Tip #81: Workflows accessing BCS will always run as service account, even under impersonation step | Development | Tips and Tricks

Skip to content
Skip to main navigation
Skip to first column
Skip to second column

Tip #81: Workflows accessing BCS will always run as service account, even under impersonation step

Monday, 26 April 2010 14:50 Development

PDF

Workflow in SharePoint 2010 will always run as a service account (typically the IIS Application Pool account) and is only supported when using Secure Store Service (SSS) or RevertToSelf (which is turned off by default due to security implications).

This limitation is designed to protect SharePoint 2010 from malicious models/developers. Because access to the backend will always be initiated as one account, you will lose track of who is making the changes. To work around this, you can have the workflow pass the SPUser name to a column on the external list or to a custom activity that uses the BDC APIs, but this would be more for informational purposes and shouldn’t be used as an iron-clad security feature.

Technorati!

Diigo!

StumbleUpon!

Yahoo!

Tags: List WorkFlow SharePoint 2010

Comments (0)

Subscribe to this comment's feed

Write comment

Show/hide comment form

Next >

Main Menu

SharePoint 2010

Practices

Tips and Tricks

Web Links

Buy me a coffee and donuts

Disclaimer

Views and suggestions expressed on this site do not necessarily reflect the Microsoft position and we don't hold liablily for tips and recommendations. You should be aware that some information represented on site might be officially unsupported, could potentially damage your SharePoint installation, and could lead to a lack of support from Microsoft.