Sunday, February 28, 2010
Enhancing User Profiles with BDC Data
1:02 PM |
Posted by
Brian Culver |
Edit Post
The goal of using the BDC with the User Profile is to extend and/or enhance the User Profile Information. An example where this is often used is when a company stores much information in PeopleSoft (HR info usually) and well as AD. Regardless of the medium and the content, the assumption here is that the new information will add value and enhance the user profiles.
For this sample, I assume the following:
More on BDC authentication here.
We will be using RevertToSelf; therefore, the Application Pool account needs to have access (read access) to the database. In our example, we have a User Database with four fields: AccountName, City, State and LastModifiedDate.
Manually creating an ADF file is error prone and cumbersome. Save time and use a good tool. Two common tools are BDCMetaman and Microsoft’s Business Data Catalog Definition Editor which are both good options.
Run BDCMetaman and choose “Connect to datasource:” and choose the SQL Server option with the appropriate information.
Once the LitwareUserData database structure has been loaded, add the UserData table to the Designer on the right.
Be sure to explore your options in the tool. In our example, we will use RevertToSelf as the authentication mode; therefore, we use the tool to make that change.
Configure the location where to create the ADF file and the MOSS SSP values.
After saving the Configuration options, right-click on the blue area and click on Edit Entity.
Configure the Title Column to AccountName as shown below. Click on Save.
Once all these steps are completed, click on Build or Generate Application Definition to create the Application Definition file. We have created the application definition file for our BDC Application. You can open the file in your favorite text editor and you will appreciate the tool. Application Definition Files are lengthy and complex.
With our ADF file, we are ready to upload it into MOSS. Browse to your Shared Service Provider and click on Import Application Definition.
Choose the Application Definition file that we created and click on Import.
Once the import has completed, click on OK to view the BDC Application page.
Review the BDC application information and make changes as needed.
Depending on your specific security needs, you may need to modify the permissions to allow your application pool or BDC content access account proper access in the BDC Application. Click on the Manage Permission link. Once in the Manage Permission screen, add the appropriate account and give it rights to read and execute the BDC definition (Application). I usually have found that Execute and Selectable in Clients works for me.. Click on Save to continue. Important: Now click on Copy all permissions to descendants to propagate the permission to the lower application objects, such as the entities.
In the View Import Connections page, click on Create New Connection.
In the Add Connection page, configure the connection as follows:
Type: Business Data Catalog
Connection Name: LitwareUserDataLOBSystem (the name of your BDC Application)
Business Data Catalog Entity: dbo.UserData (use the selector to choose the entity)
Connection Mapping: AccountName (select the field by which the data will map to the user profiles)
Once completed, click on OK. In the View Import Connections page, verify the new connection.
Browse back to the View Profile Properties page and click on Add User Profile Property. Enter the appropriate Name, Display Name and a useful Description. Towards the bottom, choose the Source Data Connection and the data source field to map. Click on OK and repeat as needed. In this example, we are also modifying the Policy Settings for the field where Everyone can see the field. This will make the property visible to Everyone when they visit a user’s profile page.
In our example, we created two new Profile Properties: City and State.
Once the profile properties have been added, browse back to the User Profile and Properties page and start a Full Import.
A simple quick test is to view the user profile in the Shared Services Provider. In the Shared Services Provider, browse to View User Profile and click on Edit User on the account we wish to see (i.e. LITWAREINC’AdinaA).
In the Edit Profile page, we can verify the account name and the field mappings to that account. Notice the city and state are correct for Adina Hagege (LITWAREINC’AdinaA).
Our last step is to verify that our end-users can also see the new information in the public profile pages for all users. Browse to a web application and perform a search for our user (People Search). Open the user profile page in the search results. There are other ways to find users as well, searching works particularly well in MOSS.
In the public profile page, you will see the new profile properties containing the appropriate values.
Congratulations, you have enhance the user profiles using the BDC as a data source.
For this sample, I assume the following:
- A database in SQL Server containing your BDC user information.
- A column with the user account Id’s
- Additional columns to supplement data into the User Profile Properties
- Proper access to a SharePoint farm to do this.
- A non-production SharePoint farm (this should be properly tested and scripted before any production implementation).
- A good cup of coffee
Ensure proper access to the BDC Data Source
Depending on the type of security you wish to use to connect to the data source, you have a couple options:Authentication Mode | Applies To | Description |
PassThrough | Databases and Web Services | This authentication uses the identity of the end user. IIS impersonates the user by default, but in order to avoid losing the impersonated user’s identity when the Business Data Catalog authenticates to the back-end server (or data source), Kerberos delegation must be enabled between the IIS and the back-end server (or data source). Kerberos delegation enables a receiving server (IIS) to send the authentication request to the back-end server (or data source). |
RevertToSelf | Databases and Web Services | This authentication reverts to the application pool account. |
Credentials | Web Services | This authentication uses basic or digest authentication depending on the configuration of the Web service. Be sure to use SSL or IPSec to encrypt the communications. |
WindowsCredentials | Databases and Web Services | This authentication uses the Windows credentials from its default single sign-on (SSO) service. |
More on BDC authentication here.
We will be using RevertToSelf; therefore, the Application Pool account needs to have access (read access) to the database. In our example, we have a User Database with four fields: AccountName, City, State and LastModifiedDate.
Create the Application Definition File
Manually creating an ADF file is error prone and cumbersome. Save time and use a good tool. Two common tools are BDCMetaman and Microsoft’s Business Data Catalog Definition Editor which are both good options.
Run BDCMetaman and choose “Connect to datasource:” and choose the SQL Server option with the appropriate information.
Once the LitwareUserData database structure has been loaded, add the UserData table to the Designer on the right.
Be sure to explore your options in the tool. In our example, we will use RevertToSelf as the authentication mode; therefore, we use the tool to make that change.
Configure the location where to create the ADF file and the MOSS SSP values.
After saving the Configuration options, right-click on the blue area and click on Edit Entity.
Configure the Title Column to AccountName as shown below. Click on Save.
Once all these steps are completed, click on Build or Generate Application Definition to create the Application Definition file. We have created the application definition file for our BDC Application. You can open the file in your favorite text editor and you will appreciate the tool. Application Definition Files are lengthy and complex.
Import the BDC Application Definition
With our ADF file, we are ready to upload it into MOSS. Browse to your Shared Service Provider and click on Import Application Definition.
Choose the Application Definition file that we created and click on Import.
Once the import has completed, click on OK to view the BDC Application page.
Review the BDC application information and make changes as needed.
Depending on your specific security needs, you may need to modify the permissions to allow your application pool or BDC content access account proper access in the BDC Application. Click on the Manage Permission link. Once in the Manage Permission screen, add the appropriate account and give it rights to read and execute the BDC definition (Application). I usually have found that Execute and Selectable in Clients works for me.. Click on Save to continue. Important: Now click on Copy all permissions to descendants to propagate the permission to the lower application objects, such as the entities.
Create a New Import Connection for BDC
In order to use our BDC data, we need to configure the User Profiles to consume the BDC data. This requires two basic steps: Create an import connection and map the BDC data to the User Profiles. Browse to your Shared Service Provider, click on the User Profile and Properties page. Click on View Import Connections.In the View Import Connections page, click on Create New Connection.
In the Add Connection page, configure the connection as follows:
Type: Business Data Catalog
Connection Name: LitwareUserDataLOBSystem (the name of your BDC Application)
Business Data Catalog Entity: dbo.UserData (use the selector to choose the entity)
Connection Mapping: AccountName (select the field by which the data will map to the user profiles)
Once completed, click on OK. In the View Import Connections page, verify the new connection.
Browse back to the View Profile Properties page and click on Add User Profile Property. Enter the appropriate Name, Display Name and a useful Description. Towards the bottom, choose the Source Data Connection and the data source field to map. Click on OK and repeat as needed. In this example, we are also modifying the Policy Settings for the field where Everyone can see the field. This will make the property visible to Everyone when they visit a user’s profile page.
In our example, we created two new Profile Properties: City and State.
Once the profile properties have been added, browse back to the User Profile and Properties page and start a Full Import.
Verify Successful Import
Once the full import has completed, the user profiles should contain the new data. We will start by choosing a user account from the BDC data source. We use the SQL Server Management Studio to query our source table. In this example, we use LITWAREINC’AdinaA to test our data. Therefore, in MOSS we will find that AdinaA has City and State populated as Boulder and Colorado.A simple quick test is to view the user profile in the Shared Services Provider. In the Shared Services Provider, browse to View User Profile and click on Edit User on the account we wish to see (i.e. LITWAREINC’AdinaA).
In the Edit Profile page, we can verify the account name and the field mappings to that account. Notice the city and state are correct for Adina Hagege (LITWAREINC’AdinaA).
Our last step is to verify that our end-users can also see the new information in the public profile pages for all users. Browse to a web application and perform a search for our user (People Search). Open the user profile page in the search results. There are other ways to find users as well, searching works particularly well in MOSS.
In the public profile page, you will see the new profile properties containing the appropriate values.
Congratulations, you have enhance the user profiles using the BDC as a data source.
Wednesday, February 24, 2010
San Antonio SharePoint User Group - Feb 23rd, 2010
5:00 PM |
Posted by
Brian Culver |
Edit Post
Yesterday, I was in San Antonio at the San Antonio SharePoint User Group meeting (SASUG) where I enjoy where Paul Schaeflein (MVP) discussed the proper usage of elevated permissions and impersonation. Paul an excellent job, I learned a couple new things. After the meeting, we enjoyed a couple SharePint's and margaritas at the Firehouse Pub & Grill. This was a good crowd. I will be speaking at the next meeting over "SharePoint 2010: Extranets and Authentication". I look forward to seeing this group again.
Friday, February 19, 2010
New Microsoft Certified SharePoint Master in Houston
3:27 AM |
Posted by
Brian Culver |
Edit Post
So I have been very quiet for the last several months. I have also been very busy. On February 8th, 2010, I finally completed my last qualification to become a Microsoft Certified SharePoint Master. My journey started early in 2008 when the program was announced. I was accepted into the program on my second try.
My first attempt (during the interviews) was a humbling lesson where it highlighted my strengths and it opened my eyes to areas I had not ventured into. I had been working with SharePoint for about four years around that time. Through much determination and perseverance, I read the pre-reading list with 81 items and sought out opportunities with my clients to exercise my growing knowledge.
My second attempt was still a humbling lesson, SharePoint is an enormous platform and framework which can be used in so many ways. The news was exciting, I was accepted into the fourth MCM rotation.
The three weeks in Seattle were brutal and exhausting, but every day I could only think "awesome". Every candidate and instructor is very skilled, knowledgeable, experienced and on top of their game. The experience and knowledge shared during the three weeks makes the entire process worth every bit of effort, time and, of course, money. I have to add that this certification is not for everyone. It is very difficult, very challenging and it will impact your life and family. The pre-reading really is a requirement and it still may not be enough. You have to read all of it before you get there if you are to succeed. You should also experience as much of it as well. I cannot say enough about the support my family has given to me. I spent countless weekends, holidays, car trips and rides reading, practicing, discussing and breaking SharePoint in new creative ways in preparation. The entire last year (and some) has been one of the most rewarding years as a result of this journey. I hope to continue this journey as we welcome SharePoint 2010 and I look forward to contributing to the SharePoint community.
My first attempt (during the interviews) was a humbling lesson where it highlighted my strengths and it opened my eyes to areas I had not ventured into. I had been working with SharePoint for about four years around that time. Through much determination and perseverance, I read the pre-reading list with 81 items and sought out opportunities with my clients to exercise my growing knowledge.
My second attempt was still a humbling lesson, SharePoint is an enormous platform and framework which can be used in so many ways. The news was exciting, I was accepted into the fourth MCM rotation.
The three weeks in Seattle were brutal and exhausting, but every day I could only think "awesome". Every candidate and instructor is very skilled, knowledgeable, experienced and on top of their game. The experience and knowledge shared during the three weeks makes the entire process worth every bit of effort, time and, of course, money. I have to add that this certification is not for everyone. It is very difficult, very challenging and it will impact your life and family. The pre-reading really is a requirement and it still may not be enough. You have to read all of it before you get there if you are to succeed. You should also experience as much of it as well. I cannot say enough about the support my family has given to me. I spent countless weekends, holidays, car trips and rides reading, practicing, discussing and breaking SharePoint in new creative ways in preparation. The entire last year (and some) has been one of the most rewarding years as a result of this journey. I hope to continue this journey as we welcome SharePoint 2010 and I look forward to contributing to the SharePoint community.
Subscribe to:
Posts (Atom)
Search This Blog
About Me
Brian Culver is a skilled independent consultant, speaker and Microsoft Certified SharePoint Master in Houston.
Labels
- sharepoint (5)
- workflows (2)
- BDC (1)
- MOSS Installation (1)
- MOSS Tools (1)
- User Profiles (1)
- VMWare (1)
- approval (1)
- development (1)
- form services (1)
- gimmal group (1)
- groups (1)
- infopath (1)
- licensing (1)
- publishing (1)
- roles (1)
- security (1)
- utilities (1)
- web-enabled forms (1)