If you are using SharePoint 2010 RTM and get the following error:

Access denied by Business Data Connectivity.


It likely is because by default on installation the BCS service doesn’t have any permissions
enabled at all.

If you go to your central administration site and manage the BCS service and look
at Metadata Store permissions you’ll see that it is empty


Obviously in a production environment you want to be very deliberate about setting
the permissions, but when you are developing you just want your code to work 🙂

Here’s a PowerShell script that will set the permissions on the Metadata store (and
all BCS models deployed after you run the script) to all windows users.  Again,
not something I recommend for a production machine – but something that is fine for
your development machine.

 1: $adminURL="HKLM:\SOFTWARE\Microsoft\Shared
Tools\Web Server Extensions\14.0\WSS\"

 2: $key
= Get-Item $adminURL 

 3: $adminurl
= $key.GetValue(">CentralAdministrationURL")

 4: Write-Host
">Central admin site "+ $adminurl

 5: Add-pssnapin
Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue


 7: Write-Host
Updating BCS persmissions 

 8: $obj
= Get-SPBusinessDataCatalogMetadataObject -BdcObjectType Catalog -ServiceContext $adminurl

 9: $right
= (1+2+0x10+4)

 10: $claim
= New-SPClaimsPrincipal -Identity 'c:0!.s|windows' -IdentityType

 11: Grant-SPBusinessDataCatalogMetadataObject
-Identity $obj -Principal $claim -Right $right

 12: Copy-SPBusinessDataCatalogAclToChildren
-MetadataObject $obj

 13: Write-Host

Check out my new book on REST.