If you are using SharePoint 2010 RTM and get the following error:
Access denied by Business Data Connectivity.
It likely is because by default on installation the BCS service doesn’t have any permissions enabled at all.
If you go to your central administration site and manage the BCS service and look at Metadata Store permissions you’ll see that it is empty
Obviously in a production environment you want to be very deliberate about setting the permissions, but when you are developing you just want your code to work
Here’s a PowerShell script that will set the permissions on the Metadata store (and all BCS models deployed after you run the script) to all windows users. Again, not something I recommend for a production machine – but something that is fine for your development machine.
1: $adminURL="HKLM:SOFTWAREMicrosoftShared ToolsWeb Server Extensions14.0WSS"
2: $key = Get-Item $adminURL
3: $adminurl = $key.GetValue("CentralAdministrationURL")
4: Write-Host "Central admin site "+ $adminurl
5: Add-pssnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
7: Write-Host Updating BCS persmissions
8: $obj = Get-SPBusinessDataCatalogMetadataObject -BdcObjectType Catalog -ServiceContext $adminurl
9: $right = (1+2+0x10+4)
10: $claim = New-SPClaimsPrincipal -Identity 'c:0!.s|windows' -IdentityType EncodedClaim
11: Grant-SPBusinessDataCatalogMetadataObject -Identity $obj -Principal $claim -Right $right
12: Copy-SPBusinessDataCatalogAclToChildren -MetadataObject $obj
13: Write-Host Complete
Hey – I know I haven’t been blogging much. One of the reasons is I’ve really busy working on courseware for Microsoft on Windows Server AppFabric. If you are in Europe and interested in AppFabric – you should come to Brussels in June – Codit sign up today! Expect more blogging soon. I’ll also be in Las Vegas next week as part of the Visual Studio 2010 Launch – come by and say hi – I’ll give you a cool t-shirt! (can’t talk about it until Monday ;-))