Leaf Permissions (Master Data Services)

 

Applies To: SQL Server 2016

Leaf permissions apply to the attribute values for all leaf members of an entity.

For entities without explicit hierarchies enabled, assigning permission to Leaf is the same as assigning permission to the entity.

Notes:

  • Leaf permissions apply to the Explorer functional area of the user interface only.

  • Permissions assigned to Name and Code attributes are not enforced.

PermissionDescription
ReadUser can read leaf members, attributes.
CreateUser can create leaf members, and assign attribute values during create.
UpdateUser can update leaf members and attributes.
DeleteUser can delete leaf members.
DenyDeny all access to the leaf members.

The Read, Create, Update, and Delete permissions can be combined. When Create, Update and Delete are assigned, the read permission is assigned automatically.

Attribute permissions apply to the attribute’s values for the specific entity. Users with attribute permissions only cannot add or remove members.

PermissionDescription
ReadUser can read attributes.
CreateUser can assign values when they create members.
UpdateUser can update attributes.
DeleteNo effect.
DenyThe attribute is not displayed.

Note: You cannot explicitly deny access to Name and Code attributes.

Example

For the Product entity, assign Update permission to Subcategory attribute. Deny permission to all other attributes.

NameCodeSubcategory (Update)
Mountain-100BK-M101{5} Mountain Bikes
Mountain-100BK-M201{5} Mountain Bikes

In Explorer, you can update any attribute value in the Subcategory column. If you do not have permission to an attribute, the attribute is not displayed.

System_CAPS_ICON_note.jpg Note


In this example, Subcategory is a domain-based attribute, based on the SubcategoryList entity. You can select a different subcategory for Mountain-100 but you cannot add members to or delete members from the SubcategoryList entity.

Assign Model Object Permissions (Master Data Services)
Consolidated Permissions (Master Data Services)
Model Object Permissions (Master Data Services)
Members (Master Data Services)
Attributes (Master Data Services)

Community Additions

ADD
Show: