| title | Leaf Permissions | |||||
|---|---|---|---|---|---|---|
| description | Leaf Permissions (Master Data Services) | |||||
| author | meetdeepak | |||||
| ms.author | dkhare | |||||
| ms.reviewer | mikeray | |||||
| ms.date | 03/05/2026 | |||||
| ms.service | sql | |||||
| ms.subservice | master-data-services | |||||
| ms.topic | concept-article | |||||
| ms.custom |
|
|||||
| helpviewer_keywords |
|
[!INCLUDE SQL Server - Windows only ASDBMI]
[!INCLUDE support-notice]
Leaf permissions apply to the attribute values for all leaf members of an entity.
For entities without explicit hierarchies enabled, assigning permission to Leaf is the same as assigning permission to the entity.
Notes:
-
Leaf permissions apply to the Explorer functional area of the user interface only.
-
Permissions assigned to Name and Code attributes are not enforced.
| Permission | Description |
|---|---|
| Read | User can read leaf members, attributes. |
| Create | User can create leaf members, and assign attribute values during create. |
| Update | User can update leaf members and attributes. |
| Delete | User can delete leaf members. |
| Deny | Deny all access to the leaf members. |
The Read, Create, Update, and Delete permissions can be combined. When Create, Update and Delete are assigned, the read permission is assigned automatically.
Attribute permissions apply to the attribute's values for the specific entity. Users with attribute permissions only cannot add or remove members.
| Permission | Description |
|---|---|
| Read | User can read attributes. |
| Create | User can assign values when they create members. |
| Update | User can update attributes. |
| Delete | No effect. |
| Deny | The attribute is not displayed. Note: You cannot explicitly deny access to Name and Code attributes. |
For the Product entity, assign Update permission to Subcategory attribute. Deny permission to all other attributes.
| Name | Code | Subcategory (Update) |
|---|---|---|
| Mountain-100 | BK-M101 | {5} Mountain Bikes |
| Mountain-100 | BK-M201 | {5} Mountain Bikes |
In Explorer, you can update any attribute value in the Subcategory column. If you do not have permission to an attribute, the attribute is not displayed.
Note
In this example, Subcategory is a domain-based attribute, based on the SubcategoryList entity. You can select a different subcategory for Mountain-100 but you cannot add members to or delete members from the SubcategoryList entity.
Assign Model Object Permissions (Master Data Services)
Model Object Permissions (Master Data Services)
Members (Master Data Services)
Attributes (Master Data Services)