Separating Access Permissions for MDM Dictionary Elements

The following methods of access control for MDM dictionary elements are available:

It is allowed to apply these methods individually and together: discretionary and mandatory access controls or discretionary and attribute-based access controls.

NOTE. Setting up access permissions is available only in the desktop application. Access permissions can be set up if access control is used, and the user has privilege to change permissions.
If the roles of the information security administrator and the application administrator are separated, by default, only the information security administrator may change access permissions using the security manager.

Setting Up Access Control

To set up discretionary access control:

Make sure that discretionary access control for MDM dictionary elements is enabled.
Select the Access Permissions item in the element's context menu.
In the Access Permissions dialog box go to the Discretionary Access Control tab.

The tab contains a list of all access subjects determined for a dictionary. The tab view is displayed above.

To change subject permissions, use checkboxes in the following columns: Read, Write, Delete and Modify Permissions:

When the checkbox is selected, the subject is allowed to execute the corresponding operation.
When the checkbox is deselected, the subject is denied to execute this operation.

If none of these operations is determined for the subject, it is not displayed.

To set up mandatory access control:

Make sure that mandatory access control for MDM dictionary elements is enabled.
Select the Access Permissions item in the element's context menu.
In the Access Permissions dialog box go to the Mandatory Access Control tab.

The tab contains a list of all security categories determined in the security manager. For example:

For each security category set the required access level. By default, each category has the Access Denied level.

To set up attribute-based access control, make sure that attribute-based access control for MDM dictionary elements is enabled.

Attribute-based access control setup is available only in the security manager for MDM dictionary elements.

For details about attribute-based access control for MDM dictionary elements, see the Access Permissions for MDM Dictionary Objects article.

To set up the order of application of access permissions, use the checkboxes available on each tab of the Access Permissions dialog box:

Apply by Elements Hierarchy. Selecting the checkbox enables the user to apply access permissions to all child elements of the configured element.
Apply to Level. Selecting the checkbox enables the user to apply access permissions to all elements of the level, at which the configured element is stored.