A normal BizTalk environment can have many applications belonging to different business units or departments within the organization. With the BizTalk Server Administration Console, it is not possible to segregate the applications for a specific set of users — say, "user 1 should only be able to access application 1, and user 2 should be able to access application 2 and application 3 and so on". With the administration console, it is basically "All-or-Nothing". Once a user gets access to the console, he can pretty much have access to all the applications in the environment. By mistake, if the user makes any changes to any of the applications, it could lead to serious catastrophes in the business operations.
BizTalk360 solves this problem by offering a fine grained authorization module in which administrators can set specific access policies to users. Let's take a real-time scenario to understand how BizTalk360 addresses the above problem.
Use Case Scenario
Scott is the support person in Contoso who is responsible to monitor the applications A_THROTTLING_APP_01 and BTS2013002_CustomerOrderRouting. He must be able to access only these applications and it is the responsibility of Bob, the Super User (administrator) to set up the access rights for Scott. To do this, Bob must,
- Log in to the application
- Click the Settings icon at the top of the page
- Click User Access Policy from the left menu bar
- Click Add New to add a new user (Scott) to the system
User/Group Name – Enter the user name as 'scott'
Domain Name – Enter the domain name. If setting up the user on a local machine that is not a part of the domain, enter the machine name as the domain name.
- Is Super User – This option should not be selected since scott is a normal user and requires restricted access to the application
Environments – Select the environment for which scott needs to have access
- Click => to set up the applications that scott access in the environment (if required)
- Select the applications A_THROTTLING_APP_01 and BTS2013002_CustomerOrderRouting that scott will have access in the environment.
- Click => to set up the permissions
- In this section, Bob needs to select the check box against Applications under Can Operation On section. By doing this, Scott will only have access to the specific two applications and can perform the operations on the applications like starting/stopping the artifacts, and so on.
- Click OK in the Permissions screen to create scott's information into the system
Click the sliders to view the process of creating Scott's user information.
Once Scott's information is available in the system and when he logs in to BizTalk360, he will only see the selected applications and will be able to perform operations on the applications. He will not be able to see the rest of the applications in the environment.