| title | Database Logins, Users, and Roles (Master Data Services) | Microsoft Docs | ||||||
|---|---|---|---|---|---|---|---|
| ms.custom | |||||||
| ms.date | 03/06/2017 | ||||||
| ms.prod | sql-server-2014 | ||||||
| ms.reviewer | |||||||
| ms.technology | master-data-services | ||||||
| ms.topic | conceptual | ||||||
| helpviewer_keywords |
|
||||||
| ms.assetid | 72ee383e-a619-461b-9f9d-1cac162ab0c5 | ||||||
| author | lrtoyou1223 | ||||||
| ms.author | lle | ||||||
| manager | craigg |
[!INCLUDEssMDSshort] includes logins, users, and roles that are automatically installed on the [!INCLUDEssDEnoversion] instance that hosts the [!INCLUDEssMDSshort] database. These logins, users, and roles should not be modified.
| Login | Description |
|---|---|
mds_dlp_login |
Allows creation of UNSAFE assemblies. -Disabled login with randomly-generated password. -Maps to dbo for the [!INCLUDEssMDSshort] database. -For msdb, mds_clr_user maps to this login. For more information, see Creating an Assembly. |
mds_email_login |
Enabled login used for notifications. For msdb and the [!INCLUDEssMDSshort] database, mds_email_user maps to this login. |
| User | Description |
|---|---|
mds_clr_user |
Not used. Maps to mds_dlp_login. |
mds_email_user |
Used for notifications. Maps to mds_email_login. Is a member of the role: DatabaseMailUserRole. |
| User | Description |
|---|---|
mds_email_user |
Used for notifications. Has SELECT permission for the mdm schema. Has EXECUTE permission for the mdm.MemberGetCriteria user defined table type. Has EXECUTE permission for the mdm.udpNotificationQueueActivate stored procedure. |
| mds_schema_user | Owns the mdm and mdq schemas. The default schema is mdm. Does not have a login mapped to it. |
| mds_ssb_user | Used to execute Service Broker tasks. Has DELETE, INSERT, REFERENCES, SELECT, and UPDATE permission all schemas. Does not have a login mapped to it. |
| Role | Description |
|---|---|
mds_exec |
This role contains the account you designate in [!INCLUDEssMDScfgmgr] when you create a [!INCLUDEssMDSmdm] web application and designate an account for the application pool. The mds_exec role has: EXECUTE permission on all schemas. ALTER, INSERT, and SELECT permission on these tables: mdm.tblStgMember mdm.tblStgMemberAttribute mdm.tbleStgRelationship SELECT permission on these tables: mdm.tblUser mdm.tblUserGroup mdm.tblUserPreference SELECT permission on these views: mdm.viw_SYSTEM_SECURITY_NAVIGATION mdm.viw_SYSTEM_SECURITY_ROLE_ACCCESSCONTROL mdm.viw_SYSTEM_SECURITY_ROLE_ACCCESSCONTROL_MEMBER mdm.viw_SYSTEM_SECURITY_USER_MODEL |
| Role | Description |
|---|---|
mdm |
Contains all [!INCLUDEssMDSshort] database and Service Broker objects other than the functions contained in the mdq schema. |
mdq |
Contains [!INCLUDEssMDSshort] database functions related to filtering member results based on regular expressions or similarity, and for formatting notification emails. |
| stg | Contains [!INCLUDEssMDSshort] database tables, stored procedures, and views related to the staging process. Do not delete any of these objects. For more information about the staging process, see Data Import (Master Data Services). |