- 25 Nov 2021
- 7 Minutes to read
- Updated on 25 Nov 2021
- 7 Minutes to read
Auditing BizTalk360 Activities
BizTalk360 Auditing is implemented to audit the activities done by users of BizTalk360. Through this feature, users can have a clear view about, which user has made which changes in BizTalk360.
Activities performed in the following sections are audited:
- Manage Alarm
- Manage Mapping
- Secure SQL Queries
- BizTalk360 Licenses
- User Access Policies
Manage Alarm audit
Being able to manage alarms in BizTalk360, is an important feature in the monitoring section, in which users need to create an alarm as a first step to monitor the BizTalk server’s Application Artifacts, BizTalk /SQL Environments, Folder locations, Queues, Azure Services, etc.
The following operation activities done at the Manage Alarm section will be audited:
- Create - Alarm creation includes creating a new alarm, copying an existing alarm, and creating a Quick Alarm
- Update - Update operations include changing the alarm configuration details, changing the status (Enable/Disable) of an alarm
- Delete - Delete operations include deleting a single or multiple alarm(s)
While performing a Delete operation or Updating the status (Enable/Disable) of an alarm, the user can (optionally) provide the reason why the action is performed in a confirmation box. The same details will be logged in the Audit section.
Super Users and Normal Users, who have access to the Governance & Audit and Manage Alarm section can view the Alarm activity details under Environment Settings ->Governance Audit -> BizTalk360 Activities -> Alarm.
Manage Mapping audit
BizTalk360 has the capability to monitor artifacts such as BizTalk Application artifacts, BizTalk platform components, BizTalk Servers, Azure services, File Location, Queues, SQL server instances, and SQL servers.
Users can map the artifacts for monitoring to an alarm in the Manage Mapping section. The alarm will check for the current state of the mapped artifacts, and when a threshold condition gets violated, the alarm will send an alert.
The following operation activities, which can be performed from the Manage Mapping section, will be audited:
- Map - When an artifact is mapped to an alarm and configured with threshold condition for monitoring
- Modified - When threshold configuration of already mapped artifacts gets modified
- Unmap- The artifacts which are mapped for monitoring can be unmapped from 2 sections:
- From the Alarm mapping section (Monitoring -> Home -> Alarm Mapping)
- From the Manage mapping section (Monitoring -> Manage Mapping)
When a user removes artifacts from being monitored, this will be audited as an UnMapped operation. Upon unmapping, a Confirmation pop-up will show up, in which the user can provide the reason for removing the mapping. The same details will be logged for auditing.
Secure SQL Query audit
Secure SQL Query functionality in BizTalk360 acts as a query repository in which SQL queries can be stored and executed. The queries can be accessed by BizTalk360 users without the need to access SQL Server Management Studio.
Since the queries are getting executed against SQL instances and databases, it is important to audit the Query operations.
Secure SQL Query auditing will log the below operations done at the Secure SQL Query section:
- Create - The Create operation includes creating a new secure SQL query. Only users who have the SQL query permissions can create new secure SQL queries in BizTalk360
- Delete - Only users who have the Delete Query permission can delete queries. Deleting the default (out-of-the-box) queries is not permitted in Secure SQL Query. When performing a Delete operation, a confirmation box will pop up in which the user can (optionally) provide the details of why the action is performed
- Edit - Only users who have Edit Query permissions can edit custom SQL queries. Users are not allowed to edit the default (out-of-the-box) Secure SQL Query
The Secure SQL Query audit details contain a summary of the audit which will provide a detailed view of the previous value and current value.
Super Users and Normal Users, who have permission to access Governance & Audit, Secure SQL Query section can view the Secure SQL Query operation activity details under Environment Settings -> Governance Audit -> BizTalk360 Activities -> Secure SQL Query
BizTalk360 License Auditing
In BizTalk360, License activation and deactivation is the first major step involved before performing any other operation. Since we understand the importance of Licensing, it is important to give clarity to the customer, which user has activated or deactivated the license. Only superuser can view the licensed activity auditing details under Governance Audit -> BizTalk360 Activities -> License Audit.
License auditing will audit the below actions:
- Activate - License Activation can be performed with an Internet connection and without an internet connection i.e. Activation/Manual Activation
- Deactivate - License Deactivation can be performed with an Internet connection and without an internet connection i.e. Deactivation/Manual Deactivation
- Remove – In case of new license update or change in license tier
Scenario: Consider an environment has multiple user any user who has superuser permission can activate, deactivate or remove the license at any time. If one of the users deactivated the license in one environment and activated the same in another environment, then no other user under that environment can use the BizTalk360 application. Which may lead to lot many confusions. In such cases, the License auditing feature will be a helping hand to know what actually happened and which user has done the changes.
User Access Policy auditing
In BizTalk360, one of the important features is User Access Policies. These user policies allow to create sets of user profiles to decide which user has what permission in BizTalk360.
- Manage user - Manage user feature allows the creation of Superuser, Normal user, and NT user, through which the user can set up access rights for users to different sections depending on the user requirements
- Custom user profile - In this section, users can provide access to similar features to multiple users, by creating custom profile templates
- Application groups - This allows you to create a group of the application as a predefined template and can use for different users as per their business needs
Manage Users in the User Access policy is the most sensitive section where any change in the user policies may lead to a major impact while accessing BizTalk360. The user may tend to change the permission based on the requirement, in which manual errors like selecting the additional feature or deselecting the required feature may lead to confusion and even has chances of deleting the user. This can be handled with the User access policy auditing feature.
Super Users and Normal Users, who have access to the Governance & Audit can view the User Access Policy activity details under Environment Settings -> Governance Audit -> BizTalk360 Activities -> User Access Policy Audit.
Users access policy Activities will log the below operations done in the Manage users’ section:
- Add - On adding a new user the operation will be logged in the auditing section. The user who has super user permission are allowed to create users
- Update - A super user is allowed to edit the user by adding or removing the permission for accessing the BizTalk360 features and can also edit the access on application
- Remove - A super user is allowed to remove the user by clicking on the delete button
- Switch user - A super user can change the role between the users, you can either switch the role from Normal user to Superuser or from Superuser to Normal user
Manage Custom User Profiles:
Custom User Profile provides you to access similar features to multiple users by creating custom profile templates. The users may belong to different groups yet require similar permissions to access BizTalk360.
Users access policy Activities auditing will log the below operations done in the Manage Custom User Profiles section:
- Create - Create operation will audit custom user profile creation
- Update - Update operation includes changing the description and on add or remove profile permission will be audited
- Delete - Delete operation will audit when deleting the custom profile
The user who as supper user permission are only allowed to create the Custom profile.
Application Groups allows for the creation of groups and map the related applications to these groups. Say, for instance, all applications related to banking can be grouped under an application group name and can map the same to the appropriate users to access this Application Group.
Users access policy Activities auditing will log the below operations done in the Manage Application groups section:
Create: Create operation will audit application group creation.
Update: Update operation audit on add or remove application permission.
Delete: Delete operation will audit when deleting the application groups.