For any secured application environment, User access & Licensing are essential modules. In this blog post, we are going to briefly discuss the User Access Policies and License restrictions that are available in the BizTalk360 v10. BizTalk360 has the ability to configure the access level of Users/Groups and with respect to licensing, it has multiple tiers.
Customers want to run their business system in a highly secured environment. It’s important to have security when you are handling critical data. BizTalk360 supports multiple BizTalk Environments in a single console. The User Access policy feature provides you security set up and access rights in a single window.
Based on their requirement, customers can purchase a BizTalk360 license for the features they require. Features are carefully curated and mapped to the licenses so that customers can purchase the relevant license and are not required to pay for any unused features. In case a customer purchased a non-platinum license, but is interested in a couple of features from a higher tier, they can purchase such features, using a custom license. We will discuss this briefly later in this blog.
License Restrictions in v10
In this section, we are going to discuss BizTalk360’s licensing types and restrictions. The various features and packages can be accessed based on the purchased license tier.
After installing BizTalk360, license activation is the initial process to step into the product. BizTalk360 will have one environment, which is created by default, that can be used to activate the license.
BizTalk360 offers the following Licenses:
- Trial License
- Commercial License
- Product License
- Partner License
Trial License – All the features in BizTalk360 can be accessed using a trial license within the specified period. Usually, the period is 14 days from the date of activation. The trial keys can be applied in any number of environments. However, the key will be valid only for the period of 14-days and will expire after that. The process of activating a trial license can be known from the article Activating Trial License. The trial license can be activated using an Order Number and a License Code. You can reach out to our license team at BizTalk360 Free Trial for a Trial License.
Commercial License – As the name suggests, this license tier is for commercial purposes. Depending on your requirements, our license team will guide you to the best package and license type. With a Commercial License, the following environment types are available:
- Disaster recovery or Staging
In addition, a Commercial license has Silver, Gold and Platinum tiers.
Here is the screenshot of various serviceable features under the different tiers of commercial License:
Partner License – To use BizTalk360 for consulting companies, you can opt for a Partner License. Consulting companies who pursue in BizTalk Server/Integration consulting must pick this license type. The Partner License can be activated using an Order Number, a License Code, and a Consultant Name.
Product Specialist License – A Product Specialist might be a software developer, a systems administrator, or SME’s who wants to use BizTalk360 to stay informed about the product.
Custom License: Add-On
With the add-on facility the license’s features can be customized as per the business requirement. A Silver grade commercial license can get some useful features that are available under Gold/Platinum grade. For a real-world example: A customer needs all features available in Silver grade, plus BAM Portal from Gold grade and Analytics Dashboard from Platinum grade. Purchasing a custom license can be cheaper than going for a full Platinum tier. Please refer to the Quote request page for custom license related requirements.
User Access Policies in BizTalk360 v10
User Access Policies allow to configure the security and access permissions in a single place. Individual or team security can be managed and you can provide access to specific applications in your BizTalk environment to Windows Users or NT groups. In BizTalk360 v10, you find User Access Policies under Settings -> Team Management. In Team Management there are three sections: Manager Users, Manage User Profiles, and Manage Application Groups.
This is the feature where we can create, modify, and delete user access policies. BizTalk360 provides two levels of authorization at the Applications Level and the System Level. Administrators can set up the access rights for users to various sections based on the user requirements. In BizTalk360 we have the following user types:
- Super User – Has access to all the functions in a BizTalk environment
- Normal User– Access to the functionalities can be configured
A BizTalk360 user can be an individual Windows NT User or a Windows NT Group. To provide common access to all users in a Windows group, you can create a User Access Policy for the group in BizTalk360, provide the name of the group and enable the “Is NT group” option. The users can be created for different environments in the “Manage user” window.
You can also switch between user types.
Here, a Normal User has been converted into a Super User. A logged-in user can’t edit/delete their own profile.
In BizTalk360, user access policies provide Application-level security which means you may not need to give access to the user for the entire BizTalk Environment. The BizTalk360 provides full flexibility, what level of permission you want to assign for each user or team. So, we can choose the needed Applications, which a user/team requires to access. By using this User Access policy feature we can configure our product in a secured way.
In order to access BizTalk Applications, the following ways are available:
- Grant Access by Application
- Grant Access to Application
- Groups Wild Card Search
In User Permission – Applications screen, only one rule can be applied at a time. Once this rule is configured, the user will have access to the BizTalk Applications accordingly.
Grant Access by Application
In this section, you can select particular or all the available applications.
By clicking on the “Select All” option, the user will be able to access the existing BizTalk applications, but also to any new Application that is created in the future.
A view option has been provided to list all the permitted applications for the users.
Grant Access by Application Groups
Sometimes you may need to apply the same set of access rules to multiple users. Instead of assigning access rules to those users individually, we can create a rule set and assign it to the relevant users. This is only related to the BizTalk360 Environment, not to the BizTalk Admin console. This helps to reduce the workload of the admins.
BizTalk360 v10 provides a simple User Interface to set-up the access rules of groups with a minimal configuration. In this section, Application Groups can be created and mapped to BizTalk applications. Once the user is given access to the Application group, he/she can access all the applications that are mapped to that group.
There are four options available in the Wildcard search, the user can select the required option and give the search value. Once this rule is configured, the user will have access to all the applications that match with this wildcard. The user will also automatically be given access to newly added applications that match the wildcard.
Manage User Profiles
In the User Permission – Features section, you will find sections for Operations, Monitoring, and Analytics. We can set up different authorizations for the Operations, Monitoring, and Analytics Sections. These authorizations can be provided by selecting a profile template.
Profile templates help in easily providing permissions to a specific ruleset. Instead of selecting the individual features, the templates would help in easy selection. This will help the admins to provide similar access to various users within a short span of time.
There are two templates available in v10, Predefined Profile Template and Custom Profile Template
BizTalk360 has three predefined profile templates. When we install BizTalk360, they are denoted by suffixes as “System Predefined” in the drop-down in Add permissions section. Features are selected according to the template.
The following predefined templates are available in BizTalk360:
- View only modules– Selecting this template will provide read-only access to a few features in BizTalk360
- Limited operation access– This provides access for the users to operate on Host Instances, applications, and service instances
- Full access to all modules– When this template is chosen, the user will have access to all the features
Custom Profile Templates
For granting access to similar features to various users, we can create custom profile templates. Different groups of users may require similar permissions to access BizTalk360. To ease the process of making changes in enabling/disabling few features for some users, you can select a custom template from the drop-down and provide access to the users accordingly.
A custom template can be created by providing a name to the template and selecting the features to be added to the template. We can select feature’s permissions and bind them as a custom template.
Created custom templates are listed in the drop-down in the User Permissions – Features section, where the user can choose the custom template and thereby allowing access to the users/groups. Depending on the selected custom template, users can access the corresponding features.
Manage Application Groups
For certain business requirements, it would be necessary to group certain related applications and provide access to those applications to a specific group of users. To ease this, we have the concept of application groups in BizTalk360 where the applications can be grouped into a certain Application group and the group can be selected in the user access policy section. This section contains the options to create application groups and map several applications to the group.
Application Groups enable the users to access the applications which are mapped to it. This Application Group feature is only applicable for BizTalk360 and not for the BizTalk Admin console itself. When the corresponding Normal User logs in to BizTalk360, his/her access will be limited to these applications. An Application Group that is already mapped to a user cannot be deleted. Super Users can view and edit the Application Groups.
In BizTalk360 v10, the enhanced User access policy and License features User Interface, help you to easily understand the permissions and restrictions in the BizTalk360 Environment. This makes it easy to get the clear picture of the product with the redefined UI and new look. Would you like to try out all the features? We have a free trial for you. Stay productive with BizTalk360!