Master Data Services provides three ways in which security can be controlled, namely:
Function access—Users must be assigned permissions to access the functions within Master Data Manager, for example, Explorer.
Models—Read-only, Read/Write, and Deny permissions can be assigned for a user against the common MDS objects that we have been working with, for example, models, entities, attributes, and more as we will see in this chapter.
Hierarchy members—Read-only, Read/Write, and Deny permissions can be assigned for a user against an individual member that exists in an Explicit or Derived Hierarchy.
These permissions take effect once the user has logged into Master Data Services.
A user is able to gain access to Master Data Services if their Windows login account, or a Windows group that they are member of, has been added to User and Group Permissions function in the Master Data Manager front-end.
A user is also able to gain access to MDS data via SQL Server...