AccessDeniedException Class

Represents an exception that is thrown when the Business Data Catalog authorization subsystem detects an invalid access attempt such as when a user or a service account attempts to perform an action, such as accessing an entity, executing a method, or deleting an application that the user does not have permissions to do.

Inheritance Hierarchy


Namespace:  Microsoft.Office.Server.ApplicationRegistry.Infrastructure
Assembly:  Microsoft.SharePoint.Portal (in Microsoft.SharePoint.Portal.dll)


<SerializableAttribute> _
<SharePointPermissionAttribute(SecurityAction.Demand, ObjectModel := True)> _
<SharePointPermissionAttribute(SecurityAction.InheritanceDemand, ObjectModel := True)> _
Public Class AccessDeniedException _
    Inherits Exception
Dim instance As AccessDeniedException
[SharePointPermissionAttribute(SecurityAction.Demand, ObjectModel = true)]
[SharePointPermissionAttribute(SecurityAction.InheritanceDemand, ObjectModel = true)]
public class AccessDeniedException : Exception


When you are working with Business Data Catalog applications, an Access Denied error means that a user or a service account performing an action—such as accessing an entity, executing a method, or deleting an application—does not have permission to perform the action. To resolve the problem, someone with the Manage Permissions right must grant the user or the service account appropriate permissions to the Business Data Catalog metadata objects.

The Enterprise Search service uses the default Content Access account to crawl Business Data Catalog applications that are configured for search. In Microsoft Office SharePoint Server 2007, you should explicitly give the Search service account permissions to view or execute the entities and methods that it needs using SharePoint Central Administration.

Each object in the Business Data Catalog hierarchy of metadata objects (Application, Entity, Method, MethodInstance, Parameter, TypeDescriptor, and so on) has an access control list (ACL) that specifies which principals have which rights on the object. Of the 13 metadata objects, only LobSystem, Entity, Method, and MethodInstance have ACLs that can be controlled individually. These objects are referred to as Individually Securable metadata objects. Other metadata objects inherit the ACL from their immediate parent and are referred to as Access-controlled metadata objects.

The following table shows the rights the administrator—or someone with Manage Permissions right—can set on a Business Data Catalog application.


Applies To



Access-controlled metadata objects

  • Update

  • Delete

  • Create child object

  • Add property

  • Remove property

  • Clear properties

  • Add localized display name

  • Remove localized display name

  • Clear localized display names

Manage Permissions

Individually securable metadata objects

  • Set permissions

  • Copy permissions to children

Execute (View)


  • Execute the MethodInstance via various run-time API calls

Selectable in Clients

Application and Entity

  • Use in Web Parts and lists

  • View in Picker

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

See Also


AccessDeniedException Members

Microsoft.Office.Server.ApplicationRegistry.Infrastructure Namespace