MDS Versioning, Permission and Security

Wednesday Oct 20th 2010 by Arshad Ali
Share:

Master Data Services (MDS) is a master data management platform that allows you to create a centralized hub for your master data. This single and centralized authoritative master data source provides consistent master data to all the business applications aligned to it. This article demonstrates how model versioning and security works in MDS.

Master Data Services (MDS) is a master data management platform that allows you to create a centralized hub for your master data. This single and centralized authoritative master data source provides consistent master data to all the business applications aligned to it. This article demonstrates how model versioning and security works in MDS.

Introduction

Master Data Services (MDS) is a master data management platform, which allows you to create a centralized hub for your master data. This single and centralized authoritative master data source provides consistent master data to all the business applications aligned to it. In this article I am going to demonstrate how model versioning works in MDS and then I will be talking about how security works in MDS.

How versioning works in MDS...

Master Data Services (MDS) creates a default initial version of your model data when you create a model for the first time. Then, as per your need, you can create as many versions you want for your model, either in sequential fashion (one version after another) or in simultaneous fashion (multiple versions in parallel). This way you can ensure you have a dedicated/consistent version of your master data for downstream consumption while at the same time having another version for adding/deleting/modifying members or for testing your model data, without compromising consistency in master data availability. A version could be in either of these three status modes:

  • Open – A model version of “Open” status mode allows everyone with required access to add/delete/change the members, hierarchies of the model. You can also run the business rules validation process to validate the data that it contains.
  • Locked – A model version of “Locked” status mode allows only the model administrator to add/delete/change the members and hierarchies of the model and other users are allowed only read access to the locked version (even though they might be having update permission on the model). A version is switched to “Locked” status mode to run the business rule validation and fix any issues with the data and that’s the reason not all users, except model administrator, are allowed to do the changes just to avoid inadvertent modification. A locked version can be switched back to Open status mode if required (to allow other users to do changes other than model administrator) or can be switched forward to “Committed” status mode.
  • Committed – Once all the business rules validation has passed in “Locked” status mode, this model version can be transitioned to “Committed” status mode and then you can create subscription views against this version to let reporting and analytical applications consume master data from the model version. A committed version cannot be unlocked (this means no changes are allowed on the committed version) though you can create another copy of committed version in parallel to do changes to the members and hierarchies.

Go to the Master Data Manager UI, select the appropriate model, and version and click on Version Management (depending on your permission level this option might or might not be visible to you. For more detail about security and permission refer to next section in this article) option as shown below:

Version Management
Figure 1 - Version Management

On the “Manage Versions” screen, select the model and you will see a list of all the versions of the selected model. Select the version in the grid and the corresponding option is enabled in the tool-bar; for example, if the version is in open status mode you will see “Lock selected version” option or if the version is in a locked state you will see “Unlock selected version”.

Manage Versions
Figure 2 - Manage Versions

To validate a model’s version, click on the Validate Version menu bar then select the appropriate model and its version and click on the “Validate version” icon as shown below:

Validate Version 1
Figure 3 - Validate Version 1

Once validation of the selected model and version has passed, you will see “Commit version” options are enabled as shown below. Click on it to move your selected model and version in committed status mode:

Validate Version 2
Figure 4 - Validate Version 2

Once a version is committed it cannot be brought back in Locked/Open status mode. Although you can create a copy of the committed version as shown below:

Copy version 1
Figure 5 - Copy version 1

Double click on the column of the grid if you want to change the value for name, description columns etc.

 

Copy version 2
Figure 6 - Copy version 2

Permission and Security in MDS...

Master Data Services has two different types of administrators, Master Data Services' system administrator and model administrator. System administrator can be only one and is specified when creating MDS database (though it can be changed later on if required). This account has access (Update permission) to all the models (including metadata model) irrespective of who created them. The system administrator can also perform all of the administrative tasks in all the functional areas. On the other hand, model administrator has access (Update permission) on the model and no other permissions assigned. If the model administrator has access to Explorer functional area he/she can access all master data of the model or if he/she has access to other functional areas (Version Management, Integration Management, System Administration, User and Group Permissions) the user can perform other administrative tasks accordingly.

There are five different functional areas in MDS and depending on the access on these functional areas, the user will be able to see it in Master Data Manager UI. You also need to have access on one or more models:

  • Explorer – This functional area allows users to add/remove/modify members, attributes, hierarchies. etc. You need additional permissions on model or its objects to browse/manage it.
  • Version Management – This functional area allows users to manage versions of the model on which the user has access. You can also review the transaction log and rollback to previous state/values if required.
  • Integration Management – This functional area allows users to batch process the staged data from the MDS staging area and create subscription views for downstream applications for consumption.
  • System Administration – This functional area allows users to create and manage model and its different objects.
  • User and Group Permissions – This functional area allows users to assign/revoke permissions on functional areas, model and hierarchies.

There are basically three types of permissions in MDS i.e. Read-only, Update and Deny. A user with Read-only permission on the model will be able to see the model but will not be able to make any changes to it and its objects whereas a user with Update permission on model will be able to see the model as well as make changes to it. If a user is denied permission, the user will not be able to see the model. The permission on the model applies to all versions of the model; there is no way to assign permission on a specific version. A user inherits the permission on an object from its parent in the tree structure unless you specifically change it at child level.

Go to Master Data Manager UI, click on the User and Group Permissions option as shown below:

Users and Group Permissions
Figure 7 - Users and Group Permissions

Here you can manage the permissions of user and group which could belong to either the local system or an active directory of the domain. It’s recommended you make a group of users and give permissions to the group instead of giving permissions to each individual. Click on Manage Group menu and the click on the “+” sign (Add groups) as shown below:

Manage Groups
Figure 8 - Manage Groups

Enter the name of the group and click on “Check names” to validate the existence of the group, click on OK to save and return to the previous menu.

Add Groups
Figure 9 - Add Groups

Click on the icon in the first column of the grid and select Edit -> Functions to give access to the functional areas to the group.

Assigning permissions
Figure 10 - Assigning permissions

You can select the functional areas from the left side list box and assign to the group as shown below:

Functional Area Access
Figure 11 - Functional Area Access

On the next screen you will be selecting the models on which this group will have access. You can see here, I have denied access on ChartOfAccounts model, Read-only access on Metadata and Update permission on Product model. Please note, you need to select at least one model to make functional areas visible to the users of the group.

Assigning permission on models
Figure 12 - Assigning permission on models

Conclusion

Master Data Services (MDS) is a master data management platform that allows you to create a centralized hub (model) for your master data that behaves like a single authoritative source for your master data. In this article, I discussed how versioning works for model data, and what permissions and security considerations are required while working with MDS.

References

MSDN: Versions (Master Data Services)

MSDN: Users and Groups (Master Data Services)

MSDN: Master Data Manager Security (Master Data Services)

» See All Articles by Columnist Arshad Ali

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved