MDS Group Level Permissions Not Working For Model Administrator - by HandleysOnline

Status : 

  Not Reproducible<br /><br />
		The product team could not reproduce this item with the description and steps provided.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

Sign in
to vote
ID 772514 Comments
Status Closed Workarounds
Type Bug Repros 0
Opened 11/28/2012 6:22:36 AM
Access Restriction Public


Hi all,

When administrating user and groups in MDS, group level permissions do not work for model administrator.  For e.g. the following link states that you can grant model administrator permissions to a specific group.  If you follow these steps and add update permissions to a specific group and a specific model, then add all functions to the same group the user does not have access to manage the model i.e. alter entities etc.  The permissions does allow them to update members in explorer.  It seems only some of the permissions are inherited from the group.  I've tried deleting the individual user and logging back in which re-creates the same user in MDS.  The permissions to administer a model are still not available.  If you add the same permissions to the individual user then models can be administered.  I prefer not to add individual user permissions as this is a nightmare to maintain.  I have also set the drop down item "permission" in each tab of the user to "user and inherited from group".  We are running SQL Server 2012 MDS and the user is not a member of any other group in MDS. I imply have one AD group called MDS_Admins which users who I want to grant access to edit models, sub-entities, attributes etc are a member of.
Sign in to post a comment.
Posted by Lynn [MSFT] on 4/1/2013 at 10:22 PM
My apologies - we are unable to reproduce this error on any environment or with any data / users that we have available. I am closing this issue, but if there is more information that can be provided, please reactivate it or open a new issue. We understand your frustration with your experience and we do take your input into account in our work. Regards, Lynn
Posted by HandleysOnline on 2/14/2013 at 7:03 AM
Hi Microsoft, what details do you require? I have detailed the reproduction steps above in the initial thread. Adding system admin is a security risk.

Yes i can verify that there are no other permissions in the hierarchy.
Posted by HandleysOnline on 2/14/2013 at 7:00 AM
There are also other fundamental flawed with users and groups in MDS which are raised on connect. Maybe something which needs looking into by yourselves.
Posted by HandleysOnline on 2/14/2013 at 6:59 AM
We are using SQL Server 2008R2 SP2 CU4
Posted by Lynn [MSFT] on 1/11/2013 at 11:19 AM
We do not repro this issue, so can you provide more information?
- When you say you added all the functional permissions, you mean including System Administration as well, right?
- Can you verify that there are not other permissions for that group or user anywhere else in the model (including hierarchy)?
Posted by Lynn [MSFT] on 1/9/2013 at 4:58 PM
Hi HandleysOnline,
Sorry, this bug was closed by mistake.
I am investigating and may have some more questions for you.
Posted by HandleysOnline on 12/7/2012 at 9:19 AM
SQL version: Microsoft SQL Server 2008 R2 (SP1) - 10.50.2796.0 (X64) Dec 9 2011 11:27:20 Copyright (c) Microsoft Corporation Enterprise Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1)

MDS version: 11.0.2332.0
Posted by Matthew [MSFT] on 12/3/2012 at 11:03 AM
Hi HandleysOnline,

Thanks for the feedback. Can you please let us know what version of SQL Server MDS you’re using? Specifically, what service pack and/or CU have you installed?

Thanks in advance!