One of my younger colleagues was to using a custom pipeline to resolve a party and found that it gave the following permissions error;
A message received by adapter “FILE” on receive location “RetailDailyUpload_FILE” with URI “D:\Pickup\RetailOrders\*.dat” is suspended.
Error details: There was a failure executing the receive pipeline: “BT.RetailDailyUpload.Pipelines.Rcv_RetailDailyUpload, BT.RetailDailyUpload.Pipelines, Version=18.104.22.168, Culture=neutral, PublicKeyToken=893df15911a06f7d” Source: “Pipeline ” Receive Port: “RetailDailyUpload” URI: “D:\Pickup\RetailOrders\*.dat” Reason: Syntax error or access violation
The host user for the host instance for the receive location was only a member of the BizTalk Host Application Users group. This is the recommended way to configure a BizTalk receive location. They discovered that if they added the user to the BizTalk Administrators group then the error disappeared and then asked me whether I could find out what permission had to be granted to the BizTalk Host Application Users group to fix the error. We did not want add the host user to the BizTalk Administrators group.
The pipeline was based on the Custom Party Resolution(BizTalk Server Sample). Debugging showed the pipeline was throwing the exception from the following code fragment;
ManagementObjectSearcher searcher =
new ManagementObjectSearcher(@”root\MicrosoftBizTalkServer”, “SELECT * FROM MSBTS_GroupSetting”);
This WMI query is present in the PartyLookup class library in the BizTalk Server Sample. If the host user was only a member of the BizTalk Host Application Users group then the following did not mitigate the permissions issue;
- Adding the user to the local administrators group
- Granting access from root and below to the host user with the WMI Control.
- Granting access to the registry to the host user
Finally the permission error disappeared if we granted BTS_ADMIN_USERS to the host user on the BizTalkMgmtDb. This is the only extra permission required.
I am still not very satisfied with this because I would like get closer to the database object that requires the enhanced permission but this is the best I could work out. If anyone else has a better way of getting around this problem please let me know.