Give users access to BDC using SQL Authentication
https://sharepoint.stackexchange.com//questions/79880
-
10-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a web part using an external list through an external content type which uses Business Data Connectivity with SQL Server Authentication through the use of a Secure Store Service key. Everything works fine until I try to access the page I'm using the list on with a user who isn't the site owner.
The first error I got was about Business Data Connectivity permissions so I went in and added my test user to the BCD permissions list and gave him Execute permission. That, I think, should allow him to use the web part with the external list IF I were connecting to the database with user authentication.
However, in my case, since I'm using SQL authentication through a Secure Store Service key, I get an error about that key entry which is completely unhelpful. I first figured it was another permissions issue so I added my test user to the "Target Application Administrators" of the key which, first off: doesn't seem right that every user would have to be an administrator for the key, and second: still just doesn't work. Anyone have an idea? I would post the error I get but it literally tells me nothing other than mentions the name of my Store Service Key and gives me a long, meaningless stack trace.
Solution
If you have an issue with the Secure store, it might be wise to re-create the application definition. Your scenario, if I got it right, should enable a pass-through SQL connection to all users by using a single SQL Account. In such situation you need to verify that the Secure Store application is properly configured:
- Create it for a Group in the "Target Application Type".
- User simple UserName & Password authentication (not Windows Username & Password which are defaults) when asked for credential types (you will know you choose right when asked for credentials themselves.
- In the members put either Users or an AD Group where you have your users which shall be considered as allowed to use access this connection, aka "mapped to this credentials" (this is different than the BDC security!).
- Set credentials once ready.
This has been only for Secure Store. In BDC you need to enable people to actually access the definition of your model, whereas the secure store only makes for an SSO like authentication transparent.
