A normal BizTalk environment can have many applications belonging to different business units or departments within the organization. With the BizTalk Server Administration Console, it is not possible to segregate the applications for a specific set of users — say, "user 1 should only be able to access application 1, and user 2 should be able to access application 2 and application 3 and so on". With the administration console, it is basically "All-or-Nothing". Once a user gets access to the console, he can pretty much have access to all the applications in the environment. By mistake, if the user makes any changes to any of the applications, it could lead to serious catastrophes in the business operations.
BizTalk360 solves this problem by offering a fine grained authorization module in which administrators can set specific access policies to users. Let's take a real-time scenario to understand how BizTalk360 addresses the above problem.
Use Case Scenario
Scott is the support person in ACME who is responsible to monitor the applications BizTalk EDI Application and BTS2015002_CustomerOrderRouting. He must be able to access only these applications and it is the responsibility of Bob, the Super User (administrator) to set up the access rights for Scott. To do this, Bob must,
- Log in to the application
- Click the Settings icon at the top of the page
- Click User Access Policy from the left menu bar
- Click New to add a new user (Scott) to the system
User/Group Name – Enter the user name as 'scott'
Domain Name – Enter the domain name. If setting up the user on a local machine that is not a part of the domain, enter the machine name as the domain name.
- Is Super User – This option should not be turned on since scott is a normal user and requires restricted access to the application
Environments – Select the environment for which scott needs to have access
- Click Next to set up the applications that scott access in the environment (if required)
- Select the applications BizTalk EDI Application and BTS2015002_CustomerOrderRouting that scott will have access in the environment.
- Click Next to set up the permissions
- In this section, Bob needs to select the check box against Applications under Can Action section. By doing this, Scott will only have access to the specific two applications and can perform the operations on the applications like starting/stopping the artifacts, and so on
- Click OK in the Add Permissions screen to create scott's information into the system
- Predefined User Access Profiles section lists the default access permission for different support levels. Users can also create custom profiles to Operate, Access and/or View.
Click the sliders to view the process of creating Scott's user information.
Once Scott's information is available in the system and when he logs in to BizTalk360, he will only see the selected applications and will be able to perform operations on the applications. He will not be able to see the rest of the applications in the environment.