Wednesday, January 2, 2013

Granting access to Master Data Services

Master Data Services (MDS) is a great data governance tool in SQL Server 2012, but you must understand how it is administered for smooth implementation. The reason for this post is to document how to grant developer access to the MDS website called Master Data Manager to be able to build MDS Models, Business Entities, Rules, etc. Or in other words, are you getting a white screen with "Access denied" as the only message when trying to access Master Data Manager? Read on and you'll know what privileges to ask for from your MDS Administrator.

Basically, there's 3 steps to configuring permissions in Master Data Manager:
  1. Create an MDS user account.
  2. Assign MDS Function(s)
  3. Grant read-write permission to individual Models, Business Entities, etc. 
Please note that Master Data Manager is a Silverlight interface. So use a compatible browser to administer MDS permissions.

Create an MDS User

Assuming you are logged in as a System Administrator to MDS, you click on the User and Group Permissions link on the Master Data Services homepage.


A list of users appears, of which you can add a new user by clicking on the plus symbol above the grid.

Enter the domain username under User Names. You can also check the user is correct by clicking on the User symbol below the textbox. Click OK.


Now the person is officially added to the list of MDS users, but the user will still see "Access Denied" because you haven't granted any MDS functions. We'll do this now.

Assign MDS Functions

Hover over the down arrow next to the new username, and select Edit. Click on the Functions option.


Granting users Functions gives them access to each functional area of Master Data Services. Looking at the home page of Master Data Manager, each link is a functional area. Here's a list with my shorthand:

FUNCTION Shorthand description
Explorer Enter data and accept changes into Business Entities in an excel-like grid.
Version Management Create different versions of models.
Integration Management Import data into MDS and create SQL views to include in your ETL process.
System Administration Build models, rules, hierarchies, etc.
User and Group Permissions Setup MDS Users/Groups with read, write, delete privileges. (The reason for this post)

So let's grant minimal privileges to allow a developer to further build models and test out his/her changes. To do this in Master Data Manager, the minimum they will need is access to Explorer and System Administration. Now with the Available Functions visible in the User's settings, click the Pencil button above the available functions, then move over the ones you want, and then click the Save button. Here's a before and after picture of what this looks like:

Grant Read/Write on Business Models

Open the Models tab on this same screen or from the User Permissions grid, click on the drop-down next to the username and select Edit > Models. You'll see a screen similar to the one below, but remember to click the Pencil button first. Click on the model name to expose the menu and select Read-Only, Update, or Deny privileges. To assign more granular privileges down to individual Business Entities, expand the model to view the Entities underneath, and assign the same privileges there.

So once you do that, your developer will be able to see the Model selected in Master Data Manager. From there, they can click the Explorer link to modify the data and experiment with the structure, or select System Administration from the homepage to further develop the Model structure (Business Entities, Rules, etc).

Happy New Year to you all and much success in 2013!