設定安全認證儲存搭配使用 PerformancePoint ServicesConfigure Secure Store for use with PerformancePoint Services

摘要:設定 PerformancePoint Services 使用安全認證儲存目標應用程式進行外部資料重新整理。Summary: Configure PerformancePoint Services to use a Secure Store target application for external data refresh.

PerformancePoint Services 支援兩種使用 Secure Store Service 連線至外部資料:PerformancePoint Services supports two methods of using Secure Store Service to connect to external data:

若要設定 PerformancePoint Services 資料存取使用安全認證儲存目標應用程式,您可以使用下列程序:To configure PerformancePoint Services data access to use a Secure Store target application, you use the following process:

  1. 設定資料存取帳戶Configure a data access account

  2. 建立 Secure Store 目標應用程式Create a Secure Store target application

  3. 若要使用安全認證儲存目標應用程式將資料連線Configure a data connection to use a Secure Store target application

設定資料存取帳戶Configure a data access account

您必須具備可授與您要連線的儀表板設計工具中的資料來源的存取權的 Windows Active Directory 帳戶。此帳戶會儲存在 Secure Store。You must have a Windows Active Directory account that can be granted access to the data source to which you want to connect in Dashboard Designer. This account will be stored in Secure Store.

建立帳戶之後下, 一步是將授與所需的資料該帳戶讀取權限。(在本文中,我們使用連絡 SQL Server 資料庫的範例。如果您使用 SQL Server 以外的資料來源,請參閱您具有資料讀取權限的資料存取帳戶建立登入的資料來源的指示)。Once you have created the account, the next step is to grant that account read access to the required data. (In this article, we use the example of accessing a SQL Server database. If you are using a data source other than SQL Server, see the instructions for your data source to create a logon with data-read permissions for the data access account.)

請遵循下列步驟來建立 SQL Server 登入,並授與資料庫的讀取權限。Follow these steps to create a SQL Server logon and grant Read access to the database.

若要建立資料存取帳戶的 SQL Server 登入To create a SQL Server logon for the data access account

  1. 在 SQL Server Management Studio 中,連線至資料庫引擎。In SQL Server Management Studio, connect to the database engine.

  2. 在 [物件總管] 中,展開 [安全性]。In Object Explorer, expand Security.

  3. 在 [登入] 上按一下滑鼠右鍵,然後按一下 [新增登入]。Right-click Logins, and then click New Login.

  4. 在 [登入名稱] 方塊中,輸入您為資料存取所建立的 Active Directory 帳戶名稱。In the Login name box, type the name of the Active Directory account that you created for data access.

  5. 在 [選取頁面] 區段中,按一下 [使用者對應]。In the Select a page section, click User Mapping.

  6. 選取您想要提供存取,然後在 [資料庫對應] 核取方塊資料庫角色成員資格:<資料庫>,選取 [ db_datareader]核取方塊。Select the Map check box for the database that you want to provide access to, and then, under Database role membership for: <database>, select the db_datareader check box.

  7. 按一下 [確定]。Click OK.

建立資料存取帳戶並授與該帳戶資料來源的存取權之後,下一步是建立 Secure Store 目標應用程式。Now that you have created a data access account and granted it access to a data source, the next step is to create a Secure Store target application.

建立 Secure Store 目標應用程式Create a Secure Store target application

您必須建立包含您為資料存取所建立的認證的 Secure Store 目標應用程式。然後可以在儀表板設計工具中的資料來源設定] 中指定此目標應用程式。You must create a target application in Secure Store that contains the credentials that you created for data access. This target application can then be specified in the data source settings in Dashboard Designer.

建立目標應用程式時,您必須指定哪些使用者有權限使用 Secure Store 中儲存的認證。您可以個別列出使用者,也可以使用 Active Directory 群組。建議您使用 Active Directory 群組以便於管理。When you create the target application, you have to specify which users will be authorized to use the credentials stored in Secure Store. You can list users individually, or you can use an Active Directory group. We recommend that you use an Active Directory group for ease of administration.

注意

您的目標應用程式中列出的使用者沒有直接存取儲存的認證。而儀表板設計工具及其代理使用認證連線至資料庫並 PerformancePoint Services 會使用其代理認證時重新整理已發佈儀表板中的資料。The users that you list in the target application do not have direct access to the stored credentials. Instead, Dashboard Designer uses the credentials on their behalf to connect to the database, and PerformancePoint Services uses the credentials on their behalf when refreshing data in a published dashboard.

請使用下列程序建立 Secure Store 目標應用程式。Use the following procedure to create a Secure Store target application.

建立目標應用程式To create a target application

  1. 在管理中心首頁上,按一下 [應用程式管理] 區段中的 [管理服務應用程式]。On the Central Administration home page, in the Application Management section, click Manage service applications.

  2. 按一下 Secure Store Service 應用程式。Click the Secure Store service application.

  3. 在功能區上,按一下 [新增]。On the ribbon, click New.

  4. 在 [目標應用程式識別碼] 方塊中輸入此目標應用程式 (例如,PerformancePointServicesDataAccess) 的唯一識別碼。In the Target Application ID box, type a unique identifier for this target application (for example, PerformancePointServicesDataAccess).

  5. 在 [顯示名稱] 方塊中,輸入易記名稱或簡短描述。In the Display Name box, type a friendly name or short description.

  6. 在 [連絡人電子郵件] 方塊中,輸入此目標應用程式的連絡人電子郵件地址。In the Contact E-mail box, type the e-mail address for a contact for this target application.

  7. 在 [目標應用程式類型] 下拉式清單中,選取 [群組]。In the Target Application Type drop-down list, select Group.

  8. 按 [下一步]。Click Next.

  9. 在 [認證欄位] 頁面上保留 Windows 使用者名稱和 Windows 密碼的預設值,然後按 [下一步On the Credential Fields page, leave the default values of Windows User Name and Windows Password and click Next.

  10. 在「指定成員資格設定」頁面上:On the Specify the membership settings page:

    • 在 [目標應用程式管理員] 方塊中,輸入將管理此目標應用程式的使用者帳戶。In the Target Application Administrators box, type the account of the user who will administer this target application.

    注意

    您可以指定多位使用者或 Active Directory 群組。You can specify multiple users or an Active Directory group.

    • 在 [成員] 方塊中,輸入您要授與重新整理資料能力的使用者。In the Members box, type the users to whom you want to grant the ability to refresh data.

    注意

    您可以指定多位使用者或 Active Directory 群組。You can specify multiple users or an Active Directory group.

  11. 按一下 [確定]。Click OK.

請使用下列程序設定目標應用程式的認證:Use the following procedure to set the credentials for the target application.

設定目標應用程式的認證To set the credentials for the target application

  1. 在 Secure Store Service 應用程式頁面上的 [目標應用程式識別碼] 欄中,指向您剛建立的目標應用程式,按一下出現的箭頭,然後按一下 [設定認證]。On the Secure Store Service Application page, in the Target Application ID column, point to the target application that you just created, click the arrow that appears, and then click Set Credentials.

  2. 輸入資料存取帳戶的使用者名稱與密碼。Type the user name and password of the data access account.

  3. 按一下 [確定]。Click OK.

一旦您已設定目標應用程式的認證,目標應用程式可供使用。下一步是將儀表板設計工具中的此目標應用程式指定為資料來源設定] 的一部分。Once you have set the credentials for the target application, the target application is ready to use. The next step is to specify this target application in Dashboard Designer as part of the data source settings.

將資料連線設為使用安全認證儲存目標應用程式Configure a data connection to use a Secure Store target application

您必須設定您的 PerformancePoint Services 資料連線設為使用安全認證儲存。之後這麼做,您可以連線至儀表板設計工具中的外部資料來源,並建立儀表板。使用下列程序設定 PerformancePoint Services 資料連線。You must configure your PerformancePoint Services data connection to use the Secure Store. After doing so, you can connect to the external data source in Dashboard Designer and create your dashboard. Use the following procedure to configure a PerformancePoint Services data connection.

若要設定要使用安全認證儲存目標應用程式的資料連線To configure a data connection to use a Secure Store target application

  1. 在儀表板設計工具建立] 索引標籤上按一下 [資料來源。In Dashboard Designer, on the Create tab, click Data Source.

  2. 在 [選取資料來源範本] 對話方塊中,選擇資料來源,然後按一下 [確定]。On the Select a Data Source Template dialog box, choose your data source and click OK.

  3. 在 [資料來源設定] 區段中,選擇使用儲存的帳戶選項。In the Data Source Settings section, choose the Use a stored account option.

  4. 在 [應用程式識別碼] 方塊中輸入您建立的安全認證儲存目標應用程式的目標應用程式識別碼。In the Application ID box, type the target application ID of the Secure Store target application that you created.

  5. 在 [連線設定] 區段中,連線至外部資料來源。In the Connection Settings section, connect to your external data source.

  6. 按一下 [測試連線的測試資料來源Click Test Data Source to test the connection.

  7. 建立及發佈儀表板。Create and publish your dashboard.

    注意

    如需建立儀表板的詳細資訊,請參閱 <建立儀表板使用 PerformancePoint Services (SharePoint Server 2016)For detailed information about creating dashboards, see Create Dashboards by using PerformancePoint Services (SharePoint Server 2016).

使用儀表板設計工具中指定的目標應用程式、 PerformancePoint Services 與目標應用程式相關聯的認證之後使用重新整理儀表板中的資料發佈至 SharePoint Server。With the target application specified in Dashboard Designer, PerformancePoint Services uses the credentials associated with that target application to refresh the data in the dashboard after you have published it to SharePoint Server.

另請參閱See also

概念Concepts

在 SharePoint Server 中設定 Secure Store ServiceConfigure the Secure Store Service in SharePoint Server