Skip to main content Skip to complementary content

Restricting Viewer Permissions of Objects in the Repository

For viewing rights to a model (or glossary, etc.), the simplest best practice is to control viewing via configuration access, and not through restricting viewer rights to specific objects which may be in a configuration. This suggestion follows from the fact that any user who needs to open a configuration MUST ALSO have view permissions to all of the contents in the configuration (either by explicitly assigning the Metadata Viewing capability object role assignment to all the objects contained, or if no such assignment has been made, then the object is by default viewable). So, the easiest way to manage access to a model is to simply not include it in any open configuration.

However, if there is a need to define view restrictions on portions of the repository, limiting viewing (even in the repository manager) to a certain set of users, you may use either the View Restricted or the Metadata Viewing capability object role assignment .

Using View Restricted to Limit Viewing of Objects in the Repository

Generally, one assigns the View Restricted role to the group Everyone for the repository root. Then all users have Metadata Viewing access, unless restricted at a lower level in the repository folder structure.

Information note

The advantage of this approach is that access remains for common system type objects like Naming Standards without having to explicitly assign those permissions, as one is only restricting further at lower levels in the folder structure.

Example

Sign in as Administrator and go to MANAGE > Servers .

Select the repository root and the Responsibilities tab.

Information note

By default the View Restricted role to the group Everyone for the repository root.

Select the Demo Enterprise Edition folder and the Responsibilities tab.

Information note

The View Restricted role is inherited to the group Everyone for the repository root.

To override this role and restrict it to only a subset of users, you may assign the View Restricted to that subset of users. Click EDIT next to the View Restricted role and pick Business Users .

Click OK and then SAVE .

Information note

Business Users are now the only users who can see this folder and thus the contained configuration and its contents.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!