Satya Kanithi's Professional Blog

November 1, 2010

How to set permissions on Business Data Connectivity entities dynamically (Programmatically) in SP 2010

Filed under: SharePoint 2010 — kanithis @ 8:41 pm

Setting permissions on individual BDC entities using Central Admin in SharePoint 2010 is a big pain especially if there are several entities and several users/groups involved.

Following is the code based solution (Visual Studio) that will set permissions on certain BDC entities. We can either create a small Windows Project or put this in Feature receiver.

//Create Service Context Object ; site – is the SPSite Object , if using feature receiver , use SPFeatureReceiverProperties

SPServiceContext spc = SPServiceContext.GetContext(site);
BdcServiceApplicationProxy proxy = (BdcServiceApplicationProxy)spc.GetDefaultProxy(typeof(BdcServiceApplicationProxy)); //BDC proxy instance
AdministrationMetadataCatalog catalog = proxy.GetAdministrationMetadataCatalog(); //To administer the BDC service Metadata store
//Loop through the entities that  match wild card NameSpace (Custom) and wild card entity name (AdventureWorks) with active only

foreach (Entity entity in catalog.GetEntities("*Custom*", "*AdventureWorks*", true))
         {
            IAccessControlList acl = entity.GetAccessControlList();
           //Set access Execute, Edit, SelectableInClients and SetPermissions to Domain\Admin user

          acl.Add(new IndividualAccessControlEntry(BdcAccessControlList.TranslateFriendlyStringToEncodedClaim("Domain\\Admin"), BdcRights.Execute | BdcRights.Edit | BdcRights.SelectableInClients | BdcRights.SetPermissions));
          acl.Add(new IndividualAccessControlEntry(BdcAccessControlList.TranslateFriendlyStringToEncodedClaim("Domain\\Group1"), BdcRights.Execute | BdcRights.Edit | BdcRights.SelectableInClients));
           acl.Add(new IndividualAccessControlEntry(BdcAccessControlList.TranslateFriendlyStringToEncodedClaim("Domain\\User1"), BdcRights.Execute | BdcRights.Edit ));
           acl.Add(new IndividualAccessControlEntry(BdcAccessControlList.TranslateFriendlyStringToEncodedClaim("Domain\\User2"), BdcRights.Execute ));
            entity.SetAccessControlList(acl); //Set the permissions

               //Copy entity permissions to its methods so that they can be executed by the added user
               entity.CopyAclAcrossChildren();

        }

You might want to wrap the whole code as a delegate and run using SPSecurity.RunWithElevatedPrivileges

Also make sure when ever setting permissions on BDC entities using code model, one of the permissions must include SetPermissions otherwise the error “An error occurred while trying to assign an Access Control List to ‘IEntity’ with name ‘****’. At least one user/group in the Access Control List must have the SetPermissions right to avoid creating a non-manageable object.” is thrown.

Advertisement

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Theme: WordPress Classic. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.