If you are using SharePoint 2010 RTM and get the following error:
Access denied by Business Data Connectivity.
It likely is because by default on installation the BCS service doesn’t have any permissions
enabled at all.
If you go to your central administration site and manage the BCS service and look
at Metadata Store permissions you’ll see that it is empty
Obviously in a production environment you want to be very deliberate about setting
the permissions, but when you are developing you just want your code to work 🙂
Here’s a PowerShell script that will set the permissions on the Metadata store (and
all BCS models deployed after you run the script) to all windows users. Again,
not something I recommend for a production machine – but something that is fine for
your development machine.
1: $adminURL="HKLM:\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\WSS\"
2: $key = Get-Item $adminURL
3: $adminurl = $key.GetValue(">CentralAdministrationURL")
4: Write-Host ">Central admin site "+ $adminurl
5: Add-pssnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
7: Write-Host Updating BCS persmissions
8: $obj = Get-SPBusinessDataCatalogMetadataObject -BdcObjectType Catalog -ServiceContext $adminurl
9: $right = (1+2+0x10+4)
10: $claim = New-SPClaimsPrincipal -Identity 'c:0!.s|windows' -IdentityType EncodedClaim
11: Grant-SPBusinessDataCatalogMetadataObject -Identity $obj -Principal $claim -Right $right
12: Copy-SPBusinessDataCatalogAclToChildren -MetadataObject $obj
13: Write-Host Complete
Check out my new book on REST.