Access Permissions - Teradata Meta Data Services

Teradata Meta Data Services Programmer Guide

Product
Teradata Meta Data Services
Release Number
15.00
Language
English (United States)
Last Update
2018-09-28
Product Category
Teradata Tools and Utilities

Access Permissions

An object’s access permissions tell us who can do what with it.

The permissions that can be applied to an object are:

  • Read – the right to read an object.
  • Collection – the right to add or remove an object from a collection. The user must have collection access on the source object, destination object, and the relationship description object.
  • Write – the right to update an object
  • Delete – the right to delete an object
  • Create – the right to create objects of the class (only meaningful when applied to a Class Description Object)
  • The permissions will be grouped into types to assign to the users and application groups. This is because some of the permissions are dependent on the user having other permissions.

    For example, to update an object, the user requires read access to the object. To delete an object, the user requires collection privileges to remove the object from existing collections. The types of access that can be assigned to a user or application group in a security profile are:

  • Read – grants Read access rights
  • Collection – grants Read and Collection access rights
  • Update – grants Read, Collection, Write and Delete access rights
  • Full – grants Read, Collection, Create, Write and Delete access rights
  • The following table describes the MDS Access Types:

     

    Table 45: Access Type Descriptions 

    Access Type

    Description

    Read

    Grants read access to an object through MetaSurf™, MetaBrowse or other applications using the MDS APIs.

    Read access is the only access type needed for users that only read objects in the MDS repository. The remaining access types are used for customizing the type of update privileges that can be applied to objects.

    Collection

    Grants read access to an object and the ability to add or remove the object from a collection.

    Collection permission is needed on an object if it is to be added to a collection.

    You would grant collection permission (without update permission) to an object if you want to make it available to other users to add to existing or new relationships. For example, collection permission is needed on most objects in the DIM. Metaclient links the source in the load script to the destination table or view object in the DIM. It also links the source fields in the load script to the column and view column objects in the DIM. For metaclient to set up these relationships, the user running metaclient must have collection permission to all DIM objects that will be linked to the client load objects.

    To add or remove an object from a collection, the user must have Collection permissions to the source, destination and relationship description objects.

    Update

    Grants read, update and delete permission to the object and the ability to add or remove the object from a collection.

    Full

    Grants read, update and delete permission to the object and the ability to add or remove the object from a collection. Also when applied to a class description, grants permission to create objects of the class.

    Special Permissions

     

    Table 46: Special Permissions 

    Access Type

    Description

    Object Owner

    Is granted Full permission to the object

    AIM objects

    Model Objects – only the owner can delete

    ClassDescription objects – only the owner can delete the class description or add or remove Property Description objects.

    RelationshipDescription objects – only the owner can delete

    metasu or superuser

    Has full permission on all objects