Every release, we aim at improving the usability of BizTalk360 by adding new features and enhancing existing features as per customer needs. At the moment, we are working on release v9.0.2 of BizTalk360 and we are very excited to blog about a feature which introduces Auditing for BizTalk360 Licensing and User Access Policy activities.
When it comes to cutting edge technology, security is the main key factor we always need to consider. Keeping that in mind we implemented auditing for BizTalk360 activities, in addition to the auditing capability for Alarm, Artifacts Mapping and Secure SQL Query activities, which we already have in the product.
License activation is the first step to be able to use the BizTalk360 application. It is a must to audit the License activities, so we are bringing this feature in our upcoming release v9.0.2. Let us consider the scenario where we have multiple super users and all the super users will have access to manage the BizTalk360 license. So anyone can activate, deactivate or remove the license at any time. If one of the users deactivated the license in one environment and activated the same in another environment, then no other user can use the BizTalk360 application. Without knowing that, other users may try to activate the same key and then they will get an exception saying, “There is already an active license for this order number/license code”. This may lead to lots of confusion. But now, with this license auditing feature, all the licensing activities will be audited. The administrator can easily get to know if any licensing changes are made in an environment.
In License auditing, you will be able to see the activities like License Activation, Deactivation and Removal of licenses, along with the details like Environment name, Product License Type, Environment Type, Order number, License code, License edition and Max BizTalk servers.
User Access Policy Auditing
After the License activation, the next important activity will be creating Super/Custom users and provide access to the BizTalk360 features. This action can be done at BizTalk360 User Access Policy section and it’s very important to audit these activities.
In User Access Policy auditing, BizTalk360 captures the below activities:
- Adding Super/Custom users
- Modifying the access permission for existing users
- Removing users from an environment
- Creating, Modifying or Deleting the Application Groups
- Creating, Modifying or Deleting the Custom User Profiles
More information about these activities can be seen in the details view.
In the User Access policy => Manage Users section, you can add users as Superuser or Custom user. If you add a user as a Super User, then the user will have access to all environments. Otherwise, if you add the user as a Custom User, then the user will have access only to the provided environments. You can also give module wise access to the custom users.
If there is any need of role change between the users, you can also do that by switching role from Normal user to Superuser or from Superuser to Normal user.
Above all, the activities will be audited under User Access policy Activities in Governance and Audit.
In the Details view, you can see who has done that activity, whether the added user is a Superuser or a Custom user, rules you applied for the user and user template, in which you can see what all the modules are the user will have access to.
You can also see the inner level auditing. For example, in “Secure SQL Queries”, you can give access only to particular queries in which they can do the provided actions, like Adding query, Edit and Execute the query, etc.
To understand the applied changes, you can see all the updated values by comparing with the previous values. For user profile templates, you can see the difference by color codes (Red – removed access, Green – Added access).
Manage Custom Profile Templates
In the User Access Policy => Manage Custom Profile Templates section, you can create user profile templates in which you can provide access to a set of modules. While adding (or modifying) a custom user, you can choose the right template to easily provide the user with the required access.
These activities (Creating, Editing and Deleting User Profile templates) will be captured under User Access Policy Auditing.
Manage Application Groups
In the User Access Policy => Manage Application Groups section, you can create groups which contain a set of BizTalk Applications. While configuring Application rules during user creation, you can select those Application Groups. The user will have access only to the applications which are configured in those Application Groups.
The creation, updating and deletion activities of Application Groups will be captured in User Access Policy auditing.
The same details can also be seen in Live Feed, just by enabling the Live Feed in BizTalk360 settings section
To avoid running out of disk space, purging needs to be done for older data. In BizTalk360, we are providing a configurable purging policy for the data in Governance/Audit. Administrators/Superusers can set up the purge duration under Settings. Audit data will persist in the BizTalk360 audit table based on the purge policy setup.
As discussed before, if a user accidentally did some changes on license activation/deactivation or User Access Policy configurations, then you can easily track those activities and can revert back to the existing configuration if needed using BizTalk360 Auditing.