Troubleshooting Master Data Manager Security

When you click any node in the tree, the menu items may be disabled.

To enable the menu:

  • Click the pencil icon at the top of the page to make the tree editable.

  • Ensure that you do not have chosen Effective from the Permissions list. You cannot assign permissions while viewing effective permissions.

If you want to assign permission to a model and it is not displayed, you may not have permission to access the model.

To learn more about model administrators, see Administrators (Master Data Services).

When you assign hierarchy member permissions, you must wait for an interval to pass before the permissions take effect. For more information, see System Settings (Master Data Services) and How To: Immediately Apply Member Permissions (Master Data Services).


Users with hierarchy member permissions cannot view members that other users create until the interval has passed.

To view a user’s permissions, you can set the permissions on a test account and access Master Data Manager with the test account credentials. For more information, see the Authentication section of Users and Groups (Master Data Services).

If the permissions do not produce the result you expected:

  • If the user was logged in when you changed the permissions, have them close the browser and open it again.

  • Have the user click the Refresh link on the home page.

  • If the user or group has hierarchy member permissions, ensure enough time has passed for the permissions to be applied. For more information, see How To: Immediately Apply Member Permissions (Master Data Services).

When you add a user or group in Master Data Manager, the user or group might not be found.

If the user or group is not found:

  • Make sure that Windows domain users or groups are entered in the format DOMAIN\user_name or DOMAIN\group_name.

  • Make sure that local users or groups are entered in the format COMPUTERNAME\user_name or COMPUTERNAME\group_name.

  • For Windows domain users or groups, make sure that the host computer is part of an Active Directory domain.

  • For Windows domain users or groups, make sure that the application pool identity in Internet Information Services (IIS) is an account that has permission to query Active Directory to resolve domain accounts.

If the user or group does not have the ability to add or delete members, it is because they do not have sufficient model object permissions.

On the Models tab, the user or group must have Update permissions to an entity or model. Read-only permission does not include the ability to add and remove members, and Update permissions to any lower level model objects do not either. Hierarchy member permissions also have no effect on a user’s ability to add or remove members.

Community Additions