Home » Microsoft Technologies

Access Denied by Business Data Connectivity

I am working on setting up an External Content Type in SPD2010.  The error occurs when trying to add a connection to an SQL database.  I am supplying the Database Server, Database Name, and selecting Connect With User's Identity.

22 Answers Found


Answer 1

Does the user account you're using to make the connection have rights to the SQL DB that you're connecting to?

Answer 2

Yes, I logged into the SQL database  using Windows Authentication on my PC using my account.

Answer 3

That does not happen to me, but these things are usually caused by permissions (or lack thereof) whether it be on the SharePoint side or SQL side.

Answer 4

>>Yes, I logged into the SQL database  using Windows Authentication on my PC using my account

Can you login as an admin to the SQL Server, then go to the Security | Logins | <your-user-name> and check the database mapping and the correponding permissions applied (db_admin etc.,)

Answer 5

Hey guys

Ive just been looking at this issue as we have been having it as well, I think ive found the culprit but im not too sure of a resolution yet.

If you open up the external  content type  in SP Designer you will see a tab of permissions. In the list is the user that created the content  type, there are no other users  allowed access. Im not too sure how to add  to this list yet but i will post when ive sorted it out.

So basically creating an external content type (or at least the way both of us did) only allows access  for the current user by default.

Hope this helps


Answer 6

Based on what ive found this may be a bug in the beta. The link below says there should be a link to edit the permissions of the ECT i dont seem to have this option.


Hope this helps

Answer 7

Double check that you don't have that link.  I thought the same thing, that my link was missing in SPD and it might be a bug.  But the article says go into Central Administration > Manage Service Applications and click on your BCS application.  From there you can see a list of external  content types.  The context menu for each of them has an option "Set Permissions."  

From there you have the standard people picker and can select what groups to give BCS permissions to.  I added a second user and was able then to access  the External List as that user.

Answer 8

Yes, I had to do what aroder just said.  I added these users  in Central Admin within the BCS service application itself.

Answer 9

The error  I am getting is when I am initially trying to setup an external  content type  in SPD2010.  I can't even save it.  From what I am seeing, setting  the permissions gets done after the external content  type is created.

Answer 10

Problem solved.  Whomever was logged into SPD2010 had to be added as a user on the Business Data Connectivity Application Service.  Once this was done, I was able to create the External Content Type.

Answer 11

Tried Joe's last solution. Does not work in Foundation.

Answer 12

I am experiencing the same issue in the following scenario.

One Web Front server  with SharePoint Server 2010
One SQL 2008 Server (here I have created an extra database  (Coffee) which I want to connect  to via an external  content type)

In SPD 2010:

- I create an external content  type

- For Authentication mode on the connection  in the external content type  I choose BDC Identity (meaning the service running the BDC will be the one connecting to the external datasource, not the current user, sort of running with elevated priveleges I guess). MS refers to this as RevertToSelf on technet.

- I create all operations and hit save.

- I create the external list and saves. Everything works fine.

I then hit the external list from the browser and ends up with the following: "Cannot connect to the LobSystem (External System)" when surfing from my client and "Access denied  by Business data  Connectivity" when surfing from the server.

If I look at the external content type in Central Administration under Set Permissions only one user (me, who is the Site Collection Administrator for the site that i connected to in SPD) has permissions. 

add  the service account for the BCS Service application, thinking that guy must have permissions to execute, since he is the one authenticating the connection (see above).

Problem remains the same.

A look in the event viewer:
Could not open connection using 'data source=mydatasource;initial catalog=Coffee;integrated security=SSPI;pooling=true;persist security info=false;connect timeout=60' in App Domain '/LM/W3SVC/1068680523/ROOT-1-129114486771613688'. The full exception text is: Cannot open database "Coffee" requested by the login. The login failed.
Login failed for user 'mybcsserviceaccount'.

A look in the database:
mybcsserviceaccount has no permissions in my Coffee-database.

I manually set mybcsserviceaccount to dbowner in my Coffee-database, and it works like a charm!

But this is clearly not how it's supposed to work (I guess), but currently the only way I can access  the data through my external list.

Or maybe this is the way you have to tweek it when using BDC Identity (RevertToSelf) or User's Identity??
The backend I guess must somehow be aware of the accounts messing with it's data....


Answer 13

I ended up having to setup a Secure Store Identity with a user that had access  to the DB, then I added my domain users  group under the "set permissions" on the external  connector - and everyone is able to access the BDC.



Answer 14

I agree with Joe:

Whomever was logged into SPD2010 had to be added as a user on the Business Data Connectivity Application Service.  Once this was done, I was able to create the External Content Type.

This worked for me.



Answer 15

dear all.. i have related problem with different error  mesg

when i click new external  content type, and type  the server  and dbname and optional name

i get this mesg

The BDC Service application Business data  Connectivity is not accessible. The full exception text is: Method not found: 'Void Microsoft.BusinessData.Infrastructure.AccessDeniedException..ctor(Microsoft.BusinessData.Infrastructure.IAccessControlList, System.Type, System.String, Microsoft.BusinessData.Infrastructure.IExceptionHelper)'.

same in event viewer.. can someone help me with this?

admin is on BDC, created new BDC service, admin is on all sql  server and my database  that i connect  to..

nothing worked 4 me. !!

appreciate your fast responce


Answer 17

i fixed it... thanks... by going in the BCS service and adding administrator from the permissions in the ribbon...

this worked.. thanks..


Answer 18

Hi Joe .

you should go to central administration>application management>manage service applications>Business data  connection service>manage :

   then choose your external  content type, and then go to set object permissions after that add  your user account and then choose the permissions you want to assign to your user , i recommend you choose all of them .

you should restart you should restart your iis after that .

hope it'll help you and sorry for my english !


Answer 19


After adding the user as suggested by Adam, We have to specify that atleast one user is having "Set Permissions".



Answer 20

I have this exact same problem but can't set any object permissions from Central admin because there are NO external  content types there.  How did you add  a user to the service?


Answer 21

See this post Access denied  by business  data connectivity

Answer 22

My problem was not having configured the secure store service which is needed.


<< Previous      Next >>

Microsoft   |   Windows   |   Visual Studio   |   Sharepoint   |   Azure