Runtime Error: Access denied by BDC
When you are working with Business Data Catalog applications, Access Denied errors mean that a user or a service account performing an action—such as accessing an entity, executing a method or deleting an application—does not have permission to perform the action. To resolve the problem, someone with the Manage Permissions right needs to grant the user or the service account appropriate permissions to the Business Data Catalog metadata objects.
Note
The Search service uses the default Content Access account to crawl Business Data Catalog applications that are configured for search.
Details
Each object in the Business Data Catalog hierarchy of metadata objects (Application, Entity, Method, MethodInstance, Parameter, TypeDescriptor, and so on) has an access control list (ACL) that specifies which principals have which rights on the object. Of the 13 metadata objects, only LobSystem, Entity, Method, and MethodInstance have an ACL that can be controlled individually. These objects are referred to as Individually Securable metadata objects. Other metadata objects inherit the ACL from their immediate parent and are referred to as Access-controlled metadata objects.
Summary of Rights
The following table shows the rights the administrator—or someone with Manage Permissions right—can set on a Business Data Catalog application.
Right | Applies To | Description |
---|---|---|
Edit |
Access-controlled metadata objects |
|
Manage Permissions |
Individually securable metadata objects |
|
Execute (View) |
MethodInstance Note This can be set at the MethodInstance level only using the object model. In the Administration user interface, this is aggregated and displayed, and is editable only at the entity level. |
|
Selectable in Clients |
Application and Entity |
|
See Also
Tasks
How to: Add an Access Control Entry to a Metadata Object
How to: Get the Access Control List for a Metadata Object