BAM deployment permission issue (Network Steve Forum)

BAM deployment permission issue

Hi Guys,

Can anyone help with this BAM permission issue?

We are trying to deployment the BAM definition file using bm.exe tool and it is complaining about the permissions to have sysadmin on SQL server. Currently the account that is executing bm.exe has dbowner on all BAM databases but not sysadmin.

So I wonder why we need to have sysadmin if the artefacts are creating only in BTS databases( all biztalk databases the account is dbo).

Here is the error message while importing BAM definition. It is checking the sysadmin using the below function

Microsoft.BizTalk.Bam.Management.BamManagerException: The BAM deployment failed. ---> Microsoft.BizTalk.Bam.Management.BamManagerException: You must be SysAdmin on database server "BTS01D" to perform updates to SQL Notification Services as part of a deployment using the BAM Management Utility.

at Microsoft.BizTalk.Bam.Management.AlertModule.CheckNSDBSysadmin(BamConfigurationManager bamConfig)

at Microsoft.BizTalk.Bam.Management.BamManager.ManageInfrastructure(OperationType operation)

at Microsoft.BizTalk.Bam.Management.BamManager.Update()

Is there a way to deploy BAM stuff without sysadmin rights?

July 8th, 2015 8:38pm

Hi Janardhan,

Your User Id need to have Sysadmin and Db Owner rights against the BAM databases to deploy your activity .

Thanks

Abhishek

Free Windows Admin Tool Kit Click here and download it now

July 8th, 2015 11:33pm

Refer https://msdn.microsoft.com/en-us/library/aa577661.aspx for Account and Permissions and focus on the last column where specific permissions on DB (Roles) are required for operations. That having said, have you also ascertained that if you run the bm.exe through a command prompt (run as administrator) you get the same error?

Regards.

July 9th, 2015 1:10am

Hi,

I am running the bm.exe as administrator and in fact the account itself is administrator on the machine and also dbo in all BAM databases.

There is no clear information about the permissions re bam deployment in the link that you mentioned and it talks about standard BizTalk group permissions which we followed exactly same in our BizTalk environment.

The below links talks about the BAM management utility.

https://msdn.microsoft.com/en-us/library/aa547898.aspx

It says To run the BAM management utility, you must be member of the db_owner SQL Server Database role in the BAM Primary Import, BAM Star Schema, and BAM Archive databases. You must also have sysadmin permissions on the BAM Alerts databases if making any updates related to BAM Alerts.

What I wonder is if the account is sysadmin, then they dont need mention to have db_owner rights explicitly in the MSDN article.

I am keen to know if anyone has done the BAM deployment without sysadmin rights and if sysadmin is mandatory we might need to look for alternative for deployment process as the deployment account cannot be granted sysadmin forever.

Free Windows Admin Tool Kit Click here and download it now

July 9th, 2015 2:37am

Hmm.... with a document from the product (BAM/BizTalk) vendor (Microsoft) with explicit instructions - the note you refer on the link... why would someone not follow ?

In case your account security or DB team is gripping about it then use the same KB to file for a dispensation.

Regards.

July 9th, 2015 2:43am

If we log a call with Microsoft, Will they clarify these kind of technical questions?

Free Windows Admin Tool Kit Click here and download it now

July 9th, 2015 4:40pm

If you log a call with MS then they can surely help you out with your request Microsoft Support for BizTalk .

But as per my understanding you need to have Sysadmin and DB creator rights on SQL Box ,as one you deploy your activity it will create your BAM activity tables .So these rights are necessary to work with BAM .

Thanks
Abhishek

Edited by Abhishek0127[Abhishek kumar]MVP 51 minutes ago

July 10th, 2015 12:09am

No. They might not. They would instead ask you what issues you'd have with granting the specified set of users "sysadmin" permissions? because of having specified the need for the same very clearly in the documentation.

Regards.

Free Windows Admin Tool Kit Click here and download it now

July 10th, 2015 12:51am

If you log a call with MS then they can surely help you out with your request Microsoft Support for BizTalk .

But as per my understanding you need to have Sysadmin and DB creator rights on SQL Box ,as one you deploy your activity it will create your BAM activity tables .So these rights are necessary to work with BAM .

Thanks
Abhishek

Edited by Abhishek0127[Abhishek kumar]MVP Friday, July 10, 2015 6:12 AM

July 10th, 2015 4:07am

If you log a call with MS then they can surely help you out with your request Microsoft Support for BizTalk .

But as per my understanding you need to have Sysadmin and DB creator rights on SQL Box ,as one you deploy your activity it will create your BAM activity tables .So these rights are necessary to work with BAM .

Thanks
Abhishek

Edited by Abhishek0127[Abhishek kumar]MVP Friday, July 10, 2015 6:12 AM

Free Windows Admin Tool Kit Click here and download it now

July 10th, 2015 4:07am

If you log a call with MS then they can surely help you out with your request Microsoft Support for BizTalk .

But as per my understanding you need to have Sysadmin and DB creator rights on SQL Box ,as one you deploy your activity it will create your BAM activity tables .So these rights are necessary to work with BAM .

Thanks
Abhishek

Edited by Abhishek0127[Abhishek kumar]MVP Friday, July 10, 2015 6:12 AM

Proposed as answer by Angie xuMicrosoft contingent staff, Moderator 5 hours 23 minutes ago

July 10th, 2015 4:07am

If you log a call with MS then they can surely help you out with your request Microsoft Support for BizTalk .

But as per my understanding you need to have Sysadmin and DB creator rights on SQL Box ,as one you deploy your activity it will create your BAM activity tables .So these rights are necessary to work with BAM .

Thanks
Abhishek

Edited by Abhishek0127[Abhishek kumar]MVP Friday, July 10, 2015 6:12 AM

Proposed as answer by Angie xuMicrosoft contingent staff, Moderator Thursday, July 16, 2015 1:42 AM

Marked as answer by Angie xuMicrosoft contingent staff, Moderator 4 hours 12 minutes ago

Free Windows Admin Tool Kit Click here and download it now

July 10th, 2015 4:07am

If you log a call with MS then they can surely help you out with your request Microsoft Support for BizTalk .

But as per my understanding you need to have Sysadmin and DB creator rights on SQL Box ,as one you deploy your activity it will create your BAM activity tables .So these rights are necessary to work with BAM .

Thanks
Abhishek

Edited by Abhishek0127[Abhishek kumar]MVP Friday, July 10, 2015 6:12 AM

Proposed as answer by Angie xuMicrosoft contingent staff, Moderator Thursday, July 16, 2015 1:42 AM

Marked as answer by Angie xuMicrosoft contingent staff, Moderator Friday, July 17, 2015 2:54 AM

July 10th, 2015 4:07am

If you log a call with MS then they can surely help you out with your request Microsoft Support for BizTalk .

But as per my understanding you need to have Sysadmin and DB creator rights on SQL Box ,as one you deploy your activity it will create your BAM activity tables .So these rights are necessary to work with BAM .

Thanks
Abhishek

Edited by Abhishek0127[Abhishek kumar]MVP Friday, July 10, 2015 6:12 AM

Proposed as answer by Angie xuMicrosoft contingent staff, Moderator Thursday, July 16, 2015 1:42 AM

Marked as answer by Angie xuMicrosoft contingent staff, Moderator Friday, July 17, 2015 2:54 AM

Free Windows Admin Tool Kit Click here and download it now

July 10th, 2015 4:07am

This topic is archived. No further replies will be accepted.
Other recent topics