Logo 
Search:

Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

SharePoint BCS

  Asked By: Ciera    Date: Jan 01    Category: Sharepoint    Views: 2566

I'm trying to bring external content into our SharePoint environment. We are
running SP 2010. The data I want to bring in exists in Sql Server. What I'm
struggling to do is map the logged in SharePoint user to an underlying sql user.

In SharePoint I have created a new Target Application in the Secure Store
Service:

Target Application ID: TestApp
Target Application Type: Group

I have specified two fields:
Name Type
User Name User Name
Password Password
**these are not the Windows User Name and Windows Password types just the basic
types

Target Application Administrators and Members are both set as myself (AD User).

In SharePoint Designer I've created a new External Content Type. I've added a
connection of (Type -> Sql Server). I've set the database server name to the
server name that is not on the same box as SharePoint and I've set the database
name. I've selected the Connect with Impersonated Custom Identity option and
set the Secure Store Application Id to TestApp. When I click OK I get prompted
for credentials so I enter the Sql Server user credentials and the connection
succeeds. I expand out the tables, right click the table I want accessible, and
click Create All Operations. I go through the wizard and enter one limit
filter.

Next I right click MyTable in the External Content Types windows, select
External List, and give it a name. Next I go into Central Admin and set the
credentials of TestApp.

Now when I log into SharePoint I can see my external list in the left hand TOC.
I click on the list and I get the error Access Denied by Business Data
Connectivity* with a correlation code. I've opened up the logs to see what is
being returned which has some interesting logs but I'm not sure exactly how to
remedy the problem:

Log:
Access Denied for User '0#.w|domain\myuser, which may be an impersonation by
'domain\myuser'. Securable MethodInstance with Name 'Read List' has ACL that
contains

Another Log:
Error while executing web part: Microsoft.SharePoint.SPException: Access denied
by Business Data Connectivity. ---> Access Denied for User '0#.w|domain\myuser',
which may be an impersonation by 'domain\myuser'. Securable MethodInstance with
Name 'Read List' denied access.

I know if I'm using pass through creds we will need kerbors to handle the double
hop but didn't think I would need kerbos with cred mapping to a sql server user.

Share: 

 

1 Answer Found

 
Answer #1    Answered By: Dewayne Clay     Answered On: Jan 01

Did you give your user permission to access the model in BCS through Central
Admin? You can't grant permissions to the BCS model itself in SPD, you have
to either add the user/group to the BCS default permissions or give them
specific permissions through the BCS service application in Central
Administration. I've had issues with this before. You'll notice that the
error states access was denied by BCS, not SQL. The secure store settings
aren't the issue. The problem is that your user doesn't have rights to the
specific BCS model that you created in SPD.

 
Didn't find what you were looking for? Find more on SharePoint BCS Or get search suggestion and latest updates.

Related Topics:



Tagged:    

 

Related Post