http://www.databasejournal.com/features/mssql/article.php/10894_3908611_2/MDS-Versioning-Permission-and-Security.htm

Back to article

MDS Versioning, Permission and Security - Page 2

October 20, 2010

Permission and Security in MDS...

Master Data Services has two different types of administrators, Master Data Services' system administrator and model administrator. System administrator can be only one and is specified when creating MDS database (though it can be changed later on if required). This account has access (Update permission) to all the models (including metadata model) irrespective of who created them. The system administrator can also perform all of the administrative tasks in all the functional areas. On the other hand, model administrator has access (Update permission) on the model and no other permissions assigned. If the model administrator has access to Explorer functional area he/she can access all master data of the model or if he/she has access to other functional areas (Version Management, Integration Management, System Administration, User and Group Permissions) the user can perform other administrative tasks accordingly.

There are five different functional areas in MDS and depending on the access on these functional areas, the user will be able to see it in Master Data Manager UI. You also need to have access on one or more models:

  • Explorer – This functional area allows users to add/remove/modify members, attributes, hierarchies. etc. You need additional permissions on model or its objects to browse/manage it.
  • Version Management – This functional area allows users to manage versions of the model on which the user has access. You can also review the transaction log and rollback to previous state/values if required.
  • Integration Management – This functional area allows users to batch process the staged data from the MDS staging area and create subscription views for downstream applications for consumption.
  • System Administration – This functional area allows users to create and manage model and its different objects.
  • User and Group Permissions – This functional area allows users to assign/revoke permissions on functional areas, model and hierarchies.

There are basically three types of permissions in MDS i.e. Read-only, Update and Deny. A user with Read-only permission on the model will be able to see the model but will not be able to make any changes to it and its objects whereas a user with Update permission on model will be able to see the model as well as make changes to it. If a user is denied permission, the user will not be able to see the model. The permission on the model applies to all versions of the model; there is no way to assign permission on a specific version. A user inherits the permission on an object from its parent in the tree structure unless you specifically change it at child level.

Go to Master Data Manager UI, click on the User and Group Permissions option as shown below:

Users and Group Permissions
Figure 7 - Users and Group Permissions

Here you can manage the permissions of user and group which could belong to either the local system or an active directory of the domain. It’s recommended you make a group of users and give permissions to the group instead of giving permissions to each individual. Click on Manage Group menu and the click on the “+” sign (Add groups) as shown below:

Manage Groups
Figure 8 - Manage Groups

Enter the name of the group and click on “Check names” to validate the existence of the group, click on OK to save and return to the previous menu.

Add Groups
Figure 9 - Add Groups

Click on the icon in the first column of the grid and select Edit -> Functions to give access to the functional areas to the group.

Assigning permissions
Figure 10 - Assigning permissions

You can select the functional areas from the left side list box and assign to the group as shown below:

Functional Area Access
Figure 11 - Functional Area Access

On the next screen you will be selecting the models on which this group will have access. You can see here, I have denied access on ChartOfAccounts model, Read-only access on Metadata and Update permission on Product model. Please note, you need to select at least one model to make functional areas visible to the users of the group.

Assigning permission on models
Figure 12 - Assigning permission on models

Conclusion

Master Data Services (MDS) is a master data management platform that allows you to create a centralized hub (model) for your master data that behaves like a single authoritative source for your master data. In this article, I discussed how versioning works for model data, and what permissions and security considerations are required while working with MDS.

References

MSDN: Versions (Master Data Services)

MSDN: Users and Groups (Master Data Services)

MSDN: Master Data Manager Security (Master Data Services)

» See All Articles by Columnist Arshad Ali








The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Microsoft Whitepaper: Top 10 Reasons to Upgrade to Windows Server 2008 R2
Articles: Build a More Agile Business with IBM
IBM Articles: Virtualization Delivers a Dynamic Infrastructure
Articles: IBM Offers Enhanced Measurement and Management for Energy Usage
Articles: IBM Helps Transformation to an Information-Based Enterprise
Microsoft Articles: Visual Studio 2010
Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications
Adobe Article: Java Developers Finding a Home at Adobe Flex
IBM Articles: A Smarter Business Needs Smarter Technology
Intel Xeon Processor Increases Server Efficiency and Capabilities
Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise
Oracle Whitepapers - Innovation for IT Leaders
Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT
Internet.com eBook: IT Manager's Guide to Social Networking
Internet.com eBook: Get Ready for Windows 7
Microsoft Article: Expression Web 3--New Features for PHP Developers
Whitepapers: Manage Your Business Infrastracture with IBM
Whitepaper: Maximize Your Storage Investment with HP
Internet.com eBook: Becoming a Better Project Manager
Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

SAP Webcast: Crystal Reports Server--Do More. Spend Less.
Webcast: Connecting PHP to Microsoft Technologies
Video: Microsoft Partner Program Benefits
Video: Windows Azure Debugging Tips
 SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports
IBM Webcast: Speed Business Innovation with Reduced Cost and Risk
Video: Deploy Applications on Windows Azure
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Download: Microsoft Visual Studio 2010 Beta 2
Downloads & Free Trials: Microsoft's New Efficiency Resource Center
Get the Windows 7 SDK
 Free Trial: Red Gate SQL Backup Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Microsoft Demo: Lower Costs with the SQL Server 2008 Value Calculator
Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products
 All About Botnets
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES