BizTalk360 allows administrators to set up fine grained authorization both at the applications level and system level. Administrators can set up access rights for users to different sections depending on the user requirements. The following user types exist in BizTalk360:
- Super User - Allowed to do all the tasks in a BizTalk environment
- Normal User - Fine-grained permissions can be configured
You can access the User Access Policies by following below steps:
- Log in to the application (as a Super User)
- Click the 'Settings' icon at the top of the page
- Click User Access Policy from the left menu bar
- Create a Normal User or edit an existing one
Application Rule Configuration
To provide access to BizTalk Applications, the following options exist: • Grant Access by Application • Grant Access to all Applications • Wild Card Search • Grant Access to Application Groups
Once the rule is configured, there is a View Application option available for Super Users, to verify who has been provided access to which applications.
Grant Access to All Applications
As the name denotes, enabling this rule will provide access to all the available applications for the Normal Users/Groups. This is similar to the permissions of the Super User, who have access to all BizTalk applications.
Note: The user will automatically be granted access to all the newly deployed applications. The user doesn’t need to scroll down the complete list, to select the newly deployed application(s) and provide access.
This capability enables users to select a wildcard operator from the drop down.
With the four options that are available in the Wildcard search, the user can select the required option and provide the search value. Once this rule is configured, the user will have access to all the applications which match this wildcard. The user will automatically be given access to the newly deployed applications that match the wildcard.
Grant Access to Application Groups
With this capability, you can create Application Groups and map BizTalk applications to that group. Once the user is given access to the Application group, he can access all the applications which are mapped to that group.
The Concept of Application Groups
With this concept, you can create groups and map related applications to these groups. This way, you can group, for example, all HR applications and give the appropriate employees access to this Application Group.
Now, providing access to this Application Group, will automatically enable the users to access the applications which are mapped to that Application Group. This Application Group is only related to BizTalk360 and not to BizTalk itself. When the corresponding Normal User logs in to BizTalk360, his access will be limited to these applications. Only Super Users can view and edit the Application Groups. It is also possible to view the list of Application Groups created for an environment; editing or deleting them is done by the Super Users.
Note: You cannot delete an Application Group that is already mapped to a user.
For persisting the existing configuration data, the ‘Grant Access by Application’ rule is available. Your data and configuration will be safe and migrated successfully during the upgrade. Once the upgrade is completed, this will be the default rule which is selected for existing users. Once a Super Users edits the details for a Normal User, this rule is selected. They can now change the rule configuration as per the requirement. The only difference between this configuration and the other new rules, is that when Grant Access by Applications is configured, newly deployed applications will not automatically be given access, as in the other rules.
Viewing the permitted applications
A view option has been provided in the User Settings screen. This will list all the permitted applications for the users.
By viewing the permitted applications, the Super User can verify if the access to the applications have properly been provided to the users/groups.
Also when it comes to Operations, Monitoring and Analytics, administrators can set up different authorizations. These authorizations are described below.
In the Add Permissions section, you will find sections for Operations, Monitoring and Analytics. By default, access to Host Instances, Application artifacts and Service Instances is read-only. If a user should be allowed to action on either of these, you should select the appropriate option in the 'Can Action' pane.