Controlled\Restricted Access to Data in MDM sai charan singh

Controlled\Restricted Access to Data in MDM
sai charan singh


MDM provides security through Users, Roles and Privileges.

Each user has his own user access, with his own user name and password.

Each roles defines the permitted area and restricted section in the repository.

Privileges are to defined on tables, fields and functions as executable, read-only or read/write.


User:

When you create a new user you have to give a user name, password and assign role to the user, by default a 'Default' role is assigned, when you assign any other role then default role is replaced. When you create a repository by default an Admin user, with blank password is created, which you use to log into the repository. You can set a custom password for Admin but you cannot delete user Admin.



image




Roles:

When you create a new role you have to give a name to that role and assign different users to this role, by default all functions are enabled for execute and tables/fields are enabled to read/write. When you create a repository by default two roles are created, First role being Admin, with all functions enables to execute and tables/fields enabled to read/write and this roles cannot be edited, the second role created is Default, which also has all functions enabled to execute and tables/fields enabled to read/write but this role can be edited and changes can be made to functions and tables/fields, remember this role is the one assigned when you create a new user. Both the roles cannot be deleted.



image

Privileges:

Creating users and roles might be childs game, but when it comes to setting the right privileges then its MEN AT WORK, its very important to assign the right functionality to each role.

The second tab while creating roles, there are the list of functions provided, differentiate each role, understand why this role is required, for example, you want the user assigned to this role only to read and write data, then dont grant him permission to delete records, go through each and every function and set the right access, if you change the first row, functions[default] then by default all rows are effected.

The third tab while creating roles, has different tables and when you expand those you will find different fields. Hear you can set access at table level or for individual field. Tables n fields can be set with read-only or read/write access.


image


Constraints:

Once of the most important part actually for which I started this blog is this, constraints, you can find a constraint column as the last column in tables/fields tab while creating a role. Generally you dont want to give access to a role for complete table, you want to filter a group of records and then give access to them, then you should create a Mask or Named search and then select read-only access for all rows and only for the required Mask or Named search select read/write or select a constraint on a lookup table.


image



1. By default for all constraints, 'ALL' option is selected. By selecting the drop down list you can select you own options, its an multi-valued field.

2. Previous only Masks and Look up tables were allowed to be constrained, but now from SP6 even Named searches can be constrained.

3. When it comes to look up tables only non-Multi-valued fields with respect to main table are allowed, that means qualified tables and multi-valued lookup fields in Main table are not available for Constraints.

4. When you select a lookup tables value as an constraint, automatically both Main table and the lookup table gets short listed(Both the tables have records with respect to that constraint).