Allow BDC access to all FBA users

I was struggling a bit with my FBA users in SharePoint. I’ve created a customer portal setup in which BDC data is shown. But FBA added users aren’t allowed to view BDC data by default, not even when you add groups like authenticated users and Everyone to the BDC permissions list.

When you want to enable BDC access for your FBA users, you need to create an extended site for your SSP administration site. This extended site should use your FBA membership and role provider. And that last one is key in this scenario.

So I created that extended site, added some FBA users in a SharePoint group (seemed logical enough) and tried to add that group to the BDC permission. The following error was thrown: “The specified user or domain group was not found.”. Dead end? No!

The roles you provide via your membership provider can also be used to assign  rights to. So when you’ve got a role ‘Customer’ and some users are added to this role, you can enable access to the BDC entities simply by granting access to the role Customer. You do this by typing in Customer in the Users/Group textbox and SharePoint automatically resolves it to your role.

Note: you have to do all this in your extended membership provider. In the normal one, it won’t work because it won’t recognize your role provider (the default is set to the windows token provider).

So:
– Add a Role in your FBA database
– Add all users to that role (you can do the programmatically with the membership model of ASP.NET)
– Give the role access rights to BDC entities
– Done!

If you want to enable all rights at once; set them at root BDC level and use the “Copy all permissions to descendants” option to copy the permission to all BDC objects.

Now to find a good way of adding and managing all these FBA users.

Leave a Reply

Your email address will not be published. Required fields are marked *