| title | Database Logins, Users, and Roles | ||||||
|---|---|---|---|---|---|---|---|
| description | Master Data Services includes logins, users, and roles installed on the SQL Server Database Engine instance that hosts the Master Data Services database. | ||||||
| author | meetdeepak | ||||||
| ms.author | dkhare | ||||||
| ms.reviewer | mikeray | ||||||
| ms.date | 03/05/2026 | ||||||
| ms.service | sql | ||||||
| ms.subservice | master-data-services | ||||||
| ms.topic | concept-article | ||||||
| ms.custom |
|
||||||
| helpviewer_keywords |
|
[!INCLUDE SQL Server - Windows only ASDBMI]
[!INCLUDE support-notice]
[!INCLUDEssMDSshort] includes logins, users, and roles that are automatically installed on the [!INCLUDEssDEnoversion] instance that hosts the [!INCLUDEssMDSshort] database. These logins, users, and roles should not be modified.
| Login | Description |
|---|---|
| mds_dlp_login | Allows creation of UNSAFE assemblies. For more information, see Creating an Assembly. -Disabled login with randomly-generated password. -Maps to dbo for the [!INCLUDEssMDSshort] database. -For msdb, mds_clr_user maps to this login. |
| mds_email_login | Enabled login used for notifications. For msdb and the [!INCLUDEssMDSshort] database, mds_email_user maps to this login. |
| User | Description |
|---|---|
| mds_clr_user | Not used. Maps to mds_dlp_login. |
| mds_email_user | Used for notifications. -Maps to mds_email_login. -Is a member of the role: DatabaseMailUserRole. |
| User | Description |
|---|---|
| mds_email_user | Used for notifications. -Has SELECT permission for the mdm schema. -Has EXECUTE permission for the mdm.MemberGetCriteria user defined table type. -Has EXECUTE permission for the mdm.udpNotificationQueueActivate stored procedure. |
| mds_schema_user | Owns the mdm and mdq schemas. The default schema is mdm. Does not have a login mapped to it. |
| mds_ssb_user | Used to execute Service Broker tasks. -Has DELETE, INSERT, REFERENCES, SELECT, and UPDATE permission all schemas. -Does not have a login mapped to it. |
| Role | Description | Permissions |
|---|---|---|
| mds_exec | This role contains the account you designate in [!INCLUDEssMDScfgmgr] when you create a [!INCLUDEssMDSmdm] web application and designate an account for the application pool. | EXECUTE permission on all schemas. ALTER, INSERT, and SELECT permission on these tables: mdm.tblStgMember mdm.tblStgMemberAttribute mdm.tbleStgRelationship SELECT permission on these tables: mdm.tblUser mdm.tblUserGroup mdm.tblUserPreference SELECT permission on these views: mdm.viw_SYSTEM_SECURITY_NAVIGATION mdm.viw_SYSTEM_SECURITY_ROLE_ACCESSCONTROL mdm.viw_SYSTEM_SECURITY_ROLE_ACCESSCONTROL_MEMBER mdm.viw_SYSTEM_SECURITY_USER_MODEL |
| Role | Description |
|---|---|
| mdm | Contains all [!INCLUDEssMDSshort] database and Service Broker objects other than the functions contained in the mdq schema. |
| mdq | Contains [!INCLUDEssMDSshort] database functions related to filtering member results based on regular expressions or similarity, and for formatting notification emails. |
| stg | Contains [!INCLUDEssMDSshort] database tables, stored procedures, and views related to the staging process. Do not delete any of these objects. For more information about the staging process, see Overview: Importing Data from Tables (Master Data Services). |