Consolidated Permissions (Master Data Services)
Consolidated permissions apply to all consolidated members for an entity. This includes the consolidated member attributes and any attribute groups that exist.
Consolidated permissions apply only to entities that are enabled for explicit hierarchies and collections.
These permissions apply to the Explorer functional area of the user interface only.
Consolidated members are displayed but the user cannot add, remove, or change them.
Consolidated members are displayed and the user can add, remove, and change them.
Consolidated members for the entity are not displayed.
Attribute group permissions apply to all attributes in the attribute group, except Name and Code.
The attribute group is displayed and the user cannot update any attributes.
The attribute group is displayed and the user can update all attributes except name and code.
The attribute group (the tab in Explorer) is not displayed.
Attribute permissions apply to the attribute’s values for the specific entity. Users with only attribute permissions cannot add or remove members.
The attribute is displayed but the user cannot change attribute values.
The attribute is displayed and the user can change attribute values.
The attribute is not displayed.
You cannot explicitly deny access to Name and Code attributes.
When assigning permission on attributes and attribute groups, you may have to resolve overlapping permissions.
When an attribute belongs to multiple attribute groups
Two or more attribute groups can contain the same attribute.
If one group is assigned Update permission and another is assigned Read-only, the attribute is updateable in both groups (on both tabs).
If one group is assigned Update or Read-only permission and another is assigned Deny, the attribute is not displayed on the updateable tab.
When an attribute has different permission than its attribute group
Because an attribute group is made up of attributes, you can assign one permission to the attribute group and a different permission to the attribute.
If an attribute from the attribute group is assigned Deny permission, then the attribute is not displayed in the attribute group.
If an attribute from the attribute group is assigned Read-only permission, the attribute is Read-only when displayed in the attribute group. If the attribute is assigned Update permission, it is updateable when displayed in the attribute group.