Database Object Security
Collapse the table of content
Expand the table of content

Database Object Security (Master Data Services)

 

Applies To: SQL Server 2016

In the Master Data Services database, data is stored in multiple database tables and is visible in views. Information that you might have secured in the Master Data Manager Web application is visible to users with access to the Master Data Services database.

Specifically, employee salary information might be contained in an Employee model, or company financial information might be in an Account model. You can deny a user access to these models in the Master Data Manager user interface, but users with access to the database can view this data.

You can grant permissions to database objects to make specific data available to users. For more information on granting permissions, see GRANT Object Permissions (Transact-SQL). For more information about securing SQL server, see Securing SQL Server.

The following tasks require access to the Master Data Services database:

In the following table, each securable has “name” as part of the name. This indicates the name of the staging table that is specified when an entity is created. For more information, see Overview: Importing Data from Tables (Master Data Services)

ActionSecurablesPermissions
Create, update, and delete leaf members and their attributes.stg.name_LeafRequired: INSERT

Optional: SELECT and UPDATE
Load the data from the Leaf staging table into the appropriate MDS database tables.stg.udp_name_LeafEXECUTE
Create, update, and delete consolidated members and their attributes.stg.name_ConsolidatedRequired: INSERT

Optional: SELECT and UPDATE
Load the data from the Consolidated staging table into the appropriate MDS database tables.stg.udp_name_ConsolidatedEXECUTE
Move members in an explicit hierarchy.stg.name_RelationshipRequired: INSERT

Optional: SELECT and UPDATE
Load the data from the Relationship staging table into the appropriate MDS tables.stg.udp_name_RelationshipEXECUTE
View errors that occurred when data from the staging tables was being inserted into the MDS database tables.stg.udp_name_RelationshipSELECT

For more information, see Overview: Importing Data from Tables (Master Data Services).

ActionSecurablePermissions
Validate a version of data against business rulesmdm.udpValidateModelEXECUTE

For more information, see Validation Stored Procedure (Master Data Services).

ActionSecurablesPermissions
Determine the ID of the version you want to deletemdm.viw_SYSTEM_SCHEMA_VERSIONSELECT
Delete a version of a modelmdm.udpVersionDeleteEXECUTE

For more information, see Delete a Version (Master Data Services).

ActionSecurablesPermissions
Immediately apply member permissionsmdm.udpSecurityMemberProcessRebuildModelEXECUTE

For more information, see Immediately Apply Member Permissions (Master Data Services).

There are system settings that you can configure to control behavior in Master Data Services. You can adjust these settings in Master Data Services Configuration Manager or if you have UPDATE access, you can adjust these settings directly in the mdm.tblSystemSetting database table. For more information, see System Settings (Master Data Services).

Security (Master Data Services)

Community Additions

ADD
Show:
© 2016 Microsoft