In secure store what is exact meaning of Set Credentials, Target Application Administrators and members?

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/144386

  •  03-10-2020
  •  | 
  •  

Question

Set Credentials: This is used to enter the credentials used to connect to the external data (example analysis db) from the excel sheet.

Target Application Administrators : The list of users who have access to manage the Target Application settings. The farm administrator will have access by default.
What is meaning of target application here? Is it the secure store app or the excel app? Suppose lets assume target app is the secure store app. Then, when I add a user here, lets say this user is not a member of farm admin group. Then this user will not have access to central admin, thus no way to reach this secure store application for any management. What is purpose of this ?

Members The users and groups that are mapped to the credentials defined for this Target Application.
Who are the members here?

Was it helpful?

Solution

Target Application is the external application you're storing the credentials for.

Only Target Application Administrators can assign credentials for the Secure Store application definition (row).

Members are the users in SharePoint, who are accessing the external application using the credentials you define in this one Secure Store application definition (row). So SharePoint will automatically use these credentials for the member users.

To grant non-farm-admin access to control Secure Store service application, you need to designate that user as service app administrator.

"How do you give it?

Central Admin > Service Application Management. Highlight the service application and click “Administrators" in the ribbon. Add the user to the Administrators list.

When does it work?

When the service application administrator logs in to Central Admin.

Why does it only work then?

When a user is added as an administrator for a service application they are added to a SharePoint group in Central Admin called “Delegated Administrators.” This gives them permission to log in to Central Admin. Central Admin authorizes them to log in and gives them access to the service application they’ve been given access to. The Central Admin app pool (the Farm Account) then accesses SharePoint on that user’s behalf like any other web request." Source

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top