Professional Documents
Culture Documents
http://msdn.microsoft.com/en-us/library/ee210595(d=printer).aspx
Sign in
Home
Library
Learn
Samples
Downloads
Support
Community
Forums
MSDN Library Servers and Enterprise Development SQL Server SQL Server 2012 Product Documentation Books Online for SQL Server 2012 Analysis Services Analysis Services Features and Tasks PowerPivot for SharePoint PowerPivot Data Refresh PowerPivot Data Refresh with SharePoint 2010 and SQL Server 2012 (Analysis Services) View PowerPivot Data Refresh History Schedule a Data Refresh Configure Dedicated Data Refresh or Query-Only Processing Configure Stored Credentials for PowerPivot Data Refresh Configure the PowerPivot Unattended Data Refresh Account
PowerPivot Data Refresh with SharePoint 2010 and SQL Server 2012 (Analysis Services)
SQL Server 2012
Other Versions This topic has not yet been rated - Rate this topic PowerPivot data refresh is a scheduled server-side operation that queries external data sources to update embedded PowerPivot data in an Excel 2010 workbook that is stored in a content library. Data refresh is a built-in feature of PowerPivot for SharePoint, but using it requires that you run specific services and timer jobs in your SharePoint 2010 farm. Additional administrative steps, such as installing data providers and checking database permissions, are often required for data refresh to succeed. Note SQL Server 2012 Service Pack 1 (SP1) and SharePoint Server 2013 Excel Services use a new architecture for data refresh of PowerPivot data models. The new architecture utilizes Excel Services as the primary component to load PowerPivot data models. The previous data refresh architecture used relied on a server running PowerPivot System Service and Analysis Services in SharePoint mode to load data models. For more information, see the following: PowerPivot Data Refresh with SharePoint 2013 and SQL Server 2012 SP1 (Analysis Services) Upgrade Workbooks and Scheduled Data Refresh (SQL Server 2012 SP1) This topic contains the following sections: Step 1: Enable Secure Store Service and generate a master key Step 2: Turn off credential options that you do not want to support Step 3: Create target applications to store credentials used in data refresh Step 4: Configure the server for scalable data refresh Step 5: Install data providers used to connect to external data sources Step 6: Grant permissions to create schedules and access external data Step 7: Enable workbook upgrade for data refresh Step 8: Verify data refresh configuration Modify Configuration Settings for PowerPivot Data Refresh Reschedule the PowerPivot Data Refresh Timer Job Disable the PowerPivot Data Refresh Timer Job After you ensure that the server environment and permissions are configured, data refresh is ready to use. To use data refresh, a SharePoint user creates a schedule on a PowerPivot workbook that specifies how often data refresh occurs. Creating the schedule is typically done by the workbook owner or author who published the file to SharePoint. This person creates and manages the data refresh schedules for the workbooks that he or she owns. For more information, see Schedule a Data Refresh (PowerPivot for SharePoint).
1 of 7
20/03/2013 15:28
PowerPivot Data Refresh with SharePoint 2010 and SQL Server 2012...
http://msdn.microsoft.com/en-us/library/ee210595(d=printer).aspx
3. Select Secure Store Service. 4. In the Create Secure Store Application page, enter a name for the application. 5. In Database, specify the SQL Server instance that will host the database for this service application. The default value is the SQL Server Database Engine instance that hosts the farm configuration databases. 6. In Database Name, enter the name of the service application database. The default value is Secure_Store_Service_DB_<guid>. The default name corresponds to the default name of the service application. If you entered a unique service application name, follow a similar naming convention for your database name so that you can manage them together. 7. In Database Authentication, the default is Windows Authentication. If you choose SQL Authentication, refer to the SharePoint administrator guide for guidance on how to use the authentication type in your farm. 8. In Application Pool, select Create new application pool. Specify a descriptive name that will help other server administrators identify how the application pool is used. 9. Select a security account for the application pool. Specify a managed account to use a domain user account. 10. Accept the remaining default values, and then click OK. The service application will appear alongside other managed services in the farm's service application list. 11. Click the Secure Store Service application from the list. 12. In the Service Applications ribbon, click Manage. 13. In Key Management, click Generate New Key. 14. Enter and then confirm a pass phrase. The pass phrase will be used to add additional secure store shared service applications. 15. Click OK. Audit logging of Store Service operations, which is useful for troubleshooting purposes, must be enabled before it is available. For more information about how to enable logging, see Configure Secure Store Service (SharePoint 2010).
Step 2: Turn off credential options that you do not want to support
PowerPivot data refresh provides three credential options in a data refresh schedule. When a workbook owner schedules data refresh, he or she chooses one of these options, thereby determining the account under which the data refresh job runs. As an administrator, you can determine which credential options are available to schedule owners. You must have at least one option that is available in order for data refresh to work.
Option 1, Use the data refresh account configured by the administrator , always appears on the schedule definition page, but only works if you configure the unattended data refresh account. For more information on how to create the account, see Configure the PowerPivot Unattended Data Refresh Account (PowerPivot for SharePoint). Option 2, Connect using the following windows credentials, always appears on the page, but only works when you enable the Allow users to enter custom Windows credentials option in the service application configuration page. This option is enabled by default, but you can disable it if the disadvantages of using it outweigh the advantages (see below). Option 3, Connect using the credentials saved in Secure Store Service , always appears on the page, but only works when a schedule owner provides a valid target application. An administrator must create these target applications in advance and then provide the application name to those who create the data refresh schedules. For more information on how to create a target application for data refresh operations, see Configure Stored Credentials for PowerPivot Data Refresh (PowerPivot for SharePoint).
Configuring credential option 2, Connect using the following Windows user credentials PowerPivot service application includes a credential option that allows schedule owners to enter an arbitrary Windows user name and password for running a data refresh job. This is the second credential option in the schedule definition page:
This credential option is enabled by default. When this credential option is enabled, PowerPivot System Service will generate a target application in Secure Store Service to store the user name and password entered by the schedule owner. A generated target application is created using this naming convention: PowerPivotDataRefresh_<guid>. One target application is created for each set of Windows credentials. If a target application already exists that is owned by the PowerPivot System Service and stores the username and password entered by the person defining the schedule, PowerPivot System Service will use that target application rather than create a new one. The primary advantage of using this credential option is ease of use and simplicity. Advance work is minimal because target applications are created for you. Also, running data refresh under the credentials of the schedule owner (who is most likely the person who created the workbook) simplifies permission requirements downstream. Most likely, this
2 of 7
20/03/2013 15:28
PowerPivot Data Refresh with SharePoint 2010 and SQL Server 2012...
http://msdn.microsoft.com/en-us/library/ee210595(d=printer).aspx
user already has permissions on the target database. When data refresh runs under this persons Windows user identity, any data connections that specify current user will work automatically. The disadvantage is limited management capability. Although target applications are created automatically, they are not deleted automatically or updated as account information changes. Password expiration policies might cause these target applications to become out of date. Data refresh jobs that use expired credentials will start to fail. When this occurs, schedule owners will need to update their credentials by providing current user name and password values in a data refresh schedule. A new target application will be created at that point. Over time, as users add and revise credential information in their data refresh schedules, you might find that you have a large number of auto-generated target applications on your system. Currently, there is no way to determine which of these target applications are active or inactive, nor is there a way to trace a specific target application back to the data refresh schedules that use it. In general, you should leave the target applications alone, as deleting them might break existing data refresh schedules. Deleting a target application that is still in use will cause data refresh to fail with the message, Target application not found, appearing in the data refresh history page of the workbook. Should you choose to disable this credential option, you can safely delete all of the target applications that were generated for PowerPivot data refresh.
Disabling the use of arbitrary Windows credentials in data refresh schedules 1. In Central Administration, in Application Management, click Manage Service Applications. 2. Click the PowerPivot service application name. The PowerPivot Management Dashboard appears. 3. In Actions, click Configure service application settings to open the PowerPivot Service Application Settings page 4. In the Data Refresh section, clear the Allow users to enter custom Windows credentials checkbox.
3 of 7
20/03/2013 15:28
PowerPivot Data Refresh with SharePoint 2010 and SQL Server 2012...
http://msdn.microsoft.com/en-us/library/ee210595(d=printer).aspx
Step 6: Grant permissions to create schedules and access external data sources
Workbook owners or authors must have Contribute permission to schedule data refresh on a workbook. Given this permission level, he or she can open and edit the workbooks data refresh configuration page to specify the credentials and schedule information used to refresh the data. In addition to SharePoint permissions, database permissions on external data sources must also be reviewed to ensure that accounts used during data refresh have sufficient access rights to the data. Determining permission requirements will require careful evaluation on your part because the permissions that you need to grant will vary depending on the connection string in the workbook and the user identity under which the data refresh job is running. Why existing connection strings in a PowerPivot workbook matter to PowerPivot data refresh operations When data refresh runs, the server sends a connection request to the external data source using the connection string that was created when the data was originally imported. The server location, database name, and authentication parameters specified in that connection string are now reused during data refresh to access the same data sources. The connection string and its overall construction cannot be modified for data refresh purposes. It is simply reused as-is during data refresh. In some cases, if you are using non-Windows authentication to connect to a data source, you can override the user name and password in the connection string. More detail about this is provided further on in this topic. For most workbooks, the default authentication option on the connection is to use trusted connections or Windows integrated security, resulting in connection strings that include SSPI=IntegratedSecurity or SSPI=TrustedConnection. When this connection string is used during data refresh, the account used to run the data refresh job becomes the current user. As such, this account needs read permissions on any external data source that is accessed via a trusted connection. Did you enable the PowerPivot unattended data refresh account? If yes, then you should grant that account read permissions on data sources that are accessed during data refresh. The reason why this account needs read permissions is because in a workbook that uses the default authentication options, the unattended account will be the current user during data refresh. Unless the schedule owner overrides the credentials in the connection string, this account will need read permissions on any number of data sources that are actively used in your organization. Are you using credential option 2: allowing the schedule owner to enter a Windows user name and password? Typically, users who create PowerPivot workbooks already have sufficient permissions because he or she already imported the data in the first place. If these users subsequently configure data refresh to run under their own Windows user identity, their Windows user account, which already has rights on the database, will be used to retrieve data during data refresh. Existing permissions should be sufficient. Are you using credential option 3: using a Secure Store Service target application to provide a user identity for running data refresh jobs? Any account used to run a data refresh job needs read permissions, for the same reasons as those described for the PowerPivot unattended data refresh account. How to check connection strings to determine whether you can override credentials used during data refresh As previously noted, you can substitute a different user name and password at the data refresh job level if the connection is using non-Windows authentication (for example, SQL Server authentication). Non-Windows credentials are passed on the connection string using the User ID and Password parameters. If your workbook contains a connection string with these parameters, you can optionally specify a different user name and password for refreshing data from that data source. The following steps explain how to determine whether you have a connection string that accepts user name and password overrides. 1. Open the workbook in Excel. 2. Open the PowerPivot window (in Excel, on the PowerPivot ribbon, click PowerPivot Window). 3. Click Design. 4. Click Existing Connections. All of the connections used in the workbook are listed under PowerPivot Data Connections. 5. Select the connection and click Edit, and then click Advanced. The connection string is at the bottom of the page. If you see Integrated Security=SSPI in the connection string, you cannot override the credentials in the connection string. The connection will always use the current user. Any credentials that you provide are ignored. If you see Persist Security Info=False, Password=***********, UserID=<userlogin>,then you have a connection string that will accept credential overrides. Credentials that appear in a connection string (such as UserID and Password) are not Windows credentials, but rather database logins or other sign-in accounts that are valid for the target data source. How to override credentials in the connection string Overriding credentials is done by specifying data source credentials in the data refresh schedule. As an administrator, you can provide a target application in Secure Store Service that maps the credentials used to access external data. The schedule owner can then enter the target application ID in the data refresh schedule that he or she defines. For more information about creating this target application, see Configure Stored Credentials for PowerPivot Data Refresh (PowerPivot for SharePoint). Alternatively, the schedule owner can type in the set of credentials that are used to connect to data sources during data refresh. The following illustration shows this data source option in the schedule definition page.
4 of 7
20/03/2013 15:28
PowerPivot Data Refresh with SharePoint 2010 and SQL Server 2012...
http://msdn.microsoft.com/en-us/library/ee210595(d=printer).aspx
Identifying data access requirements As noted in previous sections, the account used to run data refresh and connect to external data sources is often one and the same. As such, the account used to access external data sources is determined by the options set in this part of the data refresh schedule page. This might be the PowerPivot unattended data refresh account, the Windows account of an individual user, or the account that is stored in a predefined target application.
In cases where the account used to run data refresh is different from the account used to import data (for example, the PowerPivot unattended data refresh account via credential option one, or some other set of stored credentials via credential option three), you will need to create a new database login for that account and grant it read permissions on the external data sources. Once you understand which accounts require data access, you can begin to check permissions on the data sources that are most often used in PowerPivot workbooks. Start with any data warehouses or reporting databases that are actively used, but also solicit input from your most active PowerPivot users to find out which data sources they are using. Once you have a list of data sources, you can begin checking each one to ensure that permissions are set correctly.
5 of 7
20/03/2013 15:28
PowerPivot Data Refresh with SharePoint 2010 and SQL Server 2012...
http://msdn.microsoft.com/en-us/library/ee210595(d=printer).aspx
4. In the Data Refresh section, in Business Hours, enter a start time and end time that defines the after business hours processing period. If you do not want an off-hours processing period defined, you can enter the same value for both Start Time and End Time (for example, 12:00 for both times). However, be aware that the schedule definition pages on the SharePoint sites will still have "After business hours" as an option. Users who select that option on a farm that has no off-hour processing range defined for it will eventually get data refresh errors as processing jobs fail to start. 5. Click OK.
6 of 7
20/03/2013 15:28
PowerPivot Data Refresh with SharePoint 2010 and SQL Server 2012...
See Also
Tasks
http://msdn.microsoft.com/en-us/library/ee210595(d=printer).aspx
Schedule a Data Refresh (PowerPivot for SharePoint) Configure Dedicated Data Refresh or Query-Only Processing (PowerPivot for SharePoint) Configure the PowerPivot Unattended Data Refresh Account (PowerPivot for SharePoint) Configure Stored Credentials for PowerPivot Data Refresh (PowerPivot for SharePoint)
Other Resources
Yes
No
Community Additions
ADD
SERVERS Windows Server Exchange Server SQL Server Biz Talk Server Data
DEVELOPER RESOURCES MSDN Subscriptions MSDN Magazine MSDN Flash Newsletter Code Samples MSDN Forums
GET STARTED FOR FREE MSDN evaluation center BizSpark (for startups) DreamSpark (for students) School faculty
| Site Feedback
7 of 7
20/03/2013 15:28