Set Permissions to External Content Type using Powershell


Set Permissions to External Content Type:

Once you have created an External Content Type using the SharePoint Designer or Visual Studio 2010, you may try to access that to display the data in SharePoint using an External List. At that time you may encounter "Access denied by Business Data Connectivity
". The reason is that External List requires that  External Content Type and External Content Type are using Business Data Connectivity services proxy to access an External Data Source. With the same principle of BDC in MOSS 2007-users are required to have BDC object permission before they can use it. So we need to set the permissions to the External Content Type.

1. Go to Central Administration -> Application Management -> Manage Service Applications

Applocation Management in sharepoint

2. Click on Busines Data Connectivity Service.

Business Data Connectivity in sharepoint

3. In the top Ribbon click on Manage.

service application in sharepoint

4. In Service Application Information check the corresponding External Content Type that you have used for creating the external list. 

object permission in sharepoint

5. And in the top Ribbon click the Set Object Permissions.

sharepoint object permission
6. Set Object Permissions wizard will pop up add the account (Group or Users) and assign the permissions.

7. Once you have configured Business Data Connectivity access rights navigate to the site and check the External List.

Powershell script:

  1. Go to Start => All Programs =>Microsoft SharePoint 2010 Products.
     
  2. Right click on SharePoint 2010 Management Shell and then click on Run as Administrator.
     
  3. Run the following script.

#----------------------------------Input Parameters ---------------------------

$userId="domainName\UserName"
$serviceContextURL="http://serverName:8080/"
$ECTName="ECT"
$ECTNamespace="http://demo2010a:5000"
[String[]]$permissions=@("Execute","Edit","SelectableInClients","SetPermissions")

#--------------Set Permissions to External Content Type----------------

$ECT = Get-SPBusinessDataCatalogMetadataObject -BdcObjectType "Entity" -ServiceContext $serviceContextURL -Name $ECTName -Namespace
$ECTNamespace
if($ECT -ne $null)
{
    $user = New-SPClaimsPrincipal -Identity $userId -IdentityType WindowsSamAccountName
    Grant-SPBusinessDataCatalogMetadataObject -Identity $ECT -Principal $user -Right $permissions
}
else
{
    write-host -f Yellow $ECTName external content type does not exists
}