Database Object Security (Master Data Services)
In the Master Data Services database, data is stored in multiple database tables and is visible in views. Information that you might have secured in the Master Data Manager Web application is visible to users with access to the Master Data Services database.
Specifically, employee salary information might be contained in an Employee model, or company financial information might be in an Account model. You can deny a user access to these models in the Master Data Manager user interface, but users with access to the database can view this data.
You can grant permissions to database objects to make specific data available to users. For more information on granting permissions, see GRANT Object Permissions (Transact-SQL). For more information about securing SQL server, see Securing SQL Server.
The following tasks require access to the Master Data Services database:
Import data into staging tables
Optional: SELECT and UPDATE
View status of staged batches
Reactivate a member or collection by using staging
The table that contains the deactivated member.
For more information, see Importing Data (Master Data Services).
Determine the ID of the version you want to delete
Delete a version of a model
For more information, see How to: Delete a Version (Master Data Services).
Immediately apply member permissions
For more information, see How To: Immediately Apply Member Permissions (Master Data Services).
Determine the SID of the new administrator
Change the system administrator account
For more information, see How to: Change the Master Data Services System Administrator Account (Master Data Services).
There are system settings that you can configure to control behavior in Master Data Services. You can adjust these settings in Master Data Services Configuration Manager or if you have UPDATE access, you can adjust these settings directly in the mdm.tblSystemSetting database table. For more information, see System Settings (Master Data Services).