Tuesday, December 15, 2015

MDS - Attribute Groups for User Access Control

Master Data Services (MDS) has a feature called Attribute Groups, which is actually a good name for the feature. As we will discover, security and controlling user access is a good use for Attribute Groups.

Typically, our first exposure to Attribute Groups occurs in the Explorer feature viewing data. Using the feature in MDS Explorer, it allows us to quickly filter down to related columns in what could be a wide entity. With the MDS Product data sample, we see five Attribute Groups, plus the [All Attributes] list. In our example, I added a new group "AnotherAttrGrp."

Groups and User Access

So basically, the Attribute Group feature creates column oriented filters. Nice, but security might be a more compelling reason to consider using Attribute Groups. As part of the System Administration section, we can group selected attributes into one or more Attribute Groups, and then control which users and [user] groups have access to these attributes. Once you have an entity created, along with some, or all of the attributes, you can create groups. 

What is a Leaf Group?

In MDS, attributes are divided into three different types:  Leaf, Consolidated, Collection.  For our discussion, we'll stick with Leaf Attributes.  Leaf Attributes are basically the typical, standard attributes found in most Entities.

Add a New Leaf Group

Under the Manage menu, select Attribute Groups.  Next select/highlight Leaf Groups, and then select the Add Attribute button (the green Plus button in SQL 2014). Then Add your new Group Name.

Edit Leaf Groups

For your newly created Leaf Group, or an existing group, expand the group and then select/highlight on Attributes item. Then select the Edit button (Pencil).

The next screen will display two pick boxes. The one on the left shows all the available attributes. The box on the right shows the current list of columns assigned (mapped) to this Attribute Group. Adjust the columns and save.

Security, Users and Groups

In MDS, individual users and groups are managed separately. Adding Users and [User] Groups follows the same pattern we followed to assign attributes. Select/highlight either the Users or [User] Groups item, and click the edit button (pencil)

Again, you will have two pick boxes. On the left are the available users or [user] groups, while on the right are the currently assigned users or [user] groups. Adjust and then save. That's it.  

No comments: