Export (0) Print
Expand All

Configure access to business data

SharePoint 2007

Updated: March 26, 2009

Applies To: Office SharePoint Server 2007

 

Topic Last Modified: 2009-03-20

In this article:

In Microsoft Office SharePoint Server 2007, the Business Data Catalog enables users to find and analyze business data and take effective actions directly from SharePoint sites that use business data. When configuring the Business Data Catalog, it is critical that you protect the security and integrity of the data in line-of-business applications.

One of the most important ways to protect your data is to carefully enable access to data to users who can use it effectively, and preventing access by other users. During planning for your deployment, you identify the purpose of your sites, the business applications associated with key business purposes, and the users who use each application. During deployment, you enable access to the groups of users identified during planning.

To enable access to business data, you should:

  • Configure Shared Services Provider (SSP) administrator rights for the Business Data Catalog.

  • Configure access to the SSP pages.

  • Configure single sign-on for the Business Data Catalog.

  • Configure data warehouses for data security.

  • Configure user permissions for business data.

SSP administrators must have permissions to both the Business Data Catalog service and the SSP administration pages for the Business Data Catalog.

Use the following procedure to configure SSP administrator rights to the Business Data Catalog service.

Configure SSP administrator rights to the Business Data Catalog service
  1. Open the administration page for the SSP.
    To open the administration page for the SSP, do the following:

    1. On the top navigation bar, click Application Management.

    2. On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm’s shared services.

    3. On the Manage this Farm’s Shared Services page, there is a link to each SSP and links to the Web applications for each SSP. Click the link for the SSP that you want to open.

    You can also access the SSP by clicking the link to the SSP Home page in the Quick Launch.

  2. On the SSP home page, in the Business Data Catalog section, click Business Data Catalog permissions.

  3. On the Manage Permissions: Business Data Catalog page, click Add Users/Groups.

  4. On the Add Users/Groups: Business Data Catalog page, in the Choose Users section, enter the name or account of the user that you want to add.

  5. In the Choose Permissions section, select one or more permissions for the user. For the main administrator of the Business Data Catalog, it is common to select all permissions.

    • Edit: Select this permission to enable users to import application definitions and add, edit, or delete application definitions, business data types, and data fields for business data types.

    • Execute: Select this permission to enable users to change the properties of business data.

    • Select in Clients: Select this permission to enable the user to refer to business data types and fields in SharePoint lists, Web Parts, sites, and client applications.

    • Set permissions: Select this permission to enable the user to configure permissions for other users.

  6. Click Save.

SSP administrators who manage the Business Data Catalog must have access to the SSP pages for the Business Data Catalog. This access is in addition to the separate permissions to the Business Data Catalog service. To access the SSP home page, an account must be a member of the Site Collection Administrators group.

By default, the account that set up the SSP is a member of the Site Collection Administrators group. For the first SSP in the initial deployment, that is the account that was used to install Office SharePoint Server 2007. If that same account is used to administer the SSP, no additional steps are necessary. In most organizations, SSP administration will be delegated to one or more additional users. The account used to set up the SSP can be used to add other accounts to the Site Collection Administrators group.

Use the following procedure to configure access to the SSP pages.

Configure access to the SSP pages
  1. Open the administration page for the SSP.
    To open the administration page for the SSP, do the following:

    1. On the top navigation bar, click Application Management.

    2. On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm’s shared services.

    3. On the Manage this Farm’s Shared Services page, there is a link to each SSP and links to the Web applications for each SSP. Click the link for the SSP that you want to open.

    You can also access the SSP by clicking the link to the SSP home page in the Quick Launch.

  2. On the SSP home page, click the Site Actions menu.

  3. On the Site Actions menu, click Site Settings.

  4. On the Site Settings page, in the Users and Permissions section, click Site collection administrators.

  5. On the Site Collection Administrators page, in the Site Collection Administrators section, do the following:

    1. Type the name or account that you want to add to the Site Collection Administrators group.

    2. Click the Check Names icon. If the name or account is found in directory services, it will appear as a link in the text box.

    3. If the name or account was not found, or if you want to search for more users, click the Browse icon.

    4. On the Select People dialog box, in the Find box, type part or all of the user's name or account name, and then press Enter. All accounts that match appear in the text box.

    5. Select one or more accounts that you want to add, and then click Add.

    6. When you are done adding SSP administrators, click OK.

  6. On the Site Collection Administrators page, click OK.

Line-of-business applications are added to the Business Data Catalog by importing application definitions authored in XML. In most scenarios, access to applications from a single account is accomplished by using the single-sign on (SSO) feature of Office SharePoint Server 2007.

SSO maps permissions from external data sources including line-of-business applications to permissions in Office SharePoint Server 2007. This enables a user to access multiple data sources regardless of platform or authentication requirements without having to re-enter credentials for each system. This enables more accessible use and sharing of data without sacrificing security.

The Business Data Catalog is only one of several features and services that take advantage of SSO. SSO is also used by Excel Services in Microsoft Office SharePoint Server 2007, InfoPath Forms Services, and in a variety of Web Parts, lists, and search features that access external data sources. With SSO, all of these data sources can be accessed securely by using a single sign-on.

The Business Data Catalog relies on application definitions to translate the data types and fields of data sources into metadata that is useful in sites and applications that use Office SharePoint Server 2007. The SSP administrator for the Business Data Catalog, or a Web designer author the XML file for the application definition, includes authentication information and the business data types and fields in the planned business data schema. The SSP administrator then imports the application definitions to the Business Data Catalog. This data can then be viewed and analyzed in SharePoint sites to improve business data collaboration and business intelligence.

To use SSO for applications in the Business Data Catalog, the farm administrator must configure SSO on the server farm. Then, the farm administrator must create application definitions for each line-of-business application that match the separate application definitions already imported into the Business Data Catalog.

By the end of server farm configuration of SSO, enterprise application definitions should exist for all of the line-of-business applications in the Business Data Catalog. The administrator of the Business Data Catalog should work closely with farm administrators to ensure that the necessary application definitions are created. For more information on the configuration of SSO on the server farm, see Configure single sign-on (Office SharePoint Server).

After SSO is configured on the server farm and enterprise application definitions have been created for the line-of-business applications that will be added to the Business Data Catalog, the administrator of the Business Data Catalog imports the application definitions to the Business Data Catalog. Then, you can import the business data types and fields for those applications. For more information about importing application definitions, see Register business applications in the Business Data Catalog. For more information about managing single sign-on, see Central Administration Help.

While it is possible to enable access directly to your line-of-business applications, you might choose to copy a relevant subset of data from the application to a data warehouse. This protects more sensitive data by keeping it accessible to a small number of people on a relatively isolated server, while the data more useful for collaboration and business intelligence across your organization is copied to a server to which a broader number of people have direct access. You might also want to limit the load on your line-of-business application server by using the copied data, and limit direct access to the application to business data actions designed to update data based on analysis and business intelligence. This practice decreases the freshness of the data displayed in SharePoint lists and sites, and creates a greater need to ensure data normalization during regular operations.

During planning for your deployment, you considered these trade-offs, and identified the data that you want to copy to a data warehouse.

To copy data from a line-of-business application to a data warehouse, follow the procedures for copying the data relevant to the particular application. When you configure the connections to business applications, use the location of the business data warehouse instead of the line-of-business application. When configuring business data actions that are intended to update the underlying data, you will have to separately configure access to the business data application.

After you have configured administrator permissions, you will register business data applications in the Business Data Catalog. For more information about registering applications and importing business data types and properties, see Register business applications in the Business Data Catalog.

To use the data from the applications registered in the Business Data Catalog, you must then configure SharePoint permissions for groups of users that collaborate on projects that use business data.

Use the following procedure to configure permissions for business data.

Configure permissions for business data
  1. On the SSP home page, in the Business Data Catalog section, click Business Data Catalog permissions.

  2. On the Manage Permissions: Business Data Catalog page, click Add Users/Groups.

  3. On the Add Users/Groups: Business Data Catalog page, in the Choose Users section, enter the name or account of the user that you want to add.

  4. In the Choose Permissions section, select one or more permissions for the user.

    • Edit: Select this permission to enable users to import application definitions and add, edit, or delete application definitions, business data types, and data fields for business data types.

    • Execute: Select this permission to enable users to change the properties of business data.

    • Select in Clients: Select this permission to enable the user to refer to business data types and fields in SharePoint lists, Web Parts, sites, and client applications.

    • Set permissions: Select this permission to enable the user to configure permissions for other users.

  5. Click Save.

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Office SharePoint Server technical library.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft