While this might not be the best idea for exposing LOB data, there may be times when you want all authenticated users to have the ability to have read access to an External List. This can be accomplished fairly easy, using out-of-the-box tools and menus – no code needed.

Here’s how (Note: I’m assuming you already have working BDC and Secure Store Service Applications):

1. Create a new Secure Store Target Application, call it whatever you want – but make sure you choose Group as the type.

2. In the Target App contextual menu, use Set Credentials to apply the credentials you wish to use.

3. Create a new External Content Type (or edit an existing) – in the External System settings, enter the DB Server, DB Name and choose Connect with Impersonated Windows Identity. Enter the name of your Target Application in the Secure Store Application ID field.

4. Create an External List using your new External Content Type. It should work for anyone who has permissions to the SPWeb.

It’s really as simple as that, and I’m mainly blogging this because as simple as it is – I continue to forget a step here and there. 🙂