I am confused with which accounts get which permissions and where, as always. I am unable to get a hang of the security model.
I created an external content type from SharePoint Designer and I am able to create a list out of this content type and able to see the data fine. I am logged in using my windows credentials.
Now, I am taking this to next step. I would like to be able to search this external content type. Created a new content source based on this ECT and tried running the crawl. Crawl failed and I got the below error message:
Microsoft.BusinessData.Infrastructure.BdcException: The shim execution failed unexpectedly. Access is denied to the Secure Store Service.
Search content access account is set to a domain account which is different from the account which provisioned Business Data Connectivity and Secure Store Service Applications. I used farm admin account to provision service applications. Now if I use the farm admin account and try running crawl again, it works.
I do not want to use farm admin account for crawling. Where and what kind of permissions do I need to grant the default content access account so that it crawls an ECT successfully?
Thank you!
