Classes that are lower in the hierarchy inherit the security permissions from classes that are higher in the hierarchy, unless overridden by another security profile. For example, if you assign a user the Architect profile for the mart level, the user is automatically assigned Architect-level permissions for all object classes below it in the object hierarchy. Assign a global security profile to a user at the mart level, and then assign a different security profile to grant or deny additional permissions in lower-level object classes.
You can also assign a security profile to a user for an individual object. A security profile assigned to a specific object overrides any security permissions inherited from a higher-level object class. When you assign a new security profile to a user, the user retains the existing security permissions, and loses the ones that the new security profile overrides.
By default, the Viewer and Guest security profiles are read-only security profiles at the mart level. When a user is assigned to a read-only security profile, the corresponding permissions are automatically applied to all lower object classes in the database. Assign the Viewer profile to limit the permissions of a user in an object class, and use the Guest profile exclusively for users that are using CA ERwin Data Modeler Navigator Edition to access the database.
Note: The owner of the database (dbo) always supersedes any security provided on the mart. If the database owner is assigned the Viewer profile, that user is still able to change security profiles because the database owner is the Mart Administrator by default, regardless of the profile assigned in the Security Manager.
Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |