User Access Policy
  • Updated on 10 May 2019
  • 10 minutes to read
  • Contributors
  • Print
  • Share

User Access Policy

  • Print
  • Share

BizTalk360 allows administrators to set up fine grained authorization both at the applications level and system level. Administrators can set up access rights for users to different sections depending on the user requirements.
The following user types exist in BizTalk360:

  • Super User - Allowed to do all the tasks in a BizTalk environment
  • Normal User - Fine-grained permissions can be configured

The user can be an individual Windows NT User or a Windows NT Group. If you want to provide common access to all users in a Windows group, you can create a User Access Policy for the group in BizTalk360, provide the name of the group and enable the ‘Is NT group’ option.

NTGroup.png

You can access the User Access Policies by following below steps:

  • Log in to the application (as a Super User)
  • Click the 'Settings' icon at the top of the page
  • Click User Access Policy from the left menu bar
  • Click Manage Users option
  • Create a Normal User or edit an existing one

Switch User Types

To convert a Normal user to a Super user or vice versa, the following steps can be performed:

  • Log in to the application (as a Super User)
  • Click the 'Settings' icon at the top of the page
  • Click User Access Policy from the left menu bar
  • Click Manage Users option
  • Edit an existing user
    • To convert to Super User, enable the Is Super User toggle button
    • To convert to Normal user, disable the Is Super User toggle button

Super_CustomUser(1)

Custom_SuperUser(1)

Note:
The logged in user will not be able to edit/delete their own profile.

Application Rule Configuration

To provide access to BizTalk Applications, the following options exist:
• Grant Access by Application
• Grant Access to all Applications
• Wild Card Search
• Grant Access to Application Groups

Once the rule is configured, there is a View Application option available for Super Users, to verify who has been provided access to which applications.

AplicationRuleConfiguration.png

Grant Access to All Applications

As the name denotes, enabling this rule will provide access to all the available applications for the Normal Users/Groups. This is similar to the permissions of the Super User, who have access to all BizTalk applications.

GrantAllApplns.png

Note: The user will automatically be granted access to all the newly deployed applications. The user doesn’t need to scroll down the complete list, to select the newly deployed application(s) and provide access.

Wildcard Search

This capability enables users to select a wildcard operator from the drop down.
WildCardSearch.png

With the four options that are available in the Wildcard search, the user can select the required option and provide the search value. Once this rule is configured, the user will have access to all the applications which match this wildcard. The user will automatically be given access to the newly deployed applications that match the wildcard.
Wildcardoption.png

Grant Access to Application Groups

With this capability, you can create Application Groups and map BizTalk applications to that group. Once the user is given access to the Application group, he can access all the applications which are mapped to that group.
ApplicationGroupAccess.png

The Concept of Application Groups

With this concept, you can create groups and map related applications to these groups. This way, you can group, for example, all HR applications and give the appropriate employees access to this Application Group.
You can access the Application groups with the below steps:

  • Log in to the application (as a Super User)
  • Click the 'Settings' icon at the top of the page
  • Click User Access Policy from the left menu bar
  • Click Manage Application Groups option
  • Create a new application group or edit/delete an existing one

ManageApplnGroups.png

Now, providing access to this Application Group, will automatically enable the users to access the applications which are mapped to that Application Group. This Application Group is only related to BizTalk360 and not to BizTalk itself. When the corresponding Normal User logs in to BizTalk360, his access will be limited to these applications. Only Super Users can view and edit the Application Groups.

Note: You cannot delete an Application Group that is already mapped to a user.
DeleteApplnGroup.png

Migration Scenario

For persisting the existing configuration data, the ‘Grant Access by Application’ rule is available. Your data and configuration will be safe and migrated successfully during the upgrade.
Once the upgrade is completed, this will be the default rule which is selected for existing users. Once a Super Users edits the details for a Normal User, this rule is selected. They can now change the rule configuration as per the requirement.
The only difference between this configuration and the other new rules, is that when Grant Access by Applications is configured, newly deployed applications will not automatically be given access, as in the other rules.
AccessByApplns.png

Viewing the permitted applications

A view option has been provided in the User Settings screen. This will list all the permitted applications for the users.
ViewApplns.png

PermittedApplications.png

By viewing the permitted applications, the Super User can verify if the access to the applications have properly been provided to the users/groups.

Add Permissions

Also, when it comes to Operations, Monitoring and Analytics, administrators can set up different authorizations. These authorizations can be provided by selecting the predefined profile templates, custom profile templates or by selecting the individual modules as shown below.

AddPermissions.png

Note: In the Add Permissions section, you will find sections for Operations, Monitoring and Analytics. By default, access to Host Instances, Application artifacts and Service Instances is read-only. If a user should be allowed to action on either of these, you should select the appropriate option in the 'Can Action' pane.

Predefined Templates

BizTalk360 comes with three predefined profile templates that the user can select for providing access to the features. These templates come as part of the BizTalk360 installation. They are denoted with suffix as ‘System Predefined’ in the drop down in the Add permissions section. When the template is chosen, the corresponding features get selected.

The predefined templates are:

  • View only modules - Choosing this template will provide read only access to few features in BizTalk360This will be helpful for the Level 1 support team
  • Limited operation access - This provides access for the users to operate on Host Instance, applications and service instances
  • Full access to all modules - As the name implies, the user will have access to all the features when this template is chosen

Custom Profile Templates

To provide access to similar features to multiple users, custom profile templates can be created. The users may belong to different groups yet require similar permissions to access BizTalk360. In this case, the custom template can be selected from the drop down and given access to users easily.
You can create custom templates by following the steps mentioned below:

  • Log in to the application (as a Super User)
  • Click the Settings icon at the top of the page
  • Click User Access Policy from the left menu bar
  • Click Manage Custom Profile Templates option
  • Create a new template or edit/delete an already created template

ManageCustomTemplate.png

The custom template can be created by providing a name to the template and selecting the features to be added to the template. With this feature, for each custom template you can select particular permissions and store them as a custom template.

NewCustomTemplate.png

Once the custom templates are created, they will be available in the drop down in the Add permissions section, where the user can choose the custom template and provide access to the users/groups. Based on the selected custom template, the corresponding features in the template will be available for the users to access.

CustomTemplate_Permissions.png

Available permissions

With BizTalk360, you can give your users fine-grained access to all the features in the product. At the highest level, you have:
• Operations
• Monitoring
• Analytics

image.png

These 3 options refer to the 3 different sections of the product. The Operations section has a number of subsections like Rules, EDI, ESB Portal etc. These sections refer to the under the left hand side menu under Operations. Next, each section has one or more permissions which can be set.

The available permissions are:

OPERATIONS

  • Rules
    • Rules Composer – View policies
    • Rules Composer (Create/Save) – Create/Save policies
    • Rules Composer (Deploy/Publish) - Deploy/Publish policies
  • EDI
    • Reports – Execute EDI reports
    • Parties and Agreements (choose) – Click choose to select which Parties and Agreements can be viewed
  • ESB
    • ESB Exception Data – Execute ESB Exception Data queries
    • Resubmit ESB Message – Edit fault messages and resubmit them
  • Azure Services
    • Azure Services – View and operate on Logic Apps, view the contents of Integration Accounts
  • Data Access
    • Message Box (Queries) – Execute MessageBox Queries
    • Graphical Flow (Tracking) – Execute queries against the Tracking database
    • Secure SQL queries – Execute Secure SQL Queries. Click Advanced for more detailed permissions
    • Business Activity Monitoring – Access the incorporated BAM portal
    • Advanced Event Viewer – Execute queries against retrieved Event Log entries from BizTalk and/or SQL servers
    • Message Content/Context – View Message content/context in MessageBox Queries
  • Health Check tools
    • Backup/DR Visualizer – View configuration of BizTalk Log shipping (if that’s configured in the environment)
    • BizTalk Health Monitor – Trigger BHM runs and view the output of such runs, in case BHM has been integrated in BizTalk360
  • Security
    • Governance/Auditing – View the actions which have been taken by users in BizTalk360
  • Infrastructure Setting
    • Topology – View the topology of the BizTalk environment
    • Host – View the Host configuration of the BizTalk Group
    • Host Instances – View the Host Instances, including their state of the BizTalk Group
    • Message Boxes – View some database bound parameters about the deployed MessageBox databases
    • BizTalk Servers – View CPU/Memory utilization, Windows NT Services, Event Log entries of the BizTalk Servers
    • Manage BizTalk NT Services – View and stop/start the Windows NT services of the BizTalk servers
    • SQL Servers – View CPU/Memory utilization, Windows NT Services, Event Log entries of the SQL Servers
    • Manage SQL NT Services – View and stop/start the Windows NT services of the SQL servers
    • Tracking Manager – View all the BizTalk tracking settings in one consolidated screen
    • Manage Tracking – Manage the BizTalk tracking settings
    • SQL Server Instances – View information about the SQL instances which contain the BizTalk databases
    • Manage SQL Jobs – Stop/Start SQL jobs

MONITORING

  • Monitoring Dashboard – View the Monitoring Dashboard
  • Manage Alarm – Create/Edit/Delete alarms, including changing their state and manage what needs to be monitored
  • Data Monitoring – View/configure Data Monitoring
  • Data Monitoring Dashboard – View the Data Monitoring Dashboard
  • Alert History – View the transmitted alert notifications
  • Azure Services – Set up monitoring for Azure services like Logic Apps, API Apps and Service Bus queues

ANALYTICS

  • Analytics Dashboard – View the Analytics Dashboards
  • Throttling Analyser – View the Throttling analyser
  • Messaging Patterns – View the messaging flows which have been identified by BizTalk360
  • New Relic – Enable integration with New Relic to push performance metrics to New Relic
  • BizTalk Reporting – Create and maintain BizTalk reports you can receive via email

KNOWLEDGE BASE

  • Manage Knowledge Base - Manage Knowledge Base articles which can be associated to Service instances, Event Log entries, ESB Exceptions or Throttling states

CAN ACTION
By enabling the permissions in the Can Action pane, you enable users to:

  • Operate on Host Instances (Stop/Start/Restart)
  • Operate on BizTalk Artifacts (Stop/Start ports and orchestrations)
  • Operate on Service Instances (Resume/Terminate/Suspend instances in the MessageBox)
Was this article helpful?