Derived Hierarchy Permissions (Master Data Services)
Derived hierarchy permissions apply to:
The name and code of each entity that the hierarchy is based on.
The domain-based attribute values that the hierarchy is based on.
Note
These permissions apply to the Explorer functional area of the user interface only.
Permission |
Description |
|---|---|
Read-only |
The hierarchy and its related entities are displayed. For each member in the hierarchy, the user cannot change the values of the domain-based attributes used to derive the hierarchy. |
Update |
The hierarchy and its related entities are displayed. For each member in the hierarchy, the user can change the values of the domain-based attributes used to derive the hierarchy. When these values change, the location of the member in the hierarchy tree changes. |
Deny |
The hierarchy and its related entities are not displayed. |
Example
In User and Group Permissions, on the Model tab, assign Update permission to this derived hierarchy:
Category (domain-based attribute)
Subcategory (domain-based attribute)
Product (entity)
In Explorer, you can update the product’s Subcategory attribute.
Name (read-only) |
Code (read-only) |
Subcategory (update) |
|---|---|---|
Mountain 100 |
BK-M101 |
5 {Mountain Bikes} |
Mountain 200 |
BK-M201 |
5 {Mountain Bikes} |
You can also update the Subcategory’s Category attribute.
Name (read-only) |
Code (read-only) |
Category (update) |
|---|---|---|
Mountain Bikes |
5 |
1 {Bikes} |
Jerseys |
25 |
3 {Clothing} |
If you change the value of a domain-based attribute, the member moves in the hierarchy tree. Or, if you move a member in the tree, the value of the domain-based attribute changes. For example, if you change the Subcategory attribute for Mountain-100 to 6 {Road Bikes}, then the Mountain-100 member is displayed in the hierarchy tree under 6 {Road Bikes}.
Attributes that do not affect the hierarchy are not displayed. Name and Code are always displayed.
Possible Overlapping Permissions
When assigning permission to derived hierarchies, you may have to resolve overlapping permissions.
When multiple hierarchies contain the same object
Two or more derived hierarchies can contain the same entity or domain-based attribute.
If one of the hierarchies is assigned Deny permission, then that hierarchy is not displayed. If the entities or domain-based attributes from the hierarchy exist in any other hierarchies, those hierarchies are not displayed.
If one of the hierarchies is assigned Read-only permission and another is assigned Update, then any attributes from the updateable hierarchy are updateable when they are displayed in the read-only hierarchy.
When permission on a hierarchy differs from those on individual hierarchy objects
Because a derived hierarchy is made up of entities and domain-based attributes, you can assign one permission to the derived hierarchy and a different permission to the entity or domain-based attribute.
If one entity or domain-based attribute from the hierarchy is assigned Deny permission, then the hierarchy is not displayed, no matter which permission is assigned to it.
If one entity or domain-based attribute from the hierarchy is assigned Read-only permission, the entity or domain-based attribute is Read-only when displayed in the hierarchy. If the entity or domain-based attribute is assigned Update permission, the entity or domain-based attribute is updateable in the hierarchy.