locked
Master Data Services 2014 - Permission/Security Attribute Value RRS feed

  • Question

  • Hi,

    I have a Product entity and i want to set permission to update, read only or hide the information of some products according to the user.

    Exemple User1 will access to product entity and have P1,P2 displayed only

                  User2 will acess to product entity and have P3 displayed only

                  User3 willa access to all product and have all products displayed.

    Is ther any solution to have such configuration set dynamic permission, if not , can i do it with statistic permission?

    Regards.


    Friday, October 9, 2015 3:15 PM

Answers

  • Friday, October 9, 2015 6:19 PM
  • The short answer is No, you cannot hide/show hierarchy on user or group basis.

    https://msdn.microsoft.com/en-us/library/ff486944(v=sql.110).aspx

    The permission is calculated by user permissions on the entity/attribute level. If user has permission to view all entities / attributes involved in hierarchy, then the hierarchy is visible to the user.

    Tuesday, October 20, 2015 7:24 PM

All replies

  • Friday, October 9, 2015 6:19 PM
  • Hi David,

    Can you explain more please?

    Actually i haven't any Hierarchy Member, all are leaf member.

    Regards,

    Wednesday, October 14, 2015 3:20 PM
  • >Can you explain more please?

    Create another entity, say ProductGroup, and create a Domain Attribute on Product that points to ProductGroup.  Then create a Derived Hierarchy from the Domain Attribute.  Then set permission on the Derived Hierarchy.

    David


    David http://blogs.msdn.com/b/dbrowne/

    Wednesday, October 14, 2015 3:24 PM
  • Thank you David.

    That's the first time i work with MDS, i'm following steps as they are explained in your MSDN link but still not working:

    I have created ProductGroup:

    In Product entity, i have created a Domain Attribute [PGCode] to point to ProductGroup Entity:

    I have created a Derived hierarchy from the Domain Attribute:

    Then set permission on Derived Hierarchy, that UserC will access to ProductGroup C only and not access to A, B ProductGroup as shown below :

    But when im connected with UserC, Product P1 ,P2 And P3 wich are associated with ProductGroup A and B are displayed also !!!

    Regards,


    Friday, October 16, 2015 9:37 AM
  • Please check few things.

    https://msdn.microsoft.com/en-us/library/ff487051(v=sql.110).aspx

    1. Check if user is System admin.

    Check The user C is ID = 1 user in the mdm.tblUser table. The ID 1 user is server admin has the maximum permission, all the other permissions will be ignore.

    2. Check if user is model admin

    Check If user has only Update permission on Model level. You can assign update on entity level, that will remove the implicit

    3. Once assign the permission, there is a delay on when the permission is applied.

    https://msdn.microsoft.com/en-us/library/ff486978.aspx


    Friday, October 16, 2015 5:57 PM
  • Hi Vincent,

    Thank you for your help.

    The problem was the delay to have permission applied.

    Now i'm using the stored procedure [mdm].[udpSecurityMemberProcessRebuildModel] to apply immediately permissions.

    Now, all run fine, just Hierarchy which are visible in explorer, can i hide it?

    Regards.


    Tuesday, October 20, 2015 12:42 PM
  • The short answer is No, you cannot hide/show hierarchy on user or group basis.

    https://msdn.microsoft.com/en-us/library/ff486944(v=sql.110).aspx

    The permission is calculated by user permissions on the entity/attribute level. If user has permission to view all entities / attributes involved in hierarchy, then the hierarchy is visible to the user.

    Tuesday, October 20, 2015 7:24 PM