Business Connectivity Services In SharePoint 2013

Business Connectivity Services is an infrastructure in SharePoint 2013  that is centralized. It supports data solutions that are integrated. This enables the use of both SharePoint 2013 and Office 2013 clients for the interface with various forms of data. This external data can be in a database for example that is accessed with out of the box Business Connectivity Services.

It can also be in reference to data that is accessed through a web service or published in OData. Business Connectivity Services is able to accomplish this through out of the box customized connectors. These connectors allow the communication to be bridged between SharePoint 2013 and an external system that is hosting that external data.

There are several options found in SharePoint 2013 for access to external data. The most popular method though is to have it presented from an external list. This looks and feels just like the regular SharePoint lists. However, they are only going to display the external data. In order to successfully integrate that with other data in a library or a list, you will need to use an external data column.

The external data column offers information that you can use to create and add to a SharePoint list. This is the same as the process for adding Date, Group, Person and Time.

The difference though is that it displays external data only. With the use of SharePoint 2013  and Business Data Web Parts, it is possible to successfully interact with external data and apps. Once the external data is available, there are different operations that can be performed with that data.

 They include Create, Delete, Query, Read, and Update.

What can be used depends on the operations that have been enabled. Changes can be made in SharePoint 2013 or Office 2013  so that they can be automated and synchronized to the external data source. SharePoint Search can assist you with locating external data.

Every company faces unique challenges and different forms of data that is accessed. That data is also used for different purposes. While some of the data stems from SharePoint 2013, a large amount of it doesn’t. In many regards, a business may not have control over some of the data that is in a file and in databases. There is also the need to secure some files such as sensitive information about employee records. Other data will be more freely accessible by all in the business and even 3rd parties.

The use of Business Connectivity Services should be set up to give the business the control it needs in various areas of data. At the same time, they should be able to use the data to successfully accomplish the overall goals of the business. The data that a business uses may be both structured and unstructured. The ability to make both types accessible through customized interfaces is done in house. It does involve some level of overhead and development as well as ongoing maintenance.

 The use of Business Connectivity Services allows a company to easily integrate external data to SharePoint 2013 and Office 2013. The type of solution you are looking for will help you to decide how to control the data and how to update it in the external system. You can also set it up to work both online and offline. This allows work to be shared within SharePoint 2013  and Office 2013 .


PerformancePoint Security Best Practices In SharePoint 2010 Authentication, Trusted Locations

Data content libraries that are trusted with SharePoint Server 2010 use document libraries that contain the PerformancePoint Services data connections. The .PPSDC files are used to manage connections for data sources. This includes Excel Services spreadsheets, OLAP Cubes, Relational databases, and SQL Server databases. The data sources in the Dashboard Designer are defined and stored in a trusted data connection library that SharePoint Server 2010 offers. The trusted data connection library consists of safe documents that belong to that particular library. Users are restricted when it comes to how data source files can be used. They can be read but not modified or deleted. Through PerformancePoint Services a document library is created through a default setting. Administrators do have the ability to manage those data connections on the server. This is accomplished through creating additional data connection libraries. When a user updates data source connections in a document library the information will be shared and updated through Dashboard Designer. There are many trusted lists that can be developed in a trusted SharePoint Server 2010 list. The list or the parent of a list allows the site collection to be trusted during the initial configuration. It can also be done later on through the Central Administrator. These lists include:

  • Filters
  • KPI’s
  • Reports
  • Scorecards

With PerformancePoint Services, the security setting for data sources gets stored in each of them. There is a setting that is used to determine if the server is connected with an unattended user account, a customized unattended user account, or an authenticated user. With the SharePoint Server 2010 Secure Store Service (SSS), the ability to securely store data is available. This includes the credentials that are associated with a specific identity or group. The Secure Store Service is available for all of the farms on SharePoint Server 2010. Each of the data sources is configured for a given user to work with the authenticated user credentials. This is referred to as the Unattended Service Account. This is a domain set of credentials that are duplication when a user is connecting to a data source.

The Unattended Service Account is used to manage the data source for the queries. This is done to prevent the PerformancePoint Services from accessing the content database when the query is being executed. With PerformancePoint Services, data is stored and retrieved through Unattended Service Account credentials. This takes place in the Secure Store Service verifications. The server has to keep both the user name and the password of a user so that they can access it. The user name is stored in the PerformancePoint Services and the password is stored in the Secure Store Service. It is important when you create an Unattended Service Account that you make sure it has the right access. There are data sources that that to be in place for it to function properly. Unattended Service Account credentials aren’t cached on a global scale. Instead, they get retrieved from the Secure Store Service as they are needed. When you open a WorkSpace file in Dashboard Designer, the credentials will be cached for the connection. The Unattended Service Account password is retrieved from the Secure Store Service so that it can be the target data source.

With claims based authentication taking place in the SharePoint Server 2010, there is support for many providers. It is used to communicate from the application servers and the front end web servers. PerformancePoint Services allows for the authentication of providers at the same time on one web application. This is limited though to when the Dashboard is used through a web browser. The Dashboard Designer relies on the web application to be extended. It is then configured in order to support the Windows authentication provider.


PerformancePoint Security Best Practices In SharePoint 2010 – A Primer

With PerformancePoint Services offered by Microsoft SharePoint Server 2010, the objects that get stored in lists and document libraries can be secure when used within a dashboarding / graphical application. This is accomplished by coupling through the Microsoft SharePoint Sever 2010 security model. There are additional products features that can be accessed for customizing that security. PerformancePoint Services are dependent upon the SharePoint Server 201 security model. However, there are special security considerations that need to be evaluated during the planning stages. That should also include how managing that security will take place. All of the security is managed within the SharePoint Sever Central Administration Website. This covers all of the shared resources as well as the user access.

You will find three different methods for source data Authentication with PerformancePoint Services. Custom Data allows for SQL Service Analysis Services to be able to authenticate a user through custom specs. The name of the user is considered a parameter of the custom data field for the connection string. The custom data option is only used for Analysis Service Data. It can be used with both the 2006 and 2008 servers. With Per User Identity authentication each of the users has individual accounts that are used to access all of the data sources. The use of Kerberos Delegation has to be incorporated. There is a domain administrator that configures the Kerberos Delegation between PerformancePoint Services and the data sources. The external data sources have to be within the same domain as the SharePoint Server 2010 farm or a failure will occur. Unattended Service Account are a shared user account that is used for access to all of the different data sources. This type of domain account is low privilege. It is stored in the Secure Store Service. In order to create an unattended service account, there has to be the proper access to the data sources. This is a requirement of the dashboard.

With PerformancePoint Services the data source connections are contained. This occurs with the data content and document libraries that are part of the document lists. The security of the content ensures that users aren’t able to run queries against those data resources when the query objects can’t be trusted. Therefore trusted locations within those libraries and lists are created. The Farm Administrator is able to set all of the locations for the farm to be trusted. They can also choose to identify specific locations to be trusted. The ability to define the locations in the farm that will be secure means that there is a great deal of flexibility. A Farm Administrator no longer has the responsibility of securing the entire farm when it isn’t absolutely necessary to do so. These trusted locations are able to offer additional layers of security. There are restrictions for the query to be executed in regards to various data sources and objects. The document library for a web application can be defined as being trusted. With PerformancePoint Services the configuration of trusted locations and settings are managed through the Central Administrator. The configuration can also be managed through the use of Microsoft PowerShell 2.0. When you are planning the security for PerformancePoint Services, you will need to decide if you want to secure your entire web application or only portions of it. There are often many locations found within a given farm that will be marked as trusted. They use the following hierarchy within the SharePoint Server for the data and data sources:

  • The use of trusted locations are disabled for various locations with data sources or content for the entire farm.
  • The web application contains trust lists and document libraries.
  • There is a collection site for the trust lists and document libraries.
  • Trust lists and document libraries placed in a site.
  • The farm has a trust list or document library in place.

The server will check if trusted locations are enabled when it is doing verifications. When it is enabled the server will check a list of trusted locations at the site collection. It will also look down the hierarchy to verify that all of the content is trusted. When items don’t use a data source they don’t have to be in a trusted location to be accessed. This includes KPI’s, dashboards, icons, and web pages. Trusted data source locations can’t be defined on a list or as a document library.