| title | Database Object Security (Master Data Services) | Microsoft Docs | ||
|---|---|---|---|
| ms.custom | |||
| ms.date | 03/04/2017 | ||
| ms.prod | sql-server-2016 | ||
| ms.reviewer | |||
| ms.suite | |||
| ms.technology |
|
||
| ms.tgt_pltfrm | |||
| ms.topic | article | ||
| helpviewer_keywords |
|
||
| ms.assetid | dd5ba503-7607-45d9-ad0d-909faaade179 | ||
| caps.latest.revision | 10 | ||
| author | sabotta | ||
| ms.author | carlasab | ||
| manager | jhubbard |
In the [!INCLUDEssMDSshort] database, data is stored in multiple database tables and is visible in views. Information that you might have secured in the [!INCLUDEssMDSmdm] Web application is visible to users with access to the [!INCLUDEssMDSshort] database.
Specifically, employee salary information might be contained in an Employee model, or company financial information might be in an Account model. You can deny a user access to these models in the [!INCLUDEssMDSmdm] user interface, but users with access to the database can view this data.
You can grant permissions to database objects to make specific data available to users. For more information on granting permissions, see GRANT Object Permissions (Transact-SQL). For more information about securing SQL server, see Securing SQL Server.
The following tasks require access to the [!INCLUDEssMDSshort] database:
In the following table, each securable has “name” as part of the name. This indicates the name of the staging table that is specified when an entity is created. For more information, see Overview: Importing Data from Tables (Master Data Services)
| Action | Securables | Permissions |
|---|---|---|
| Create, update, and delete leaf members and their attributes. | stg.name_Leaf | Required: INSERT Optional: SELECT and UPDATE |
| Load the data from the Leaf staging table into the appropriate MDS database tables. | stg.udp_name_Leaf | EXECUTE |
| Create, update, and delete consolidated members and their attributes. | stg.name_Consolidated | Required: INSERT Optional: SELECT and UPDATE |
| Load the data from the Consolidated staging table into the appropriate MDS database tables. | stg.udp_name_Consolidated | EXECUTE |
| Move members in an explicit hierarchy. | stg.name_Relationship | Required: INSERT Optional: SELECT and UPDATE |
| Load the data from the Relationship staging table into the appropriate MDS tables. | stg.udp_name_Relationship | EXECUTE |
| View errors that occurred when data from the staging tables was being inserted into the MDS database tables. | stg.udp_name_Relationship | SELECT |
For more information, see Overview: Importing Data from Tables (Master Data Services).
| Action | Securable | Permissions |
|---|---|---|
| Validate a version of data against business rules | mdm.udpValidateModel | EXECUTE |
For more information, see Validation Stored Procedure (Master Data Services).
| Action | Securables | Permissions |
|---|---|---|
| Determine the ID of the version you want to delete | mdm.viw_SYSTEM_SCHEMA_VERSION | SELECT |
| Delete a version of a model | mdm.udpVersionDelete | EXECUTE |
For more information, see Delete a Version (Master Data Services).
| Action | Securables | Permissions |
|---|---|---|
| Immediately apply member permissions | mdm.udpSecurityMemberProcessRebuildModel | EXECUTE |
For more information, see Immediately Apply Member Permissions (Master Data Services).
There are system settings that you can configure to control behavior in [!INCLUDEssMDSshort]. You can adjust these settings in [!INCLUDEssMDScfgmgr] or if you have UPDATE access, you can adjust these settings directly in the mdm.tblSystemSetting database table. For more information, see System Settings (Master Data Services).