every access to personal data. Full traceability for the record of processing activities.

"Finally a formal answer to: who accesses personal data in PROD?"

IFS Project Manager / Consultant

Quick rights verification before every go-live. Drift detection between UAT and PROD. Confirmation that Permission Sets have been correctly aligned across environments.

"The module prevents the classic 'rights don't match in PROD' the morning after go-live."

Business benefits

From opacity to total control of your IFS rights

IFS security audit: from 3 days to 40 minutes

What used to take days of manual extraction and analysis is done in under an hour, with a report ready to share.

Documented and justified GDPR compliance

Every sensitive projection is flagged, justified and traceable. Your DPO can feed the record of processing activities directly from ERP Control.

Zero undetected rights drift before PROD

The UAT / PROD comparison catches gaps before they reach production. The "rights don't match" incident is a thing of the past.

Instant response to any external auditor

SOX, ISO 27001, internal audit — export the full IFS rights map in seconds, with timestamps and justifications.

Rights changes without technical expertise

Your functional teams can assign or revoke IFS rights directly from ERP Control — without calling an IFS administrator or a technical consultant.

"In one click I know exactly whether a role holds rights in UAT that it shouldn't have in PROD. That scan used to take me several days — here it takes one minute."

IT Security Manager

Industrial group — IFS Cloud On-Premise

Questions about this module

Everything you need to know about IFS rights management with ERP Control.

What are Permission Sets in IFS?

IFS Permission Sets define user access rights to ERP features and data. Each Permission Set groups a set of projections (views, actions, fields) with their access level. ERP Control scans all Permission Sets across every configured environment.

Does the scan slow down IFS environments?

No. The scan uses IFS's standard read-only ODATA API. It does not modify any data and its performance impact is negligible. For heavily loaded production environments, scheduling scans outside peak hours is recommended.

How does GDPR flagging of projections work?

Each IFS projection can be manually flagged as GDPR or Critical by an ERP Control administrator. The flag requires a written justification. Once flagged, the projection appears with its badge in all comparisons and exports. Flags are versioned — any change is fully tracked.

Can IFS rights be modified from ERP Control?

Yes — this is one of the module's key features. You can adjust or revoke access rights directly from the ERP Control interface, without navigating IFS technical screens. You can assign a permission set to one or several users simultaneously in just a few clicks. Every change is tracked with its date, author and a full change log.

Can this module be used independently of the others?

Yes. The Security & Permissions module is fully standalone. It only requires an ODATA connection to your IFS environments — the same one used by the other modules. If you start with this module alone, deployment is up and running within 1 to 2 days.

Ready for total visibility over your IFS rights?

2-week POC on your real data. First scan in under an hour. Zero client-side installation.

Request a personalised demo See all modules

Or contact us directly: benoitg@erp-control.com · +33 6 15 82 56 22

IFS Management

Compliance & Data

Who has access to what acrossyour IFS environments? Finally, a clear answer.