Configure web application permissions for SQL Server Master Data Services

By:   |   Comments (3)   |   Related: > Master Data Services


Problem

I installed the database component of Master Data Services and configured it, now I have to configure the web application and set up the initial security. What are the steps to take for the web application configuration?

Solution

In a previous tip we discussed how to install Master Data Services and create and configure the database component. Now it's time to configure the web application. The Configuration Manager is the primary tool to use for configuration of the Master Data Services database, web application and web services components. The Configuration Manager opens directly after successful installation of Master Data Services. It can also be opened from the Start Menu under the "Microsoft SQL Server 2008 R2\Master Data Services" folder as shown below.

Microsoft SQL Server 2008 R2\Master Data Services

The setup of the application in the Configuration Manager is similar to setting up a virtual directory and application in Internet Information Services. The minimum IIS version supported for Master Data Services is 7.5

The setup of the application in the Configuration Manager is similar to setting up a virtual directory and application in Internet Information Services

The first step is to choose a site in which the web application will be stored. The configuration application will query the sites available in IIS and present them in the Web Site dropdown list:

query the sites available in IIS and present them in the Web Site dropdown list

Once a web site is chosen you create a virtual directory. On this page you select a name for the site, any IP address bindings, a host header if necessary, and configure an Application Pool for the web application with a username and password for the application pool identity:

Once a web site is chosen you create a virtual directory

Lastly, if your company will create a customized application for interacting with Master Data Services you can enable the Web Services as shown at the bottom of the page:

if your company will create a customized application for interacting with Master Data Services you can enable the Web Services

At this point you've installed all of the components necessary for Master Data Services; however, you have to set up the permissions necessary to access it. Some planning will be necessary for security, particularly if your institution utilizes Active Directory. Creating groups and assigning the appropriate permissions decreases the level of administrative effort required (known as the AGDLP strategy). The only account that has access to the web application at this point is the account you specified during the initial installation. Log into the server as the administrator and navigate to the URL of the web application. Located at the bottom left of the page is a link named User and Group Permissions:

you've installed all of the components necessary for Master Data Services; however, you have to set up the permissions necessary to access it

When you click on the User and Group Permissions link you are directed to the security page. At the top of the page there are two links: one named Manage Users and another named Manage Groups. The default selection is Manage Users:

there are two links: one named Manage Users and another named Manage Groups. The default selection is Manage Users

When you click on the green add button you are directed to a page where you can add individual user accounts. Type in the user account and click the Check names button. More than one name can be entered with a semi-colon between each account. Once you have entered the user accounts click OK:

Type in the user account and click the Check names button. More than one name can be entered with a semi-colon between each account

The Manage Groups page is very similar to the Manage Users page. This page allows you to enter multiple Active Directory or local groups. In either case you will be redirected to the main User and Group Permissions page. If you click on the arrow to the left of the user account there is a dropdown list with Edit and Delete options:

enter multiple Active Directory or local groups

From here you can set specific permissions for areas like Models and Hierarchy Members. Security for these areas will be covered in a future tip:

set specific permissions for areas like Models and Hierarchy Members
Next Steps


sql server categories

sql server webinars

subscribe to mssqltips

sql server tutorials

sql server white papers

next tip



About the author
MSSQLTips author Tim Cullen Tim Cullen has been working in the IT industry since 2003 and currently works as a SQL Server Reports Developer.

This author pledges the content of this article is based on professional experience and not AI generated.

View all my tips


Comments For This Article




Friday, July 4, 2014 - 8:19:07 AM - Raji Back To Top (32549)

I have created 2 entities called Party and Owner. Party has following columns (name, Code, Owner (Domain Based Attribute)) Owner has following columns (name, Code) And I have Created one Derived Hierarchy.

From user and Group Permision Section, Hierarchy Members tab I have given read only permision to me (administrator of the Model). When I gave the permision I have selected users and Inherited from group in permission tab. And I'm not the part of any group.

Now I'm not able to see my model except the explorer area. And I'm not able to delete the permission from the user. As per the admin guide we need to delete permission from group.

Though I'm not the part of any group, I'm not able to proceed further to delete the permission.

Please help me out in this regard. Thanks!

Thursday, August 5, 2010 - 12:00:13 PM - Tim Cullen Back To Top (10018)
Reagan:

Thanks for the additional information.  I'm looking forward to working with it  and sharing additional information about it in the future.

Thursday, August 5, 2010 - 5:38:04 AM - Reagan Back To Top (10015)
Great infromation in these MDS posts! I'm the lead technical writer for MDS, and would like to clarify a couple of things in the Web application post:

1. MDS requires IIS 7.0 or later. The topic Setup Requirements (Master Data Services) has a list of the supported OSs for MDS: http://msdn.microsoft.com/en-us/library/ee633742.aspx.

2. Using MDS Configuration Manager, you can choose to create a new site or to create an application in an existing site. If you create a new site, the root Web application is configured as the Master Data Manager Web application. If you select an existing site, you create a new Web application in the site to be the Master Data Manager Web application. More specific info at How to: Create a Master Data Manager Web Application: http://msdn.microsoft.com/en-us/library/ee633729.aspx. For more background on what's actually happening under the hood, there's a good article on what sites, applications, and virtual directories are in IIS 7.0 and later at http://learn.iis.net/page.aspx/150/understanding-sites-applications-and-virtual-directories-on-iis-7/.

3. After you enable the Web service by selecting the checkbox in MDS Configuration Manager, there is a bit more to configure. For steps on how to do that, see How to: Enable Web Services (Master Data Services): http://msdn.microsoft.com/en-us/library/ff486972.aspx.

Thanks for sharing the knowledge with everyone about MDS. It's great to see people kicking the tires on the product :)














get free sql tips
agree to terms