Model Object Permissions (Master Data Services)
Topic Status: Some information in this topic is preview and subject to change in future releases. Preview information describes new features or changes to existing features in Microsoft SQL Server 2016 Community Technology Preview 2 (CTP2).
Model object permissions are mandatory. They determine the attributes a user can access in the Explorer functional area of the UI.
For example, if you assign a user Update permission to the Product entity, the user can update all of the attributes of the Product entity. If you assign Update permission to a single attribute, the user can update that attribute only.
To determine security assigned on each individual attribute value, model object permissions are combined with hierarchy member permissions, which determine the members a user can access.
To give a user access to a functional area other than Explorer, the user must be a model administrator, which also involves assigning Admin permissions on object model. For more information, see Administrators (Master Data Services).
Model object permissions are assigned in the Master Data Services user interface (UI), in the User and Group Permissions functional area on the Models tab. On this tab, the model is represented as a tree structure. When you assign permission to an object in the tree, all objects below inherit that permission. You can override that inheritance by assigning permission to individual objects.
You can assign a combination of Read, Create, Update and Delete or Deny permissions to model objects. If you do not assign any permissions on the Models tab, the user cannot view any models or data in Master Data Services.