Required Security roles for M3 Core
If any of the required Security roles are missing, you must add these roles manually through the Security menu in Infor OS Portal. To add new roles, you must be connected to the UserAdmin role.
See information about adding a security role in the Infor OS User and Administration Library (Cloud) and select .
Required Security roles
This table shows the list of Security roles that are required to accomplish administration tasks for each M3 application type:
| Application type | Security role | Description | 
|---|---|---|
| Grid | GRID-Administrator | Users with this role can download the CFT Client installation. | 
| M3 Business Engine | M3BE-FndAdmin | Users with this role can list, stop, configure logging and log levels, and configure profiling for all M3 BE jobs on the M3 Business Engine Jobs page, as well as download logs for any M3 BE user on the Business Engine Logs page. | 
| M3 Business Engine | M3BE-FndUser | Users with this role can list and stop their own M3 BE jobs on the Business Engine Jobs page, as well as download their own dump logs on the Business Engine Logs page. | 
| M3 Business Engine | M3BE-LogEnabler | Users with this role can configure logging, log levels, and profiling for their own M3 BE jobs on the M3 Business Engine Jobs page. | 
| M3 Business Engine | M3BE-ConfigAdmin | Users with this role can import M3 Business Engine configuration data as any M3 user, as well as manage configuration data files on the Business Engine Files page. | 
| M3 Business Engine | M3BE-ConfigUser | Users with this role can import configuration data, as well as view and download configuration data files on the Business Engine Files administration page. | 
| M3 Business Engine | M3BE-DBViewer | Users with this role can perform read operations on the M3 BE database using the Update Database administration tool in the Business Engine Data Management page. | 
| M3 Business Engine | M3BE-DBAdmin | Users with this role can perform read and write operations on the M3 BE database in the Business Engine Data Management pages. Users can also manage BE data management files on the Business Engine Files page. | 
| M3 Business Engine | M3BE-DBUpdater | Users with this role can perform read and write operations on the M3 BE database using the Update Database administration tool in the Business Engine Data Management pages. | 
| M3 Business Engine | M3BE-DBAdmin-ReadToken | Users with this role can create and revoke read tokens, which are required for direct data copy in the Business Engine Data Management pages. | 
| M3 Business Engine | M3BE-DBAdmin-PrdToken | Users with this role can create and revoke prd tokens for a _PRD tenant using the Manage Tokens administration tool on the Business Engine Data Management pages. | 
| M3 Business Engine | M3BE-FATAdmin | Users with this role can administer field audits on the Business Engine Field Audit Trail page. | 
| M3 Business Engine | M3BE-FATAdmin-Exporter | Users with this role can export field audit data on the Business Engine Field Audit Trail page. Users can also manage FAT Export files on the Business Engine Files page. | 
| M3 Business Engine | M3BE-ServiceAdmin | Users with this role can administer interactive program services on the Business Engine Interactive Program Services page. | 
| M3 Business Engine | M3BE-FileAdmin | Users with this role can manage MvxFileTransfer files on the M3 Business Engine Files page. | 
| M3 Business Engine | M3BE-FileViewer | Users with this role can view and download MvxFileTransfer files on the M3 Business Engine Files page. | 
| M3 UI Adapter | M3UI-Administrator | Users with this role can perform all administration tasks for M3 H5. For M3 Experience Designer, users with this role can publish applications. | 
| M3 UI Adapter | M3UI-Approver | Users with this role can test and approve applications in M3 Experience Designer. | 
| M3 UI Adapter | M3UI-Designer | Users with this role can access M3 Experience Designer and build applications. | 
| Event Hub CE | EVENTHUB-Administrator | Users with this role can view and change configuration settings in Event Hub and Event Analytics. | 
| Event Hub CE | EVENTHUB-User | Users with this role can view configuration settings in Event Hub, Event Analytics and also browse events. | 
| Data Lake Publisher | M3-DLSubscriptionAdmin | Users with this role can control access to the admin interface where the user can manage which documents to publish from M3 to Data Lake. | 
| Mashup | MASHUP-Administrator | Users with this role can perform all administration tasks that are necessary in managing mashup applications. | 
| MDP | M3CE_About_Viewer | Users with this role can view M3CE About. This web application is packaged together with MDP. M3CE About enables users to view content packages and the fixes included in those packages. | 
| MDP | M3MDP-TESTAPI | Users with this role can access Test API within MDP. 
               Note: To use the Test API functionality, users must have the M3MDP-User role.
               | 
| MDP | M3MDP-User | Users with this role can access M3 Metadata Publisher and use Search by System Configuration module. | 
| EC | M3EC-Administrator | The administrator role is the primary role for working with BODs from an M3 integration perspective. Users with this role can run and configure BODs sent from M3 to ION. It can identify, view, and rectify failed BODs. It grants administrator privileges in Infor Enterprise Collaborator and the M3 BOD Processor Grid Management Pages. | 
| EC | M3EC-User | This user role is limited. Users with this role have view-only access to these pages: 
 | 
| EC | M3EC-ClientDesigntime | This user role grants permission to perform mapping development in a cloud solution. |