How to setup Service Bus permission ?

Damir Dobric Posts

Next talks:

 

    

Follow me on Twitter: #ddobric



 

 

Archives

When working with ServiceBus for Server, the setup is responsible to define default user’s permissions. During setup procedure you will have to provide the credentials of the user who will be admitted to host and to manage Service Bus.
However permissions for Workflow Manager are managed a different way. During installation of the Workflow Manager you will have to provide the name of the group of users (by default BUILIN\Administrators) who can manage the Workflow Host.
This will setup the permissions for user who can manage Workflow Host. But note this will not setup permissions for Service Bus namespace. This is so far not a limitation, because in a case of Workflow Host you will usually not deal with Service Bus Namespace directly. Even more the namespace behind Workflow Host is more or less a hidden artifact.
But sometimes there are scenarios especially with ServiceBus in play, which enable you to do powerful things by dealing directly with Service Bus. You can this way extend the functionality of the Workflow Host. This might be in the future a valid and possibly lovely scenario for SharePoint developers.

If so, you will have to change permissions of the namespace of the Workflow Host in the Service Bus itself.Before you start type Get-SBNamespace WorkflowDefaultNamspace. This Power shell command shows the current state of the default namespace assuming this is the namespace which you want to manipulate).

Name                  : WorkflowDefaultNamespace
AddressingScheme      : Path
CreatedTime          : 11/28/2011 1:56:25 PM
IssuerName            : WorkflowDefaultNamespace
IssuerUri                : WorkflowDefaultNamespace
ManageUsers           :
{appfabriuser@daenetlab.lan, bahro@daenetlab.lan}
DnsEntry              :
PrimarySymmetricKey   : ABC…DEF..OBFUSCATED=
SecondarySymmetricKey :


As you see there are two users permitted to manage the namespace. appfabricuser and bahro. Both are from the same domain daenetlab.lan.
If you want to extend permission to additional user (i.e. damir) do following:

PS C:\Program Files\Workflow Manager\1.0> set-sbnamespace -ManageUsers  appfabr
csuser@daenetlab.lan, bahro@daenetlab.lan, damir@daenetlab.lan

Execute Get-Namespace again and here we are:
 

Name                  : WorkflowDefaultNamespace
AddressingScheme      : Path
CreatedTime          : 11/28/2011 1:56:25 PM
IssuerName            : WorkflowDefaultNamespace
IssuerUri                : WorkflowDefaultNamespace
ManageUsers           :
{appfabriuser@daenetlab.lan, bahro@daenetlab.lan, damir@daenetlab.lan}
DnsEntry              :
PrimarySymmetricKey   : ABC…DEF..OBFUSCATED=
SecondarySymmetricKey :


New user has been added and this namespace can be used now for custom extended scenarios on top of your already used namespace.


Posted Dec 04 2012, 04:21 PM by Damir Dobric
developers.de is a .Net Community Blog powered by daenet GmbH.