There are several step-by-step guides available on the internet – so why do I post another one here?
Most of what you find on the internet is just a test case where you will setup an external datasource with a SharePoint farm admin account. But will this be your production use case? In my projects it is not because users should be able to do this themselves without the help of a farm administrator (following SharePoint’s self-service philosophy).
- Go to SQL Server, attach northwind.mdf in SQL Management Studio
- Add windows login for database-user (the account you are going to use to access the database) and assign it db_reader role in northwind db and public role in SQL instance
- Go to Central Administration > Secure Store Service with farm admin access (you could also give permissions so users can do this themselves – the drawback here is that this will not be possible without granting access to the CA port for end users… another story for another post maybe)
- create new Target Application, type in ID, Display Name, ContactEmail, choose TargetApplicationType „Group“ and click next
- click next and fill-in an admin (i.e. yourself). As member type in „everyone“and click Ok
- Set credentials for db-user in the newly created target application
- Create SiteCollection „Northwind“ (Template TeamSite 2013) and assign a test account as sc admin (but not with farm admin privileges)
- Open the SiteCollection with SharePoint Designer 2013, login as your sc admin test account
- click External Content Types in left-hand navigation and then in the New ribbon External Content Type
- in „new external content type“ window, type in „Customer“ as name and change „office item type“ to „Contact“
- Click discover external data sources
- click „Add connection“and choose „SQL Server“ as data source type
- fill-in db server and db name and choose „Connect with impersonated windows identity“ as authentication type
- Open „Northwind“ – Tables – Customers, right click and choose „Create All Operations“
- Click CustomersID and uncheck required
- Click ContactName – Office Property „Fullname“ – Check Show in Picker – click Next
- Add a filter – Type in name Limitfilter – Filter Type „Limit“ – click Ok
- Add the value 1000 and click „Finish“
- save changes in SPD (top left corner disk icon)
- Go to the SiteCollection, click site actions -> Add an App -> External list
- type in „Customers“ as name and choose „Customers“ from external content type list (use browse button to search for external content type)
- click create
- click tile „Customers“
The expected result is that a list of customers from northwind db is shown in your SharePoint site.
But when following the 23. steps of this guide you will struggle at step 13 – you will receive an Access Denied error message. It took me some time to figure out why because first I thought I had a mistake in the setup of the Secure Store target application or somewhere in the database permissions. When I finally found out I decided to post this:
You must configure BCS permissions for your test site collection admin account before this steps work out.
- So go to CA > Manage Service Applications > Business Data Connectivity Service
- Ribbon Permissions > Set Metedata Store Permissions
- add your sc test account (or rather an AD role group in a real production environment) and check Edit, Execute, Selectable In Clients and Set Permissions and click OK