Anonymous access in BDC

When anonymous users log into the SharePoint site which has BDC web parts, you will see the error message “You do not have permission to access abc in xyzInstance”.  This is fixed in the Infrastructure update of WSS and MOSS.  In the Application Definition File, for each method instance ( for which we need to give anonymous access), we need to add a property called AllowAnonymousExecute. Its a boolean value which needs to be set as true. 


<MethodInstance Type="Finder" ReturnParameterName="Products" ReturnTypeDescriptorName="ProductDataReader" ReturnTypeDescriptorLevel="0"  Name="ProductFinderInstance">


         <Property Name="AllowAnonymousExecute" Type="System.Boolean">true</Property>




Remember, this is effective only on MethodInstances.  Internally Association is a special MethodInstance and so it should work when AllowAnonymousExecute property is used within it as well.  This essentially means that it works for all the BDC web parts including Business Related Web Part.



     <Association Name="FK_DimProduct_DimProductSubcategory_Instance" AssociationMethodEntityName="DimProduct" AssociationMethodName="FK_DimProduct_DimProductSubcategory" AssociationMethodReturnParameterName="@DimProduct" AssociationMethodReturnTypeDescriptorName="Reader" AssociationMethodReturnTypeDescriptorLevel="0" IsCached="true">


                                    <Property Name="AllowAnonymousExecute" Type="System.Boolean">true</Property>


                        <SourceEntity Name="DimProductSubcategory" />

            <DestinationEntity Name="DimProduct" />



Comments (6)

  1. krs says:

    I found the information I was looking for in Chapter 12 of Microsoft Office SharePoint Server 2007 Administrator’s Companion.  Thanks!

  2. krs says:

    Thank you for your quick response.  SSO has been set up for an intranet set which has been extended to an internet site.  Can you point me to a ‘best practice’ for setting up bdc connections and anonymous access?  Does ssp have to be extended as well?

  3. Well, then i believe you are defeating the whole purpose of using SSO.  SSO is for single sign authentication and anonymous access is completely a different concept !

  4. krs says:

    Does this method work with SSO?

  5. Can you tell me which BDC web part you are trying to connect to ADF so that we can figure out the method instance type used ?  If possible, paste the chunk of xml used.

  6. Matt says:

    We have the infrastructure updates, and yet we get the same error. "You don’t have permission to connect to <Instance>"

    We only receive this for anonymous access.

    Under manage permisisons for the particular BDC app, I have given execute rights to "everyone" on the domain. Hence all other users on the domain don’t have a problem executing this bdc webpart.

    any suggestions?

Skip to main content