Purpose and context
This guide aims to support the users of the PLM portal - PMS PUI in completing the steps needed to gain access to the platform to manage authorised product data in PUI.
Checklist to access the Product UI
Ensure to have an active EMA user account — the user can log in to the relevant EMA account or create an account at EMA account management
Ensure the organisation the user is working for is listed in EMA’s Organisation Management Service (OMS) — if the user has previously submitted applications, the relevant organisation is probably listed in OMS.
The user can check whether the organisation is in OMS by searching using 'Request Access for Organisations' at the EMA account management.
In case the organisation is not in OMS, the user can request a new organisation.Request the PUI user access role(s) to be assigned to the user’s EMA account — this guide provides information about the PUI roles available on the EMA account management platform. Once the user knows which role they wish to apply for, he/she can request roles as described in the section below.
PLM portal – PMS PUI user access roles
Industry roles and Regulator roles are available for PMS PUI.
Roles are assigned to single users and are granted at the organisation level – not at the PMS PUI level. For instance, a user should not be referred to as a ‘Qualified User of PUI X’ and ‘User of PUI Y’. If a user holds the Qualified User role, s/he plays that role for the organisation on whose behalf s/he is acting. A user may be referred to as a ‘Qualified User of organisation X’ and ‘User of organisation Y’.
For every organisation you belong to, you can request a different role type.
Industry roles
There are 3 industry roles enabling different levels of access for management of the PMS PUI.
| User | Applicant role names |
|---|---|
| Industry user(s) | PUI Industry User |
| PUI Industry Read User | |
| PUI Industry Qualified User | |
| PUI Industry Qualified Read User |
Regulator roles
There are 2 regulator roles. Users with these roles work for a National Competent Authority (NCA) and can act on behalf of their authority.
Note: the PUI NCA Qualified User role will not be available at the time of the PMS go-live (31 May 2024). NCA can request the regular PUI NCA User to access the full PMS product data set available.
| User | Regulator role names |
|---|---|
| NCA user(s) | PUI NCA User |
| PUI NCA Qualified User |
Admin roles
There is 1 admin role per type of user. Users with these roles are able to approve or reject role requests from within their organisation.
| User | Admin role names |
|---|---|
| Industry user(s) | IRIS / PLM Industry Admin |
| NCA user(s) | IRIS / PLM NCA Admin |
| EMA user(s) | IRIS / PLM EMA Admin |
The admin roles are shared with the PLM Portal – eAF, ePI and the IRIS Portal. If your organisation has worked with eAF, ePI and/or IRIS, you probably have a user in the organisation with this role.
The above roles can approve/reject PMS PUI users and qualified users (even though PUI is not mentioned in the role names).
The role IRIS / PLM Industry Admin and IRIS / PLM NCA Admin refers to the previously named IRIS / eAF Industry Admin and IRIS / eAF Competent Authority Admin, respectively. Users having this role granted before the date of PMS go live (31 May 2024) will see their role name updated in their IAM account management platform and do not need to request it again.
Grants provided by user access roles
Industry and NCA roles
The table below summarises the operations that each industry and NCA role can perform in the PMS PUI.
Table 1: Industry User Roles versus permissions in PMS PUI as stated in On-boarding of users to Substance, Product, Organisation and Referentials (SPOR) data services.
| Permissions | IRIS / PLM Industry Admin | PUI Industry User | PUI Industry Read User | PUI Industry Qualified User | PUI Industry Qualified Read User |
|---|---|---|---|---|---|
| Login to SPOR | ü | ü | ü | ü | ü |
| View Product | û | ü | ü | ü | ü |
| Search Product | û | ü | ü | ü | ü |
| Edit Product | û | ü | û | ü | û |
| Edit Products in Bulk | û | û | û | ü | û |
| Clone Product | û | û | û | ü | û |
| Compare Products | û | ü | ü | ü | ü |
| Compare Product Versions | û | ü | ü | ü | ü |
| Export Product | û | ü | û | ü | ü |
| Create Product | û | û | û | ü | û |
| Delete Draft Product | û | û | û | ü | û |
| Nullify Product | û | û | û | ü | û |
| Transfer Product Ownership | û | û | û | ü | û |
| Grant/revoke access to SPOR API in the Account Management Portal | ü | û | û | û | û |
Table 2: NCA User roles versus permissions in PMS PUI as stated in On-boarding of users to Substance, Product, Organisation and Referentials (SPOR) data services.
We recommend granting the role that allows the user to access only the resources necessary for their purpose. When requesting/granting roles, keep in mind:
The PUI roles enable users to read only data in the PMS PUI.
The PLM Admin roles can approve/reject (through the EMA Account Management portal) other users' requests for access to the PMS PUI on behalf of an organisation they are affiliated with. This user role also includes the revocation of these roles should the user no longer represent their organisation.
The PUI User roles are equal to Level 2b and Level 3 for Industry and NCA, respectively, as stated in the EU IG Chapter 5 and relevant Annex A.
PUI Industry User has access in PMS PUI to a limited subset of their own authorised human medicinal product to fulfil their legal responsibilities for their own products.
The PUI NCA User has full access to the PMS PUI to authorised product data elements and limited access to the functionalities as stated in the On-boarding of users to Substance, Product, Organisation and Referentials (SPOR) data services.
The PUI Qualified User roles are equal to Level 2a and Level 3 for Industry NCA, respectively, as stated in the EU IG Chapter 5 and relevant Annex A.
PUI Industry Qualified User has access in PMS PUI to both public and restricted subsets of their own authorised human medicinal product to fulfil their legal responsibilities for their own products.
PUI NCA Qualified User has full access in PMS PUI to authorised product data elements. User with this role has full access to the functionalities as stated in the On-boarding of users to Substance, Product, Organisation and Referentials (SPOR) data services.
PMS PUI roles are assigned to single users and are granted at the organisation level – not at the PMS PUI level.
Multiple user roles can be assigned to the same user of the same organisation (e.g. a user affiliated to organisation ABC can have the role of Administrator user, as well as a 'Qualified User' or a 'User'.)
In case the Administrator user requests the User or Qualified User role, the request will be automatically approved in the EMA account management account.
PMS PUI Users shall not request a PUI User and a PUI Qualified user role for the same Organisation, as this will result in the higher privileges of the qualified user role bypassing the user role ones. Users with a double role for the same organisation will access commercially sensitive information. For further information on the Access levels and accessibility based on each PMS data element, please read EU IG Chapter 5 and Annex A.
For the same organisation, PMS PUI Users shall request their role taking into consideration the following criteria based on eAF roles being granted:
Shall the PLM user aim to request or is already granted the eAF Contributor role, only the PUI User role (with lower privileges) shall be requested, as these roles result in lower privileges.
Shall the PLM user aim to request or is already granted either the eAF Coordinator or Manager roles, only the PUI qualified user role shall be requested, as these roles result in higher privileges.
PLM Users shall not request mixed eAF/PMS PUI roles for the same organisation, as this will result in the higher privileges bypassing the lower ones. However, PLM users can have different roles across different organisations.
Admin roles
The table below summarises the PMS PUI roles that each admin role can approve or reject for their organisation.
Grant | IRIS / PLM Industry Admin | IRIS / PLM NCA Admin | IRIS / PLM EMA Admin |
Can approve/reject role requests and remove roles for:
| ü | û | û |
Can approve/reject role requests and remove roles for:
| û | ü | û |
Can approve/reject role requests and remove roles for:
| û | û | ü |
If organisations intend to have more than one user accessing the PMS PUI, then it is required that someone performs the access management for that organisation. In that case:
Each industry organisation should have at least one user with the IRIS / PLM Industry Admin role.
Each NCA should have at least one user with the IRIS / PLM NCA Admin role.
Industry and NCA can request multiple roles.
To request the Admin role, the user shall complete the Letter of Affiliation. The letter of affiliation is proof of authority that a ‘User Administrator’ of an organisation must submit to approve and revoke access for users of the same organisation.
The first request for a ‘User Administrator’ for each organisation is always evaluated and granted by EMA. For the role request to be approved, the letter of affiliation must be attached, duly filled in and signed.
How to request roles
Before the submission of role requests, you must ensure that you have an active EMA account and that the organisation on whose behalf you will be acting is listed in the EMA’s Organisation Management Service (OMS).
To request PMS PUI roles, first sign in to the EMA account management
Next, click on 'Request Access for Organisations'. This will enable you to find and select your organisation.
Once you have selected your organisation, click 'Next'. The roles you can apply for will be displayed. Select the role and click 'Next'.
The first IRIS / PLM Industry/NCA Admin user request of your organisation will be submitted for approval of the IRIS / PLM EMA Admin.
Any subsequent IRIS / PLM Industry/NCA Admin request of your organisation will be submitted for approval of the first approved IRIS / PLM Industry/NCA Admin user of your organisation.
To follow the status of your request, from the EMA account management homepage, go to 'Track My Requests'.
To learn more about PMS roles and which roles to request, see the above sections PUI user access roles and Grants provided by user access roles.
Multifactor authentication when logging in to the PLM portal
Logging into the PLM Portal requires multi-factor authentication (MFA).
This means that, in addition to the standard username and password, you are required to verify your identity with an additional authentication method. MFA adds a layer of security to access your account, and it protects your data from being accessed by an unauthorised third party.
The additional authentication step can be using an app – the Microsoft Authenticator app – considered the most secure method. A SMS sent to a mobile phone number or calls to an office or a mobile phone number are other possible authentication methods. Please access My Account to manage/set up your MFA authentication methods.
Authentication steps when signing in to the PLM portal
1. On clicking Sign in at the PLM portal, pick an account.
Important note: You must sign in with your username followed by @id.ema.europa.eu: for example, surname_n@id.ema.europa.eu
2. Enter password
Use the same EMA account password you use at EMA account management.
3. Verify your identity
Select one of the following authentication methods to verify your identity:
Microsoft Authenticator app
The authenticator app is considered the most secure and convenient authentication method. Use the Microsoft Authenticator app in your registered mobile device to prove who you are, either by:
Approve a request on your Microsoft Authenticator app
You receive a notification in your registered mobile device, which will direct you to the Microsoft Authenticator app. There, a pop-up will be displayed which you must Approve/Deny the sign-in attempt.
Use a verification code
In the Microsoft Authenticator app, every 30 seconds a verification code is generated. Enter the code generated in the Microsoft Authenticator app.SMS
You receive a verification SMS code in your registered mobile phone. Add that code to sign in.Call
You receive a phone call in your registered mobile phone. In the call, approve/deny the sign-in attempt.
4. Set up of multifactor authentication.
Access My Account to manage/setup your MFA authentication methods. In this link, you can find guidance on how to set up the above-mentioned authentication methods.
Support
For any support with the PLM portal - PMS PUI, please reach out directly to the PLM Portal section of the EMA Service Desk portal (Service Now). This includes issues related to accessing the PLM portal, accessing/managing PMS data or the system performance.
If you have a user account for a system hosted by EMA, you should use the same username and password for this service. Otherwise, please sign up for a new account or reset your login credentials.
The EMA Service Desk portal is optimised for use with Chrome, Edge, Firefox or Safari web browsers. If you encounter problems, please use one of these browsers instead.
Report an issue with the PLM Portal - PMS PUI, to create a ticket for the issue you are experiencing, or
Request information about the PLM Portal - PMS PUI, to create a ticket for the question you have.
Depending on the issue or question, you can select from different problem areas:
PLM portal – PMS PUI General (topics covering multiple aspects and/or general nature)
PLM portal – PMS Product Data (issues and questions with the product data as exposed/published in PUI)
PLM portal – PMS PUI access (issues and questions on the access to PUI)
PLM portal – PMS PUI functionalities (issues/discrepancies/errors with capabilities, i.e. filtering, exporting, sorting, searching, etc.)
Please provide a clear description of the issue and provide screenshots or any supporting documents as attachments, as these can help to solve the query a lot faster.
Figure 1 - Form to report an issue with PLM Portal - PMS PUI
Figure 2 - Form to request Information about PLM Portal – PMS PUI