Configuring SharePoint 2013 ECT & BCS for SQL Connectivity
After having to walk through these setup steps recently for the first time with SQL and the impersonated windows ID I thought I'd post these steps for later reference and hopefully some of you will find them helpful.
There are several authentication options when configuring an External Content Type to point to a SQL server list.
Connect with User's Identity
Connect with Impersonated Windows Identity
Connect with Impersonated Custom Identity
The steps for each method above are outlined here:
Connect with User's Identity
Use this for authenticating with the credentials from SQL itself when a user visits SharePoint to view the SQL list content
I.SharePoint Designer
- Create new External Content Type
- Create new database connection. Use Connect with User's Identity
- Create Read Item and Read List operation at the very least
- Save External Content Type
- Right-click newly created ECT and create External List
Connect with Impersonated Windows Identity
Use this option for SQL authentication when you want your user accounts hidden behind a single Windows alias. The alias account credentials are kept in the Secure Store Service Application.
I. SharePoint Central Admin
- Central Admin > Manage Service Application. Create a new Secure Store Service Application and edit it.
- Create a new target application using the Group type.
- Enter all the accounts that require access on the next screen.
- Once the Target Application has been created open the associated drop down list and select Set Credentials and enter the Username/Password of the AD alias account.
II. SharePoint Designer
- Create new External Content Type
- Create new connection and use the Connect with Impersonated Windows Identity option and enter the Secure Store Application ID you just created in Central Admin above
- Create a Read List and Read Item operation at the very least
- Save the External Content Type
- Open up the options menu of the newly created ECT to create an External List
III. SharePoint Central Admin
- Once you are finished with the previous step in SharePoint designer it automatically creates your External Content Type
- From the Business Data Connectivity Service Application find the new ECT, select the box next to it, and go to Set Object Permissions located on the command ribbon.
- Select a user or group with access to the ECT and grant at least Execute permissions to it.
- Select Set Metadata Store Permissions located on the command ribbon
Connect with Impersonated Custom Identity
This option is very much like the Impersonate Windows Identity selection but the configuration uses an account created in SQL as opposed to an AD account as was used In the Windows Identity section above.
I. SharePoint Central Admin
- Central Admin > Manage Service Application and select or create a new Secure Store Service Application and edit it. Create a new target application using the Group type.
- After the Target Application has been created select Set Credentials from the dropdown and enter the Username/Password of a SQL account
II. SharePoint Designer
- Create a new External Content Type
- Create a NEW connection, or use one that you know was setup w/ a SQL login. Use the Connect with Impersonated Custom Identity option and enter the Secure Store Application ID created in the previous steps.
- Create a Read Item and Read List operation at the very least
- Save the External Content Type
- Open up the options menu of the newly created ECT to create an External List
III. SharePoint Central Admin
- Once you are finished with the previous step in SharePoint designer it automatically creates your External Content Type
- From the Business Data Connectivity Service Application find the new ECT, select the box next to it, and go to Set Object Permissions located on the command ribbon.
- Select a user or group with access to the ECT and grant at least Execute permissions to it.
- Select Set Metadata Store Permissions located on the command ribbon
Hope you find this useful.