Purpose and Context
This guide aims to support the users of the PLM Portal - PUI in completing the steps needed to gain access to the platform to manage authorised products data in PUI.
Checklist to access the PLM portal – PUI
- Ensure to have an active EMA user account — user can log in to the relevant EMA account or create an account at EMA account management
- Ensure the organisation the user is working for is listed in EMA’s Organisation Management Service (OMS) — if the user has previously submitted applications, the relevant organisation is probably listed in OMS.
User can check whether the organisation is in OMS by searching using 'Request Access for Organisations' at EMA account management.
In case the organisation is not in OMS, user can request a new organisation. - Request the PUI user access role(s) to be assigned to user’s EMA account — this guide provides information about the PUI roles available on the EMA account management platform. Once the user knows which role wishes to apply for, he/she can request roles as described in the section below.
PUI user access roles
Industry roles and Regulator roles are available for PMS PUI.
Roles are assigned to single users and are granted at organisation level – not at PMS PUI level. For instance, a user should not be referred to as a ‘Qualified User of PUI X’ and ‘User of PUI Y’. If a user holds the Qualified User role, s/he plays that role for the organisation on whose behalf s/he is acting. A user may be referred to as a ‘Qualified User of organisation X’ and ‘User of organisation Y’.
For every organisation you belong to, you can request a different role type.
Industry roles
There are 3 industry roles enabling different levels of access for management of PMS PUI.
User | Applicant role names |
Industry user(s) | PUI Industry User |
PUI Industry Qualified User |
Regulator roles
There are 2 regulator roles. Users with these roles work for a National Competent Authority (NCA) and can act behalf of their authority.
Note: the PUI NCA Qualified User role will not be available at the time of the PMS go live (31 May 2024). NCA can request the regular PUI NCA User to access the full PMS product data set available.
User | Regulator role names |
NCA user(s) | PUI NCA User |
PUI NCA Qualified User |
Admin roles
There is 1 admin role per type of user. Users with these roles are able to approve or reject roles requests from within their organisation.
User | Admin role names |
Industry user(s) | IRIS / PLM Industry Admin |
NCA user(s) | IRIS / PLM NCA Admin |
EMA user(s) | IRIS / PLM EMA Admin |
The admin roles are shared with the PLM Portal – eAF, ePI and the IRIS Portal. If your organisation has worked with eAF, ePI and/or IRIS, you probably have a user in the organisation with this role.
The above roles can approve/reject PMS PUI users and qualified users (even though PUI is not mentioned in the role names).
The role IRIS / PLM Industry Admin and IRIS / PLM NCA Admin refers to the previously named IRIS / eAF Industry Admin and IRIS / eAF Competent Authority Admin respectively. Users having this role granted prior the date of PMS go live (31 May 2024) will see their role name updated in their IAM account management platform and do not need to request it again.
Grants provided by user access roles
Industry and NCA roles
The table below summarises the operations that each industry and NCA role can perform in the PMS PUI.
Table 1: Industry User roles versus permissions in PMS PUI as stated in On-boarding of users to Substance, Product, Organisation and Referentials (SPOR) data services.
Permissions | IRIS / PLM Industry Admin | PUI Industry User | PUI Industry Qualified User |
Login to SPOR | ü | ü | ü |
View Product | û | ü | ü |
Search Product | û | ü | ü |
Edit Product | û | ü | ü |
Edit Products in Bulk | û | û | ü |
Clone Product | û | û | ü |
Compare Products | û | ü | ü |
Compare Product Versions | û | ü | ü |
Export Product | û | ü | ü |
Create Product | û | û | ü |
Delete Draft Product | û | û | ü |
Nullify Product | û | û | ü |
Transfer Product Ownership | û | û | ü |
Grant/revoke access to SPOR API in the Account Management Portal | ü | û | û |
Table 2: NCA User roles versus permissions in PMS PUI as stated in On-boarding of users to Substance, Product, Organisation and Referentials (SPOR) data services.
Description | IRIS / PLM NCA Admin | PUI NCA User | PUI NCA Qualified User |
Login to SPOR | ü | ü | ü |
View Product | û | ü | ü |
Search Product | û | ü | ü |
Edit Product | û | û | ü |
Edit Products in Bulk | û | û | ü |
Clone Product | û | û | û |
Compare Products | û | ü | ü |
Compare Product Versions | û | ü | ü |
Export Product | û | ü | ü |
Create Product | û | û | û |
Delete Draft Product | û | û | û |
Nullify Product | û | û | ü |
Transfer Product Ownership | û | û | ü |
Grant/revoke access to SPOR API in the Account Management Portal | ü | û | û |
We recommend granting the role that allows the user to access only the resources necessary for its purpose. When requesting/granting roles keep in mind:
- The PUI roles enable users to read only data in PMS PUI.
- The PLM Admin roles can approve/reject (through the EMA Account Management portal) other users' requests for access to PMS PUI on behalf of an organisation they are affiliated with. This user role also includes the revocation of these roles should the user no longer represent their organisation.
- The PUI User roles are equal to Level 2b and Level 3 for Industry and NCA respectively as stated in the EU IG Chapter 5 and relevant Annex A.
- PUI Industry User has access in PMS PUI to a limited subset of their own authorised human medicinal product to fulfil their legal responsibilities for their own products.
- The PUI NCA User has full access in PMS PUI to authorised product data elements and limited access to the functionalities as stated in the On-boarding of users to Substance, Product, Organisation and Referentials (SPOR) data services.
- The PUI Qualified User roles are equal to Level 2a and Level 3 for Industry NCA respectively as stated in the EU IG Chapter 5 and relevant Annex A.
- PUI Industry Qualified User has access in PMS PUI to both public and restricted subsets of their own authorised human medicinal product to fulfil their legal responsibilities for their own products.
- PUI NCA Qualified User has full access in PMS PUI to authorised product data elements. User with this role has full access to the functionalities as stated in the On-boarding of users to Substance, Product, Organisation and Referentials (SPOR) data services.
- PMS PUI roles are assigned to single users and are granted at organisation level – not at PMS PUI level.
- Multiple user roles can be assigned to the same user of the same organisation (e.g. a user affiliated to organisation ABC can have the role of Administrator user, as well as a 'Qualified User' or a 'User'.)
- In case the Administrator user requests the User or Qualified User role, the request will be automatically approved in its EMA account management account.
- PMS PUI Users shall not request PUI User and PUI Qualified user role for the same Organisation as this will result in the higher privileges of the qualified user role bypassing the user role ones. Users with double role for the same organisation will access commercially sensitive information. For further information on the Access levels and accessibility based on each PMS data elements please read EU IG Chapter 5 and Annex A.
- For the same organisation, PMS PUI Users shall request their role taking into consideration the following criteria based on eAF roles being granted:
- Shall the PLM user aim to request or is already granted the eAF Contributor role, only the PUI User role (with lower privileges) shall be requested as these roles result in lower privileges.
- Shall the PLM user aim to request or is already granted either the eAF Coordinator or Manager roles, only the PUI qualified user role shall be requested as these roles result in higher privileges.
- PLM Users shall not request mixed eAF/PMS PUI roles for the same organisation as this will result in the higher privileges bypassing the lower ones. However PLM User can have different roles across different organisations.
Admin roles
The table below summarises the PMS PUI roles that each admin role can approve or reject for their organisation.
Grant | IRIS / PLM Industry Admin | IRIS / PLM NCA Admin | IRIS / PLM EMA Admin |
Can approve/reject role requests and remove roles for:
| ü | û | û |
Can approve/reject role requests and remove roles for:
| û | ü | û |
Can approve/reject role requests and remove roles for:
| û | û | ü |
If organisations intend to have more than a user accessing the PMS PUI, then it is required that some user performs the access management for that organisation. In that case:
- Each industry organisation should have at least one user with the IRIS / PLM Industry Admin role;
- Each NCA should have at least one user with the IRIS / PLM NCA Admin role.
- Industry and NCA can request multiple roles.
To request the Admin role the user shall complete the Letter of affiliation. The letter of affiliation is a proof of authority that a ‘User Administrator’ of an organisation must submit to approve and revoke access for users of the same organisation.
The first request for a ‘User Administrator’ for each organisation is always evaluated and granted by EMA. For the role request to be approved, the letter of affiliation must be attached, duly filled in and signed.
How to request roles
Prior to the submission of role requests, you must ensure that you have an active EMA account and that the organisation on whose behalf you will be acting is listed in the EMA’s Organisation Management Service (OMS).
- To request PMS PUI roles, first sign in to EMA account management
- Next click on 'Request Access for Organisations'. This will enable you to find and select your organisation.
- Once you have selected your organisation, click 'Next'. The roles you can apply for will be displayed. Select the role and click 'Next'.
- The first IRIS / PLM Industry/NCA Admin user request of your organisation will be submitted for approval of the IRIS / PLM EMA Admin.
- Any subsequent IRIS / PLM Industry/NCA Admin request of your organisation will be submitted for approval of the first approved IRIS / PLM Industry/NCA Admin user of your organisation.
- To follow the status of your request, from the EMA account management homepage, go to 'Track My Requests'.
To learn more about PMS roles and which roles to request, see the above sections PUI user access roles and Grants provided by user access roles.
Multifactor authentication when logging in to PLM portal
Logging into the PLM Portal requires multi-factor authentication (MFA).
This means that, in addition to the standard username and password, you are required to verify your identity with an additional authentication method. MFA adds a layer of security to access your account and it protects your data from being accessed by an unauthorised third party.
The additional authentication step can be using an app – the Microsoft Authenticator app – considered the most secure method. A SMS sent to a mobile phone number or calls to an office or a mobile phone number are other possible authentication methods. Please access My Account to manage/setup your MFA authentication methods.
Authentication steps when signing in to the PLM portal
1. On clicking Sign in at the PLM portal, pick an account.
Important note: You must sign in with your username followed by @id.ema.europa.eu: for example, surname_n@id.ema.europa.eu
2. Enter password
Use the same EMA account password you use at EMA account management.
3. Verify your identity
Select one of the following authentication methods to verify your identity:
- Microsoft Authenticator app
The authenticator app is considered the most secure and convenient authentication method. Use the Microsoft Authenticator app in your registered mobile device to prove who you are either by:
Approve a request on your Microsoft Authenticator app
You receive a notification in your registered mobile device, which will direct you to the Microsoft Authenticator app. There, a pop-up will be displayed which you must Approve/Deny the sign in attempt.
Use a verification code
In the Microsoft Authenticator app, every 30 seconds a verification code is generated. Enter the code generated in the Microsoft Authenticator app. - SMS
You receive a verification SMS code in your registered mobile phone. Add that code to sign in. - Call
You receive a phone call in your registered mobile phone. In the call, approve/deny the sign in attempt.
4. Set up of multifactor authentication.
Access My Account to manage/setup your MFA authentication methods. In this link, you can find guidance on how to setup the above-mentioned authentication methods.
Support
PMS PUI users experiencing any issue with user registration should contact the EMA Service Desk.