User Access Policy – The New Look for Application Access

|  Posted: September 20, 2018  |  Categories: BizTalk Server BizTalk360

We are super excited to welcome our new release version of BizTalk360, v8.9. There has already been a series of blogs explaining the features coming up in the release. Here is another such blog which explains the enhancements done in the User Access Policy section in v8.9.

User Access Policy is one important feature in BizTalk360, where you can provide access to certain applications in your BizTalk environment to Normal Users and NT groups. This is not available at the BizTalk server level. The importance of this feature can be read here “Why did we build User Access Policy to Manage BizTalk Server Security?

Customer Feedback getting answered

In BizTalk360, we aim at improving the product and adding new features based on the customer feedback and business scenarios. The Feedback portal is one such platform for the customers to provide their suggestions on which can be voted by other customers, if they feel that these ideas fit in their business requirements as well. It’s based on the priority of voting the features and enhancements before getting picked up for development. One such feedback was the access to newly created BizTalk applications.

Hence, in the new release we thought of giving a fresh coat of paint to this feature, based on the feedback we received.

What’s New in User Access Policy

BizTalk360 supports management of multiple BizTalk Server environment from a single console. So, you can set up security and access rights from a single place. You can either configure security for individuals or as team (ex: Create an NT Group called “BizTalk Production Support”).

Now here comes the twist on the Application access. For your information, the rest all remains the same.

In earlier versions, it was a simple grid displaying all the available applications in a BizTalk environment and you can select the applications to provide access to Normal Users/Groups. But now we have slightly modified this, to provide multiple options for providing access to the applications. This would surely be more user friendly and of course meet the requirements. The different options include:

  • Grant Access by Applications
  • Grant Access to all Applications
  • Wildcard Search
  • Grant Access to Application Groups

Only one rule can be applied at a time. This holds for both users and groups. We shall have a detailed look at each one of them.

Grant Access to All Applications

As the name denotes, enabling this rule will provide access to all the available applications for the Normal Users/Groups. This will be similar to the permissions of the Super User who will have access to all applications.

Note: The user will automatically be granted access to all the newly created applications. The user doesn’t need to scroll down the complete list, to select the newly created application and provide access. The extra burden to check for the new applications is now reduced.

Wildcard Search

This is the new capability introduced in this release. It enables users to select the options from the wildcard operator drop down.

With the four options that are available in the Wildcard search, the user can select the required option and provide the search value. Once this rule is configured, the user will have access to all the applications matching this wildcard.  The user will automatically be given access to the newly created applications that match the wildcard.

This will save a lot of time because in a business scenario, the applications will be named based on specific activity and it would be easy for the admins to select the appropriate wildcard option and provide access. This would be quite interesting and easy option for configuring access to these applications.

Grant Access to Application Groups

We know about the BizTalk Group. But what is this Application Group? Sounds new, isn’t it? Yes, it is new to BizTalk360. With this new capability, you can create Application Groups and map the applications to that group. Once the user is given access to the Application group, he can access all the applications mapped to that group.

The Concept of Application Groups

The Application Group is something new to BizTalk360. We always aim at providing a user interface that must ease the work of the customer, with minimal configuration. You can create a group and map the related applications to that group.

Now, providing access to this application group will automatically enable the users to access the applications which are mapped to that Application Group. This Application Group is only related to BizTalk360 and not to BizTalk itself. When the corresponding Normal User logs in to BizTalk360, his access will be limited to these applications. Only Super Users can view and edit the Application Groups.

The Normal Users/Groups will have access to other modules in BizTalk360, based on the applications only. The concept of Application Groups was created to ease the work of the admins.

It is also possible to view the list of Application Groups created for an environment; editing or deletion them is done by the Super users.

 

Scenario

Do you know what happens if you try to delete an Application Group that is already given access to a Normal user? It is not possible to delete that Application Group. The exception message would be captured and displayed in the UI.

This way, it would be easy to identify the association between the user and the Application Group.

Would it not be interesting to try this out?

What would happen to existing user configuration?

Now that we know what the different available options are for associating the applications to new users/groups. At this point of time, there must be a question coming up on what would happen to the existing users created when we upgrade from an older version to the new version of BizTalk360.

  • Will all that information be lost?
  • Do I need to create all the users once again and configure the rules?
  • Will the user data not get migrated during the upgrade?

Lot more questions would come up during the upgrade, as this is a critical area of security and there would be different users and groups which are already created and provided access to the applications.

Please don’t panic. As promised, we always take care of your data and configuration and migrate them successfully to the new version. There will not be any data loss.

Yes, your data and configuration are safe and will be migrated successfully during the upgrade. Now, said that the data will be safe, what will happen to the User configuration data after the upgrade? There was no concept of Wildcard or Application group in the previous versions. The only which was available, was to select the applications from the grid and save them.

For persisting the existing configuration data, we have another rule available: ‘Grant Access by Application’. You will probably be happy to hear that!

 

Once the upgrade is completed, this will be the default rule which is selected for existing users. Once the Super users edits the details for a Normal User, this rule is selected. They can now change the rule configuration as per the requirement.

The only difference between this configuration and the other new rules is that when Grant Access by Applications is configured, newly applications created will not automatically be given access as in the other rules.

Viewing the permitted applications

Once the rule is configured, there is a view option for the admin to verify who have been provided access to which applications. Here is the option that we have given:

A view option has been provided in the User settings screen, which will list all the permitted applications for the users.

By viewing the permitted applications, the Super User can verify if the access to the applications have properly been provided to the Normal users/groups.

Conclusion

With the new look for application access, we are convinced that we brought a great new feature 😊. It will save time for the admins to provide access to users and groups. It will now be easy for users to take care of the newly created applications as well. Once the rule is configured, it is all set and no need to worry about new applications.

Happy monitoring with BizTalk360!

 

Author: Praveena Jayanarayanan

I am working as Senior Support Engineer at BizTalk360. I always believe in team work leading to success because "We all cannot do everything or solve every issue. 'It's impossible'. However, if we each simply do our part, make our own contribution, regardless of how small we may think it is.... together it adds up and great things get accomplished."

Back to Top