Logo
CAR REVIEW
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
PREGNANCY
 
 
Windows Azure

Securing Your SharePoint and Windows Azure Solutions : Configuring BCS Security - Create an Application ID, Assess Permissions on the ECT

11/20/2012 6:11:55 PM
Create an Application ID

  1. Open SharePoint Central Administration.

  2. Click Manage Service Applications and Secure Store Service.

  3. Click the New button on the ribbon, as shown in the following graphic. Note that if this is the first time you’ve done this, you might be required to generate a new key.

    image with no caption

  4. Now as shown in the following graphic, provide a target application ID name, a display name, and a contact email address. Leave the other options set to their defaults.

    image with no caption

  5. Click Next. Change the user name and password field names to something more descriptive (such as SQL Azure User Name and SQL Azure Password). Make sure that you select User Name and Password as the field types. Keep the password masked.

    image with no caption

  6. Click Next. Now provide a valid Active Directory alias as the administrator of the target application definition. You can designate multiple administrators, separating them with semicolons.

    image with no caption

    You now have an application ID that you can use to connect to the SQL Azure external system. You would use this Application ID when creating your ECT. For example, you created an ECT by using SharePoint Designer. In the following graphic, you can see that you select Connect With Impersonated Custom Identity and then add the Secure Store Application ID to complete the handshake with the external system.

    image with no caption

    SharePoint Designer prompts you to enter your credentials when connecting to SQL Azure, and you’ll again be prompted for credentials when you load the external list for the first time. Credentials are then saved. If the credentials change, you will be prompted to enter your credentials again.

The second level of permissions is the ECT; you can assess permissions for a specific user against the external system for Edit, Execute, Selectable In Clients, and Set Permissions. (This second level of permissions applies equally to either a SQL Azure external data source or a WCF endpoint that you model by using the Business Data Connectivity Model template in Microsoft Visual Studio.) Each of these permissions provides different levels of access to BCS resources. For example, Edit enables you to create new external systems and edit the model file. Execute enables you to execute the method within the ECT. Selectable In Clients enables you to create external lists by using the ECT. And Set Permissions enables you to set any permissions in the metadata store. For more information on these permissions, see the following TechNet article: http://technet.microsoft.com/en-us/library/ee661743.aspx.

Assess Permissions on the ECT

  1. Open SharePoint Central Administration.

  2. Click Manage Service Applications, and then click Business Data Connectivity Service.

  3. Select an ECT in the list, and then click Set Object Permissions.

  4. Type the Active Directory alias for a user and click Add. After the name resolves, select the permissions you want for that user, as shown in the following graphic. Note that in this screen shot, you’ve selected the highest level of privileges, which should be reserved for administrators (or power users). In many cases, you only need to give users Execute permissions so they can execute all of the methods within the ECT.

    image with no caption

  5. Click OK to finish.

Assessing the user permissions by using the application ID is a very simple process, and it provides you with a per-user filter on an otherwise open outbound connection. For example, suppose you create a WCF service ECT  and create web methods to support create, read, update, and delete (CRUD) operations. Although the calling of your service supports CRUD, and the ensuing ECT you create against that WCF service would support CRUD, you can limit specific users to read-only access (or, of course, give them CRUD access). In this sense, a claims-aware WCF service might not be required because you can secure an individual method on the ECT.

The most important point in this first section is that you have granular control over who has access to SQL Azure data using BCS and external lists. You should see Execute as the fundamental, baseline privilege you assess users and then proceed more deeply based on your needs.

Another type of data storage for which you built an application was Windows Azure BLOB storage, which has a flexible security model. In the next section, you’ll see how you can use shared access permissions to control access to resources in BLOB storage.
Other -----------------
- Deploying to Windows Azure : Changing live configuration, Upgrading the deployment, Running the deployment
- Deploying to Windows Azure : Preparation application for deployment, Ready for deployment
- Setting up hosted service in Windows Azure
- Azure Monitoring and Diagnostics : Logging config data in our application, Transferring and persisting diagnostic data
- Azure Monitoring and Diagnostics : Azure Diagnostics­ under the hood, Enabling diagnostic logging
- Web Services and Azure : Our WCF web services
- Web Services and Azure : Creating a new WCF service web role
- Azure Blob Storage : Windows Azure Content Delivery Network, Blob Storage Data Model
- Azure Blob Storage : Blobs in the Azure ecosystem, Creating Blob Storage
- The Nickel Tour of Azure : How are Azure costs calculated?
- The Nickel Tour of Azure : Explaining Azure to the managers
- Application Life Cycle Management
- Sharing Digital Photographs : Exploring Photo-Sharing Communities
- Sharing Digital Photographs : Exploring Online Photo-Editing Applications
- Surfacing SQL Azure Data in Bing Maps by Using the Client Object Model
- Storing and Sharing Files and Other Online Content : Exploring Online Bookmarking Services
- Storing and Sharing Files and Other Online Content : Understanding Cloud Storage & Evaluating Online File-Storage and -Sharing Services
- Integrating the SharePoint Server Object Model and the Entity Data Model (part 2) - Create a Meeting Scheduler Visual Web Part
- Integrating the SharePoint Server Object Model and the Entity Data Model (part 1) - Create a Console Application to Write Data to a SharePoint List
- Collaborating on Presentations : Evaluating Web-Based Presentation Applications (part 2)
 
 
Most view of day
- Microsoft Dynamics AX 2009 : Integration with Microsoft Office - Reading Excel files
- Windows Phone 7 : The Silverlight Controls (part 3) - Line, Polyline, and Polygon Controls
- Managing Digital Movies (part 3) - Watching and Managing Movies with Windows Media Player,
- Administering an Exchange Server 2013 Environment (part 6) - Introduction to Role Based Access Control
- Windows Phone 8 : Working with File Explorer (part 1) - Adding Media to Your Phone
- Windows Server 2012 : Configuring IPv6/IPv4 interoperability (part 4) - IPv6 address assignment - Manual address assignment
- Windows Server 2012 : Ensuring DHCP availability (part 1) - Previous approaches to implementing DHCP availability
- Understanding IPv6 (part 3) - Understanding Address Autoconfiguration, Understanding Name Resolution
- System Center Configuration Manager 2007 : Desired Configuration Management - Troubleshooting
- Windows Server 2012 Administration : Creating Groups (part 1) - Domain Functional Level and Groups , Creating AD Groups
Top 10
- Microsoft Project 2010 : Linking Tasks (part 8) - Auditing Task Links,Using the Task Inspector
- Microsoft Project 2010 : Linking Tasks (part 7) - Creating Links by Using the Mouse,Working with Automatic Linking Options
- Microsoft Project 2010 : Linking Tasks (part 6) - Creating Links by Using the Entry Table
- Microsoft Project 2010 : Linking Tasks (part 5) - Creating Links by Using the Task Information Dialog Box
- Microsoft Project 2010 : Linking Tasks (part 4) - Entering Leads and Lags, Creating Links by Using the Menu or Toolbar
- Microsoft Project 2010 : Linking Tasks (part 3) - Using the Start-to-Start Relationship,Using the Finish-to-Finish Relationship
- Microsoft Project 2010 : Linking Tasks (part 2) - Using the Start-to-Start Relationship,Using the Finish-to-Finish Relationship
- Microsoft Project 2010 : Linking Tasks (part 1) - Defining Dependency Links
- Microsoft Project 2010 : Defining Task Logic - Manipulating Your Schedule
- Microsoft Lync Server 2013 : Director Troubleshooting (part 3) - Synthetic Transactions,Telnet
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro