Is it possible to make the Code attribute read-only?

Question

Hello,

I have auto-generated codes for my entity and would like to keep users from modifying this code value while being able to modify other values of the leaf members. If I make this attribute read-only via the model permissions, users can change values in the UI but upon committing they are presented with the following error:

120003: The user does not have permission or the object ID is not valid.

Upon removal of the read-only rule on the Code attribute, they user is then again able to commit the changes.

So the question is, is it possible to make the Code attribute read-only when the values are auto-generated?

Thanks!

---

http://www.henryong.com

Answer 1

I just noticed that the error message is also true when I try to make any other attribute read-only. It seems that all attributes of an entity must be read/write in order for changes to a member to be accepted. Can anyone validate that? This is MDS 2012.

---

http://www.henryong.com

Answer 2

Henry, in my 2012 environment, I created a new entity with a system generated code.  added a couple of members.  made the code 'Read only'.  Went back in and tried to change some of the names and was able to without error.    I am running 2012 with CU1 applied.

hope this helps.

Answer 3

Hi Baracus,

Would you be able to help validate that a user account belonging to a group with read only access to a field can update the member?

I'm finding the following:

1. The user is part of an AD security group.

2. That group is provisioned with update rights to a model.

3. That group is given read permissions to the Code attribute (or any other attribute) of an entity.

4. When the user tries to update a member of this entity, they will get the error message.

If the read-only permissions are set on the user and not the group, then the updates will be successful as expected on members with read-only attributes.

Also, I have MDS installed on a web server without any instances of SQL installed. The database is stored on a separate SQL Server 2008 R2 server. It doesn't seem like I can install the 2012 CU1 on the web server as it doesn't detect any SQL instances or installations. Any tips? Thanks!

---

http://www.henryong.com

Answer 4

It looks like I may have uncovered an issue with my environment.  I removed myself and added a group that I belong to through the security administration.  I was no longer able to login.  Was getting the 'unauthorized' page.  that stinks.  I added myself back and was able to once again log in. 

Irregardless, it looks like you may have uncovered a bug.  I would log something on the connect site and let MSFT try to duplicate it. 

Good question regarding the MDS CU installation.  Not sure about that one either.  I see you are running a mixed version environment (which is supported) but that may make applying patches like this a bit challenging.  sorry I couldn't be more help.

Answer 5

Cool, thanks for validating!

---

http://www.henryong.com

Answer 6

Update from the feedback I submitted via the Connect site - product team is claiming that this is not reproducible. https://connect.microsoft.com/SQLServer/feedback/details/740609/unable-to-make-master-data-services-2012-attributes-read-only-for-groups#details

Can anyone else reproduce this issue?

---

http://www.henryong.com