| title | Administrators | |||
|---|---|---|---|---|
| description | Learn about the types of administrators in Master Data Services: model administrators, entity administrators, and super user. | |||
| author | CordeliaGrey | |||
| ms.author | jiwang6 | |||
| ms.date | 03/01/2017 | |||
| ms.service | sql | |||
| ms.subservice | master-data-services | |||
| ms.topic | concept-article | |||
| helpviewer_keywords |
|
|||
| ms.custom |
|
[!INCLUDE SQL Server - Windows only ASDBMI]
[!INCLUDE support-notice]
This article describes the types of administrators in [!INCLUDEssMDSshort]: model administrators, entity administrators, and super user.
In [!INCLUDEssMDSshort], a model administrator is a user who has Admin permission assigned to the top-level model object on the Model Objects tab. When a user has Admin permission on a particular model, any other permissions on the model's child objects (both model object and member permissions) are trumped by the model Admin permission and effectively ignored.
-
If the user has access to the Explorer functional area, the user can add, delete, and update all master data in this area.
-
If the user has access to other functional areas, the user can perform all administrative tasks available in the functional area.
Each model can have multiple administrators. Each user can be a model administrator for one, several, or all models in the [!INCLUDEssMDSshort] deployment.
A user can be configured as a model administrator either in [!INCLUDEssMDSmdm] or programmatically. For more information, see Create a Model Administrator (Master Data Services).
In [!INCLUDEssMDSshort], an entity administrator is a user who has administrator permissions assigned to the entity object on the Model Objects tab. When a user has administrator permissions for an entity, any other permissions on the entity's child objects (both model object and member permissions) are superseded by the administrator permissions and are ignored.
-
If the user has access to the Explorer functional area, the user can add, delete, and update all master data in this area.
-
If the entity changes require administrator approval, an entity administrator can review and then approve or reject change sets.
Each entity can have multiple administrators. Each user can be a entity administrator for one, several, or all entities.
A user can be configured as an entity administrator either in [!INCLUDEssMDSshort] or programmatically. For more information, see Create an Entity Administrator (Master Data Services).
In [!INCLUDEssMDSshort], you can assign a user permissions to the Super User functional area. A user with permissions to the Super User functional area effectively has Admin permission on all models and has permissions for all the other functional areas. For information on the permissions for the functional areas, see Functional Area Permissions (Master Data Services).
The default super user is specified for the Administrator Account when you create the [!INCLUDEssMDSshort] database by using the Create Database Wizard (Master Data Services Configuration Manager).
The super user can do the following:
-
Access all functional areas.
-
Add, delete, and update all master data for all models in the Explorer functional area.
You can assign Super User permissions to multiple users and/or user groups.
| Administrator Type | Description |
|---|---|
| [!INCLUDEssMDSshort] Super User | Permissions assigned in [!INCLUDEssMDSmdm] have no effect on the administrator's access. Can be a super user based on functional area permissions assigned explicitly or permissions inherited from a group. Automatically has all permissions to all models. Automatically has access to all functional areas. |
| Model administrator | Can be a model administrator based on admin permissions assigned explicitly or permissions inherited from a group. Has access only to functional areas that access is granted to. Automatically has all permissions to all objects and members in the specific model. |
| Entity administrator | Can be an entity administrator based on administrator permissions assigned explicitly or permissions inherited from a group. Has access only to functional areas that access is granted to. Automatically has all permissions to all objects and members in the specific entity. Can approve the pending change sets if the entity changes require approval. |
Blog post, Security Improvements, on msdn.com.
Create a Model Administrator (Master Data Services)
Create a Master Data Services Database
Notifications (Master Data Services)