Restricting Viewer Permissions of Objects in the Repository

For viewing rights to a model (or glossary, etc.), the simplest best practice is to control viewing via configuration access, and not through restricting viewer rights to specific objects which may be in a configuration. This suggestion follows from the fact that any user who needs to open a configuration MUST ALSO have view permissions to all of the models in the configuration (either by explicitly assigning the Metadata Viewingcapability object role assignment to all the objects contained, or if no such assignment has been made, then the object is by default viewable). So, the easiest way to manage access to a model is to simply not include it in any open configuration.

However, if there is a need to define view restrictions on portions of the repository, limiting viewing (even in the repository manager) to a certain set of users, you may use either the View Restricted or the Metadata Viewingcapability object role assignment.

Using View Restricted to Limit Viewing of Objects in the Repository

Generally, one assigns the View Restricted role to the group Everyone for the repository root. Then all users have Metadata Viewing access, unless restricted at a lower level in the repository folder structure.

Example

Sign in as Administrator and go to MANAGE > Servers.

Select the repository root and the Responsibilities tab.

Select the Demo Enterprise Edition folder and the Responsibilities tab.

To override this role and restrict it to only a subset of users, you may assign the View Restricted to that subset of users. Click EDIT next to the View Restricted role and pick Business Users.

Click OK and then SAVE.