Microsoft Office Tutorials and References
In Depth Information
delegation. In addition, the access model between the WFE and the ECS should be set to Delegation. If
the WFE and the ECS are on separate machines, the central IT department will need to set up
delegation between the WFE and the ECS as well. The workbook author will have to set the connection to use
Workbook Embedded Credentials
The workbook author can save in the workbook specific credentials to be used when connecting to a
database. Then all users who open that workbook can use the credentials.
The main advantage of this method is its simplicity. The author can publish a workbook to the server
and allow all other users to connect to any database that supports database credentials. In addition, it is
very good in terms of performance, because everyone uses the same credentials, which enables them to
share the cached query results.
The main disadvantage is that all users who can view the workbook receive permissions to perform
the query from the database. This method is almost equivalent to sending these credentials to all
users. It is good for cases in which those credentials would normally be known to everyone in the
Anyone who has access to the workbook can get the password that is stored in the file. You can limit this
disclosure by saving the workbook into a document library to which only the author has open rights and
all other users have only view rights.
To specify that a connection should use embedded credentials, set the Server Authentication to None,
write the user and password to the connection string, and select Save Password.
The ECS will log in as the unattended account when creating the connection to the database. The query
will fail if the unattended account is not defined correctly.
The administrator can define a special account to be used when the author defines a connection with the
authentication type set to None. This account is called the unattended account . The unattended account is
defined in the External Data section of the Excel Services Settings (see Figure 5-9).
Connections with a None authentication type will fail if the unattended account is not defined and/or if
the user or password is incorrect.
If the unattended account is defined correctly, the ECS logs in as the unattended account when creating a
None connection type. The ECS then passes the connection string, which may or may not contain a
database username and password, to the database. If the database does not find any user and password on
the connection string, it works as the unattended account. (The previous section described what happens
when there is a database user and password.)
To increase the security of your system, either don’t define the unattended account or define it as an
account with very low privileges and no access to the databases. When you use a low-privilege account,
the ECS is allowed to use embedded workbook credentials, but it cannot use the unattended account to
connect to a database.