Export (0) Print
Expand All

Minimum Security User Rights

The groups and accounts that BizTalk Server uses have the minimum user rights they need to perform most tasks. Therefore, there are some tasks where you may need more user rights than the ones BizTalk Server automatically has granted the group to which you belong. The following table describes the Minimum Security User Rights you need to perform tasks in BizTalk Server.

TaskUser Rights
Setup 
Installation
  • Windows administrator
Configuration
  • BizTalk Server administrator
  • Windows administrator
  • System administrator (sa) on SQL Servers
  • Enterprise Single Sign-On (SSO) administrator
Join a BizTalk Server group
  • Windows administrator
  • BizTalk Server administrator
BizTalk Explorer 
All tasks
  • BizTalk Server administrator
BizTalk Administration 
Create a MessageBox database
  • BizTalk Server administrator
  • SQL Server administrator on the computer where you will create the database
Create or delete a BizTalk host
  • BizTalk Server administrator
  • On the MessageBox databases, you must be a member of the db_ddladmin SQL Server database role
Change the Host Tracking property for a host
  • BizTalk Server administrator
  • On the BAM Primary Import database, MessageBox databases, and the Tracking database, you must be a member of db_securityadmin SQL Server database role
Create (install), delete, or change the credentials for a host instance
  • BizTalk Server administrator
  • Windows administrator
  • On the, MessageBox databases, Configuration database, Rule Engine database, Tracking database, and the BAM Primary Import database, you must be a member of:
    • securityadmin SQL Server fixed role on the server(s) where these databases are
    • db_securityadmin SQL Server database role on these databases
Start or stop a host instance
  • BizTalk Server administrator
Add or remove Server
  • BizTalk Server administrator
  • Windows administrator on the computer you are adding or removing.
Add or remove a receive handler
  • BizTalk Server administrator
  • SSO Affiliate administrator
Add an adapter
  • BizTalk Server administrator
  • SSO affiliate administrator
All other tasks (including WMI)
  • BizTalk Server administrator
Health and Activity Monitor 
Instance Activity view
  • BizTalk Server administrator
Results view
  • BizTalk Server administrator
Tracking Options view
  • BizTalk Server administrator
Browse Health Monitoring cube
  • BizTalk Server administrator
Suspend/terminate instances
  • BizTalk Server administrator
Save message bodies
  • BizTalk Server administrator
Archiving/purging messages from the MessageBox database
  • Member of the db_owner role in the MessageBox database
Archiving/purging messages from the Tracking database
  • Member of the db_owner role in the Tracking database
All other tasks
  • BizTalk Server administrator
Tracking Profile Editor 
Read or write to the Configuration database
  • BizTalk Server administrator
Event Bus Monitoring MMC 
All tasks
  • BizTalk Server administrator
BizTalk Assembly Deployment tool 
Installing assemblies to the Global Assembly Cache (GAC)
  • Windows administrator
All other tasks
  • BizTalk Server administrator
Web Services Wizard 
All tasksWindows administrator
Human Workflow Services 
Start/stop Web service using the Human Workflow Services (HWS) Administration console
  • Windows administrator
Activity Model Designer API
  • Member of the HWS_AM_DESIGNER role in the Configuration and Human Workflow services databases
All other tasks
  • BizTalk Server administrator
Business Activity Monitoring 
Run BM.exe
  • Member of the db_owner SQL Server role in the BAM Primary Import, BAM Star Schema, and BAM Archive databases
Run BM.exe, if there is an Analysis Services database
  • Member of the db_owner SQL Server role in the BAM Primary Import, BAM Star Schema, and BAM Archive databases
  • OLAP administrator in the BAM Analysis Services database
Create account for BAM View
  • Member of the db_owner SQL Server role in the BAM Primary Import database
  • OLAP administrator in the BAM Analysis Services database
Business Activity Services 
Manage Windows SharePoint® Services Web site
  • Windows SharePoint Services administrator
Rule Engine (publishing rules) 
Deploy/undeploy policies, manipulate security-related artifacts
  • Member of the RE_ADMIN_USERS SQL role in the Rule engine database

User rights for performing administrative tasks

In order to perform administrative tasks, using either the BizTalk Administration console or Windows Management Instrumentation (WMI), the account performing the administrative tasks requires different levels of user rights depending on the task to perform.

The following table describes the user rights the account needs to perform the tasks, from least user rights (level 1), to most user rights (level 4).

Level of user rightsUser rights granted Tasks
1
  • BizTalk administrator
  • All administrative tasks, expect the ones that require level 2-4 user rights
2
  • User rights granted to level 1
  • Member of Securityadmin SQL Server role on all SQL Servers
  • Member of the db_securityadmin and db_accessadmin SQL Server database roles in the Tracking, Rule Engine, Configuration, BAM Primary Import and MessageBox databases
  • Member of the db_ddladmin SQL Server database role on all MessageBox databases
  • SSO Affiliate administrator
  • Create and delete BizTalk hosts
  • Change host tracking property
  • Add and delete servers
  • Add and delete receive handlers
  • Add adapters
3
  • User rights granted to level 2
  • Windows administrator on all BizTalk Server runtime computers
  • Create and delete host instances
4
  • User rights granted to level 3
  • Member of the sysadmin SQL Server role on all SQL Servers that have a MessageBox database
  • Create a MessageBox database

See Also

Business Activity Services Security Considerations

HWS User Roles

Access Control and Data Security

Planning a Secure Deployment

To download updated BizTalk Server 2004 Help from www.microsoft.com, go to http://go.microsoft.com/fwlink/?linkid=20616.

Copyright © 2004 Microsoft Corporation.
All rights reserved.
Show:
© 2014 Microsoft