Skip to content

Latest commit

 

History

History
42 lines (31 loc) · 3.05 KB

model-object-permissions-master-data-services.md

File metadata and controls

42 lines (31 loc) · 3.05 KB
Raw
title description author ms.author ms.date ms.service ms.subservice ms.topic helpviewer_keywords
Model Object Permissions
Model Object Permissions (Master Data Services)
CordeliaGrey
jiwang6
03/01/2017
sql
master-data-services
conceptual
permissions [Master Data Services], model objects
models [Master Data Services], object permissions

Model Object Permissions (Master Data Services)

[!INCLUDE SQL Server - Windows only ASDBMI]

Model object permissions are mandatory. They determine the attributes a user can access in the Explorer functional area of the UI.

For example, if you assign a user Update permission to the Product entity, the user can update all of the attributes of the Product entity. If you assign Update permission to a single attribute, the user can update that attribute only.

To determine security assigned on each individual attribute value, model object permissions are combined with hierarchy member permissions, which determine the members a user can access.

To give a user access to a functional area other than Explorer, the user must be a model administrator, which also involves assigning Admin permissions on object model. For more information, see Administrators (Master Data Services).

Model object permissions are assigned in the [!INCLUDEssMDSmdm] user interface (UI), in the User and Group Permissions functional area on the Models tab. On this tab, the model is represented as a tree structure. When you assign permission to an object in the tree, all objects below inherit that permission. You can override that inheritance by assigning permission to individual objects.

You can assign a combination of Read, Create, Update and Delete or Deny permissions to model objects. If you do not assign any permissions on the Models tab, the user cannot view any models or data in [!INCLUDEssMDSmdm].

Best Practice

In general, you should assign ALL permission to the model object, and then explicitly assign permission to objects underneath.

External Resources

Blog post, Security Improvements, on msdn.com.

See Also

Assign Model Object Permissions (Master Data Services)
Model Permissions (Master Data Services)
Functional Area Permissions (Master Data Services)
Hierarchy Member Permissions (Master Data Services)
How Permissions Are Determined (Master Data Services)