User Access Policy
  • Updated on 23 Jan 2019
  • 6 minutes to read
  • Contributors
  • Print
  • Share

User Access Policy

  • Print
  • Share

BizTalk360 allows administrators to set up fine grained authorization both at the applications level and system level. Administrators can set up access rights for users to different sections depending on the user requirements.
The following user types exist in BizTalk360:

  • Super User - Allowed to do all the tasks in a BizTalk environment
  • Normal User - Fine-grained permissions can be configured

The user can be an individual Windows NT User or a Windows NT Group. If you want to provide common access to all users in a Windows group, you can create a User Access Policy for the group in BizTalk360, provide the name of the group and enable the ‘Is NT group’ option.


You can access the User Access Policies by following below steps:

  • Log in to the application (as a Super User)
  • Click the 'Settings' icon at the top of the page
  • Click User Access Policy from the left menu bar
  • Click Manage Users option
  • Create a Normal User or edit an existing one

Application Rule Configuration

To provide access to BizTalk Applications, the following options exist:
• Grant Access by Application
• Grant Access to all Applications
• Wild Card Search
• Grant Access to Application Groups

Once the rule is configured, there is a View Application option available for Super Users, to verify who has been provided access to which applications.


Grant Access to All Applications

As the name denotes, enabling this rule will provide access to all the available applications for the Normal Users/Groups. This is similar to the permissions of the Super User, who have access to all BizTalk applications.


Note: The user will automatically be granted access to all the newly deployed applications. The user doesn’t need to scroll down the complete list, to select the newly deployed application(s) and provide access.

Wildcard Search

This capability enables users to select a wildcard operator from the drop down.

With the four options that are available in the Wildcard search, the user can select the required option and provide the search value. Once this rule is configured, the user will have access to all the applications which match this wildcard. The user will automatically be given access to the newly deployed applications that match the wildcard.

Grant Access to Application Groups

With this capability, you can create Application Groups and map BizTalk applications to that group. Once the user is given access to the Application group, he can access all the applications which are mapped to that group.

The Concept of Application Groups

With this concept, you can create groups and map related applications to these groups. This way, you can group, for example, all HR applications and give the appropriate employees access to this Application Group.
You can access the Application groups with the below steps:

  • Log in to the application (as a Super User)
  • Click the 'Settings' icon at the top of the page
  • Click User Access Policy from the left menu bar
  • Click Manage Application Groups option
  • Create a new application group or edit/delete an existing one


Now, providing access to this Application Group, will automatically enable the users to access the applications which are mapped to that Application Group. This Application Group is only related to BizTalk360 and not to BizTalk itself. When the corresponding Normal User logs in to BizTalk360, his access will be limited to these applications. Only Super Users can view and edit the Application Groups.

Note: You cannot delete an Application Group that is already mapped to a user.

Migration Scenario

For persisting the existing configuration data, the ‘Grant Access by Application’ rule is available. Your data and configuration will be safe and migrated successfully during the upgrade.
Once the upgrade is completed, this will be the default rule which is selected for existing users. Once a Super Users edits the details for a Normal User, this rule is selected. They can now change the rule configuration as per the requirement.
The only difference between this configuration and the other new rules, is that when Grant Access by Applications is configured, newly deployed applications will not automatically be given access, as in the other rules.

Viewing the permitted applications

A view option has been provided in the User Settings screen. This will list all the permitted applications for the users.


By viewing the permitted applications, the Super User can verify if the access to the applications have properly been provided to the users/groups.

Add Permissions

Also, when it comes to Operations, Monitoring and Analytics, administrators can set up different authorizations. These authorizations can be provided by selecting the predefined profile templates, custom profile templates or by selecting the individual modules as shown below.


Note:In the Add Permissions section, you will find sections for Operations, Monitoring and Analytics. By default, access to Host Instances, Application artifacts and Service Instances is read-only. If a user should be allowed to action on either of these, you should select the appropriate option in the 'Can Action' pane.

Predefined Templates

BizTalk360 comes with three predefined profile templates that the user can select for providing access to the features. These templates come as part of the BizTalk360 installation. They are denoted with suffix as ‘System Predefined’ in the drop down in the Add permissions section. When the template is chosen, the corresponding features get selected.

The predefined templates are:

  • View only modules - Choosing this template will provide read only access to few features in BizTalk360This will be helpful for the Level 1 support team

  • Limited operation access - This provides access for the users to operate on Host Instance, applications and service instances

  • Full access to all modules - As the name implies, the user will have access to all the features when this template is chosen

Custom Profile Templates

To provide access to similar features to multiple users, custom profile templates can be created. The users may belong to different groups yet require similar permissions to access BizTalk360. In this case, the custom template can be selected from the drop down and given access to users easily.
You can create custom templates by following the steps mentioned below:

  • Log in to the application (as a Super User)
  • Click the Settings icon at the top of the page
  • Click User Access Policy from the left menu bar
  • Click Manage Custom Profile Templates option
  • Create a new template or edit/delete an already created template


The custom template can be created by providing a name to the template and selecting the features to be added to the template. With this feature, for each custom template you can select particular permissions and store them as a custom template.


Once the custom templates are created, they will be available in the drop down in the Add permissions section, where the user can choose the custom template and provide access to the users/groups. Based on the selected custom template, the corresponding features in the template will be available for the users to access.


Was this article helpful?