To make sure that the account that is used for the identity of the BizTalk Server Interchange Application has the correct rights to invoke the
Submit and the
SubmitSync methods, follow these steps:
- Modify the BizTalk Server Interchange Application COM+ Component to control who submits work items.
- Add a new role to the BizTalk Server Interchange Application.
- Associate the Submit and the SubmitSync methods with the new role.
- Configure the BizTalk Server Interchange Application to run under the context of a particular user account.
Step 1: Modify the BizTalk Server Interchange Application COM+ Component to Control Who Submits Work Items
When you modify the BizTalk Server Interchange Application COM+ component, you can control which users are permitted to submit work items to BizTalk Server 2000. Because the BizTalk Server Interchange Application is a COM+ application, it uses several security configuration properties. For example:
- Authentication level
- Impersonation level
- Access permissions
- Launch permissions
- Configuration permissions
To control which users are permitted to submit work items, you must add a new role to the BizTalk Server Interchange Application and then associate that role with the
Submit and the
SubmitSync methods.
Step 2: Add a New Role to the BizTalk Server Interchange Application
- Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
- Expand the following nodes:
- Component Services
- My Computer
- COM+ Applications
- Right-click BizTalk Server Interchange Application, and then click Properties.
- On the Advanced tab, under Permissions, click to clear the Disable changes check box, and then click OK.
- Right-click BizTalk Server Interchange Application, and then click Properties again.
- On the Security tab, under Authorization, click to select the Enforce access checks for this application check box.
- Under Security level, click Perform access checks at the process and component level. Security property will be included on the object context. The COM+ security call context is available, and then click OK.
- In the resultant dialog box, click Yes.
- Under BizTalk Server Interchange Application, right-click Roles, point to New, and then click Role.
- In the Roles dialog box, type Submit to name the role, and then click OK.
- In the resultant dialog box, click Yes.
- Expand the role that you created in step 10. Right-click Users, point to New, and then click User.
- In the Select Users or Groups dialog box, type the name of the user, users, or groups that you want to add to this role, and then click OK.
NOTE: An icon appears in the Users folder for each user account or group that you assign to the role. The new role membership takes effect the next time that the application is started.
Step 3: Associate the Submit and SubmitSync Methods with the New Role
NOTE: You must create a new role for the BizTalk Server Interchange Application before you can associate the
Submit and the
SubmitSync methods with the role.
- Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
- Expand the following nodes:
- Component Services
- My Computer
- COM+ Applications
- BizTalk Server Interchange Application
- Components
- BizTalk.Interchange.1
- Interfaces
- IInterchange
- Methods
- Right-click Submit, and then click Properties.
- On Security tab, under Roles explicitly set for selected item(s), click to select the check box for the new role that you created in the previous steps.
- Right-click SubmitSync, and then click Properties.
- On the Security tab, under Roles explicitly set for selected item(s), click to select the check box for the new role that you created in the previous steps.
Step 4: Configure the BizTalk Server Interchange Application to Run Under the Context of a Particular User Account
- Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
- Expand the following nodes:
- Component Services
- My Computer
- COM+ Applications
- BizTalk Server Interchange Application
- Right-click BizTalk Server Interchange Application, and then click Properties.
- On the Identity tab, click This user, and then type the user name and the password of an account that you have added to the Submit role that you created previously.