How IPS and OMS Permissions Work

Owned by Jason Reel (Deactivated)
Last updated: Jun 21, 2022
2 min read

Because of how IPS and OMS work together there continues to be confusion around IPS permissions and what it means for OMS users. Here's some information on how they work together.

Summary: OMS users by default have the IPS permission to “edit”. However, on top of the IPS user’s ability to "edit" are the OMS permissions which dictate what a user can do in the OMS system.

IPS Access/Permissions

Since OMS reads and edits IPS data all OMS users will need some level of IPS access. This does NOT mean they will be able to access IPS. It means they will be listed as a user in IPS so they can see data in OMS. Here's some info about IPS User Access and what it means for the two systems.

  • "IPS Access" flag - If a user has this flag, they can log into the IPS site. Similar to the previous field called "omsOnly".

  • "Editor" flag - If a user has this flag, they can edit officer data (all OMS users should have this permission).

  • "Territory Permissions" - Designates the territories the user has access to (it is uncommon for a user to have access to more than one territory, but they must have access to at least one for their user to work).

 

The above permissions are configurable in IPS under the Manage Access module. Not all IPS users have access to this module.

OMS User Permissions

Each OMS user will need a few things in order for their access to work properly.

  1. They need to be added in the territories Azure AD (only used to control access, not permissions).

  2. They need to have an OMS user with custom permissions set (which dictates what they can see and edit in OMS).

  3. They need to be listed as a user in the IPS system (created by OMS when a new user is added - set as "editor" by default).

OMS users have permissions that are set to control what the user has access to see and do. Since a user's access in OMS may change, meaning they may not have the ability to edit anything at one point but then can be given the ability to make edits, all OMS users default to having the "editor" flag on their IPS user. Just because a user has "editor" access in the IPS user table does NOT mean they can actually change anything in OMS. To say it another way, the "editor" flag on an IPS user means that if the person has the appropriate permission in OMS they can make changes. Most users in OMS do not have the ability to change anything because they aren't given those OMS permissions.