2. Creating a BDC service application
Before
you can create an ECT, you need to create a BDC service application,
which can be created by using the SharePoint configuration wizard, the
SharePoint Central Administration website, or Windows PowerShell. Using
the SharePoint Central Administration website or Windows PowerShell
allows you to specify the SQL Server database name or use a
preconfigured database name. Although you can use the configuration
wizard, which creates an automatically generated BDC database name, it
is not recommended to use the configuration wizard in production
because of the lack of control you have over what it creates.
When using the SharePoint Central Administration website or Windows
PowerShell, first check that at least one BDC machine service instance
is started on one of the servers in your SharePoint farm. The machine
service instance, also known as the SharePoint service,
uses the service binaries to manage components, such as any related
timer jobs, to make the service application function correctly. If you
have more than one server in your SharePoint farm, the machine instance
can be started on one or more of your servers. SharePoint then provides
its own round-robin load-balancing mechanism to distribute user
requests for data from the external systems evenly.
Once a machine service instance is started, you can create the BDC
service application. This allows you to manage and create the
definitions for the external systems. When the BDC service machine
instance is started and its associated service application is created,
then an Internet Information Services (IIS) Virtual Application is
created that runs in the context of an IIS application pool within the
SharePoint Web Services IIS website. It exposes a WCF web service, also
known as the service application endpoint, as shown in Figure 9.
This is used by SharePoint and can be used by developers in your
organization to develop new solutions. Such an endpoint is created by
SharePoint on each server where the machine service instance is started.
Once the BDC service application is started, you will see in the
Central Administration website on the Service Applications page, below
the BDC service application, a BDC service application proxy, also
known as the service connection, as shown in Figure 10.
This provides the connection between the components, such as webpages
that wish to access the data from the external systems and the BDC
service application. The service application proxy also understands the
load-balancing mechanism that SharePoint uses, and if you publish a BDC
service application for use on other farms, the service application
proxy will be used for managing those connections as well.
Once you create the BDC service application, you will need to complete the following administrator tasks:
-
Create BDC service application administrators.
-
Import the BDC model that contains the metadata information.
-
Set BDC Metadata Store permissions.
-
If you are using SharePoint Server 2013 and have purchased
Enterprise CALs, configure profile page creation (that is, the site
where the profile pages are to be created). Ensure that the SharePoint
Enterprise Site Collection features are activated on this site.
-
If you are using SharePoint Server 2013, configure Single Store
Service if you plan to import any BDC models into the metadata store
then you should plan to use this authentication mechanism.
-
Deploy any custom business data solutions, such as dashboards.
Table 1 lists the metadata store permissions that you can use and the allowed actions of the user, group, or claim.
Table 1. BDC metadata store permissions
Permission
|
Description
|
---|
Edit |
Use to allow users to create and amend BDC models, external system
definitions, and ECTs. Only allow highly trusted users to have this
permission, especially in a production environment. Users with this
permission can see external system definitions created by other users,
and therefore this can be a security risk, where a malicious user can
use the security information in the external system definition to
access and corrupt external content, and adversely affect the running
of the SharePoint installation. When you upload a BDC model from a
development environment into a production environment with its security
settings, remove the edit permissions from the BDC model for those
users who created it in the development environment. If you do not have
a development or prototype environment, you will need to give users who
create external system definitions and ECTs using either SharePoint
Designer or Visual Studio edit permission on the BDC model. |
Execute Selectable In Clients |
There is no execute or selectable in Clients permission on the
metadata store; however, you can choose to propagate these settings to
child objects in the BDC model, external systems, ECTs, methods, and
method instances, and their child objects. |
Set Permissions |
Users with this permission can manage BCS permissions on the BDC
metadata store, and by propagating a user’s settings, the user can set
permission on any object in the metadata store. This permission is
usually only given to BCS service application administrators. |
Note
More information on BCS security can be found att.
Follow these steps to set permissions on the BDC metadata store:
-
Open the SharePoint Central Administration website in the browser.
Under Application Management, click Manage Service Applications.
-
On the Service Applications page, click the name of the BDC service for which you want to manage permissions.
-
Click Set Metadata Store Permissions on the Edit tab of the Ribbon.
-
On the Set Metadata Store Permissions page, enter the appropriate
users or groups and select the appropriate permissions, as shown in the
following graphic.
Note
Do not select the Propagate Permissions To All check box as every
External System, BDC Model, or ECT will inherit this configuration when
added to the metadata store. This also prevents users from unnecessary
access to any External System, BDC Model, or ECT that they should not
have.
-
Click OK.