Associating Users with BAM Views

You associate users with BAM views to protect BAM Excel Spreadsheet views from unauthorized access. When users save BAM views, the views reference a SQL connection string that is hidden within the workbook. The workbook is protected, but you must ensure that the document is protected.

When you associate users with BAM views, you restrict access to the views to only the users or groups to whom you grant access.

You use the add BAM Management Utility command to add the specified account to the role associated with the specified view, so that the user can access the BAM view. Add the account that the user uses to log on to the BizTalk Server 2004 computer (to access the BAS site).

Note  The default Web site for Business Activity Services is accessed by using integrated authentication in IIS. Therefore, the BAS site authenticates the user by the account with which the user logs on to the BizTalk Server 2004 computer. Although the user's logon account has permission to the BAS site (that is, it is part of the BAS users group), to see the BAM view, the user must be added to the role associated with the view.

Important  If you are using Real Time Aggregations (RTAs), users added with BM add are not automatically granted login rights to SQL Server. If you are using RTAs, consider establishing a Windows user group that contains all of the users that need to see views of the RTAs. Grant that group explicit SQL Server login rights on the SQL Server hosting the Primary Import Tables.

You use the remove BAM Management Utility command to remove the specified account from the role associated with the specified view.

For information about listing BAM views, see Listing Deployment Information.

For information about using the BAM Management Utility, see Using the Business Activity Monitoring Management Utility.

Note  In the following procedure, the angled brackets (<>) indicate a required parameter. The square brackets ([]) indicate that designating the BAM configuration file is optional. If the BAM configuration file is not supplied, the file BamConfiguration.xml in the current folder will be used by default.

To add an account to a role

  1. From a command prompt, move to the directory <installation path>\Program Files\Microsoft BizTalk Server 2004\Tracking\.
  2. Type bm add <BAM View> <domain\account> [BAM configuration file].

    Important  The domain and account names are case sensitive. You must type the domain and account using the same capitalization as they use in Windows Management. You can view the names of Windows groups and user accounts in Windows Computer Management. On the Start menu, right-click My Computer, and select Manage. In Computer Management, expand System Tools, expand Local Users and Groups, and then click Users to see the list of user accounts. Click Groups to see the list of group accounts.

  3. Press ENTER.

To remove an account from a role

  1. From a command prompt, move to the directory <installation path>\Program Files\Microsoft BizTalk Server 2004\Tracking\.
  2. Type bm remove <BAM View> <domain\account> [BAM configuration file].
  3. Press ENTER.

See Also

Managing the BAM Dynamic Infrastructure

Using the Business Activity Monitoring Management Utility

Business Activity Monitoring Security Recommendations

Troubleshooting Business Activity Monitoring

Business Activity Monitoring (BAM)

To download updated BizTalk Server 2004 Help from www.microsoft.com, go to http://go.microsoft.com/fwlink/?linkid=20616.

Copyright © 2004 Microsoft Corporation.
All rights reserved.
Show: