biztalk user group

How is access security implemented in BizTalk360 for BizTalk User group?

Each BizTalk administrator aspires to have a place where he or she does the following:

  1. May provide access to users
  2. Restrict access to a particular level
  3. Grant feature level permissions to team members, letting them know who can do what in his environment.

Here, “Team management” is a feature offered by BizTalk360 that enables users to grant or restrict permissions to team members. Let’s look at how security is implemented for this feature.

To access Team Management in BizTalk360, users require a license in BizTalk360, click here to get to know more about licensing in detail.

Key takeaways from this blog

Manage users

In the Team Management -> Manage Users area, admin users have the ability to add users as:

  1. Super Users
  2. Custom Users

A user will have access to all environments if they are added as a Super User. You can also modify the roles of the users by switching from Custom user to Super user or vice versa if necessary. Above all, the activities will be audited under User Access policy in Governance and Audit section.

Differences between Super Users and Custom Users

To keep it simple,

  1. Super users – also referred to as Admins, who have full access to the environment.
  2. Custom users- giving them access to the specific environment or specific feature.

Application level access

BizTalk360 supports management of multiple BizTalk Server environments from a single console. So, you can set up security and access rights from a single place. Users can either configure security for individuals or as a team.

   For example, create an NT Group and you can name it as “BizTalk User group”.

There are four different options available like:

  1. Grant Access by Applications
  2. Grant Access to all Applications
  3. Wildcard Search
  4. Grant Access to Application Groups

This link will be helpful in understanding the types of application level access in BizTalk360.

Profile template

BizTalk360 team completely understands that each user will have different requirements in an organization. Say a Level1 support engineer would only require access to view the data in the application whereas a Level3 support engineer would require access to operate on the artifacts in the environment. The same may not be the case with a business user who is more concerned of the business related modules in BizTalk360 such as BAM portal, Business rules and so on.

Therefore, to provide flexibility to each user, BizTalk360 has the permission screen where the Super User (administrator) can set up “Who needs access to which modules in the application, and what level of access- view/access/operate”.

 BizTalk360has fine-grained permissions in consideration for the level of security required for accessing the features and carrying out the activities with the BizTalk environment. The permissions to the BizTalk360 features can be chosen from the list of features under each part whenever a new user is created and saved to the user profile. Only the features that have been added to his/her profile are available to the new user when he/she logs into BizTalk360.

In the earlier versions, the features were selected from the list or from the predefined templates available. These predefined templates come as part of the installation. There are three predefined templates available:

  1. View only modules: This template will provide read-only access to few features in BizTalk360. This will be helpful for the Level1 support team.
  2. Limited operation access: This provides access for the users will have access to all the features when this template is chosen.
  3. Full access to all modules: This provides full access to all modules.

Custom selection

To provide access to similar features to multiple users or team members, custom profile templates can be created. This makes your work much easier and less time consuming as well. The users may belong to different groups yet require similar permissions to access BizTalk360.

You should give the template a name before choosing the features you want to include. Users must give the template a name before choosing the features that they wanted to include. With the help of this feature, users can pick specific permissions for each custom template and save them as a custom template. The user can choose a custom template and grant access to the BizTalk user groups by selecting it from the drop-down menu in the User permissions – features section once the custom template has been generated.

Once the custom templates are created, they will be available in the drop-down in the User permissions – features section, where the user can choose the custom template and provide access to the BizTalk user groups.

Granular feature level permission

Sometimes users might feel that inner level permission is required, where in certain features we have provided granular feature level permissions in BizTalk360.

Secure SQL Queries – What’s is this?

BizTalk members will typically have a bunch of queries they run on a regular basis to get some reporting on BizTalk databases. Each individual team member will have their own set of SQL queries and they manage it on their local machines which will result in two things, useful reporting queries are not shared between team members, and maintaining the queries in SQL files and accessing different files for the different environment is not productive.

BizTalk360 allows users to save the SQL Queries so that the queries can be saved under a centralized area and available for access to all the BizTalk members.

Now let’s see how users can provide permission like who can access what and how.In Secure SQL Queries, let’s take a look at the following inner level permissions:

  • Add query
  • Edit & Execute query
  • Edit & Save query
  • Delete Query
  • Export results

Let us consider an example,

Let’s assume that you wanted to provide newly added user to only Edit & Save query option alone.

Secure SQL Queries

In such cases, users can enable only the Edit&Save query option and custom user will have access only to the selected option.

Alarm selection

Once alarms are created, super users can provide access to specific alarms which the custom users can access. For example, if users want  their custom user to access only the Data Monitoring alarms and not the rest. In such a case, super users can enable only the alarm that is required.

Alarm selection

Access to dashboard

Administration dashboard – Here users are privileged to enable the functionality of following 

Access to dashboard
  1. Manage Dashboards – Users can create, edit, and delete dashboard
  2. Manage Widgets – Users can add, remove, and customize widgets
  3. Export Dashboard – User can export dashboard as PDF

Tracking and Message content/context view

Tracking queries, this assists the users in visualising the entire message flow in one page/view. It encapsulates details for the following:

  • Service Instances
  • Send ports
  • Orchestrations
  • Receive ports

With regards to messages all message properties can be viewed. Execute your queries against the BizTalk Tracking database and view the below information in a consolidated screen:

  1. Properties
  2. Context of the messages
  3. Content of the messages
BizTalk user group

Click here to know more about the feature and users will get an clear overview how they can fit in their business users to support their BizTalk solutions

Let’s see how this works with Team Management, if users wants to restrict certain level of access to their business user like if business users wants to take a look only on the flow of messages and not the properties, context and content of the messages. In such scenarios, via BizTalk360 users can provide restrictions by disabling the option.

BizTalk user group

Governance and Auditing

Security is the most important factor that we should constantly take into account when it comes to any cutting-edge technology. Let’s take an example and see how the impact of such activities can cause huge business disruption.

If someone has accidentally stopped any of host instances, in this case, nobody would be ready to take the blame, and this can definitely breach the business process hence and hence auditing has been implemented for Administration and Configuration activities with all of this in mind. The attached screenshot provides necessary information about how auditing is taking place for the User access policy.

Governance and Auditing

Conclusion

With the Team management and auditing features in BizTalk360, we believe this will be extremely beneficial in your day-to-day activities in managing and monitoring your team members or BizTalk user group. If you wish to further know more about the product, we are happy to assist you further and looking forward for an obligation-free conversation. You can either request a demo or take a free trial.