Access Permissions
An object’s access permissions tell us who can do what with it.
The permissions that can be applied to an object are:
The permissions will be grouped into types to assign to the users and application groups. This is because some of the permissions are dependent on the user having other permissions.
For example, to update an object, the user requires read access to the object. To delete an object, the user requires collection privileges to remove the object from existing collections. The types of access that can be assigned to a user or application group in a security profile are:
The following table describes the MDS Access Types:
Access Type |
Description |
Read |
Grants read access to an object through MetaSurf™, MetaBrowse or other applications using the MDS APIs. Read access is the only access type needed for users that only read objects in the MDS repository. The remaining access types are used for customizing the type of update privileges that can be applied to objects. |
Collection |
Grants read access to an object and the ability to add or remove the object from a collection. Collection permission is needed on an object if it is to be added to a collection. You would grant collection permission (without update permission) to an object if you want to make it available to other users to add to existing or new relationships. For example, collection permission is needed on most objects in the DIM. Metaclient links the source in the load script to the destination table or view object in the DIM. It also links the source fields in the load script to the column and view column objects in the DIM. For metaclient to set up these relationships, the user running metaclient must have collection permission to all DIM objects that will be linked to the client load objects. To add or remove an object from a collection, the user must have Collection permissions to the source, destination and relationship description objects. |
Update |
Grants read, update and delete permission to the object and the ability to add or remove the object from a collection. |
Full |
Grants read, update and delete permission to the object and the ability to add or remove the object from a collection. Also when applied to a class description, grants permission to create objects of the class. |
Special Permissions
Access Type |
Description |
Object Owner |
Is granted Full permission to the object |
AIM objects |
Model Objects – only the owner can delete ClassDescription objects – only the owner can delete the class description or add or remove Property Description objects. RelationshipDescription objects – only the owner can delete |
metasu or superuser |
Has full permission on all objects |