Database Object Security (Master Data Services)
In the Master Data Services database, data is stored in multiple database tables and is visible in views. Information that you might have secured in the Master Data Manager Web application is visible to users with access to the Master Data Services database.
Specifically, employee salary information might be contained in an Employee model, or company financial information might be in an Account model. You can deny a user access to these models in the Master Data Manager user interface, but users with access to the database can view this data.
You can grant permissions to database objects to make specific data available to users. For more information on granting permissions, see GRANT Object Permissions (Transact-SQL). For more information about securing SQL server, see Securing SQL Server.
The following tasks require access to the Master Data Services database:
Staging Data
Deleting Versions
Immediately Applying Hierarchy Member Permissions
Changing the System Administrator Account
Configuring System Settings
Staging Data
Action |
Securables |
Permissions |
|---|---|---|
Import data into staging tables |
mdm.tblStgMembers mdm.tblStgMemberAttribute mdm.tblStgRelationship |
Required: INSERT Optional: SELECT and UPDATE |
View status of staged batches |
mdm.tblStgBatch |
SELECT |
Reactivate a member or collection by using staging |
mdm.viw_SYSTEM_SCHEMA_ENTITY The table that contains the deactivated member. |
SELECT |
For more information, see Importing Data (Master Data Services).
Deleting Versions
Action |
Securables |
Permissions |
|---|---|---|
Determine the ID of the version you want to delete |
mdm.viw_SYSTEM_SCHEMA_VERSION |
SELECT |
Delete a version of a model |
mdm.udpVersionDelete |
EXECUTE |
For more information, see How to: Delete a Version (Master Data Services).
Immediately Applying Hierarchy Member Permissions
Action |
Securables |
Permissions |
|---|---|---|
Immediately apply member permissions |
mdm.udpSecurityMemberProcessRebuildModel |
EXECUTE |
For more information, see How To: Immediately Apply Member Permissions (Master Data Services).
Changing the System Administrator Account
Action |
Securables |
Permissions |
|---|---|---|
Determine the SID of the new administrator |
mdm.tblUser |
SELECT |
Change the system administrator account |
mdm.udpSecuritySetAdministrator |
EXECUTE |
For more information, see How to: Change the Master Data Services System Administrator Account (Master Data Services).
Configuring System Settings
There are system settings that you can configure to control behavior in Master Data Services. You can adjust these settings in Master Data Services Configuration Manager or if you have UPDATE access, you can adjust these settings directly in the mdm.tblSystemSetting database table. For more information, see System Settings (Master Data Services).