| title | Database Logins, Users, and Roles | ||||||
|---|---|---|---|---|---|---|---|
| ms.custom | |||||||
| ms.date | 03/04/2017 | ||||||
| ms.prod | sql | ||||||
| ms.prod_service | mds | ||||||
| ms.reviewer | |||||||
| ms.technology | master-data-services | ||||||
| ms.topic | conceptual | ||||||
| helpviewer_keywords |
|
||||||
| ms.assetid | 72ee383e-a619-461b-9f9d-1cac162ab0c5 | ||||||
| author | lrtoyou1223 | ||||||
| ms.author | lle |
[!INCLUDEappliesto-ss-xxxx-xxxx-xxx-md-winonly]
[!INCLUDEssMDSshort] includes logins, users, and roles that are automatically installed on the [!INCLUDEssDEnoversion] instance that hosts the [!INCLUDEssMDSshort] database. These logins, users, and roles should not be modified.
| Login | Description |
|---|---|
| mds_dlp_login | Allows creation of UNSAFE assemblies. For more information, see Creating an Assembly. -Disabled login with randomly-generated password. -Maps to dbo for the [!INCLUDEssMDSshort] database. -For msdb, mds_clr_user maps to this login. |
| mds_email_login | Enabled login used for notifications. For msdb and the [!INCLUDEssMDSshort] database, mds_email_user maps to this login. |
| User | Description |
|---|---|
| mds_clr_user | Not used. Maps to mds_dlp_login. |
| mds_email_user | Used for notifications. -Maps to mds_email_login. -Is a member of the role: DatabaseMailUserRole. |
| User | Description |
|---|---|
| mds_email_user | Used for notifications. -Has SELECT permission for the mdm schema. -Has EXECUTE permission for the mdm.MemberGetCriteria user defined table type. -Has EXECUTE permission for the mdm.udpNotificationQueueActivate stored procedure. |
| mds_schema_user | Owns the mdm and mdq schemas. The default schema is mdm. Does not have a login mapped to it. |
| mds_ssb_user | Used to execute Service Broker tasks. -Has DELETE, INSERT, REFERENCES, SELECT, and UPDATE permission all schemas. -Does not have a login mapped to it. |
| Role | Description | Permissions |
|---|---|---|
| mds_exec | This role contains the account you designate in [!INCLUDEssMDScfgmgr] when you create a [!INCLUDEssMDSmdm] web application and designate an account for the application pool. | EXECUTE permission on all schemas. ALTER, INSERT, and SELECT permission on these tables: mdm.tblStgMember mdm.tblStgMemberAttribute mdm.tbleStgRelationship SELECT permission on these tables: mdm.tblUser mdm.tblUserGroup mdm.tblUserPreference SELECT permission on these views: mdm.viw_SYSTEM_SECURITY_NAVIGATION mdm.viw_SYSTEM_SECURITY_ROLE_ACCCESSCONTROL mdm.viw_SYSTEM_SECURITY_ROLE_ACCCESSCONTROL_MEMBER mdm.viw_SYSTEM_SECURITY_USER_MODEL |
| Role | Description |
|---|---|
| mdm | Contains all [!INCLUDEssMDSshort] database and Service Broker objects other than the functions contained in the mdq schema. |
| mdq | Contains [!INCLUDEssMDSshort] database functions related to filtering member results based on regular expressions or similarity, and for formatting notification emails. |
| stg | Contains [!INCLUDEssMDSshort] database tables, stored procedures, and views related to the staging process. Do not delete any of these objects. For more information about the staging process, see Overview: Importing Data from Tables (Master Data Services). |