Skip to main content
  • EN

Hi,

we are trying to setup a readonly user in FME Server, which can see all repositories, resources and job status and corresponding job log information. But without any abilities to execute, delete or change something.

I know FME has Guest user, but guest user can not see all jobs statuses and job log information.

Are there any instructions that can help to setup such user?

Thanks in Advance

Alexander

The standard security roles that come with FME Server don't offer this kind of acces. You could take the fmeuser one as a starting point though and then go through the security settings to grant access to all the items you want.

  • Don't allow to run workspaces
  • Allow to manage jobs (this shows all jobs, rather than only the ones of the user itself)
  • Read access on specific repositories and resources. Note that if you want the user to be able to view repositories but not run workspaces in there you'll need to specifically disable run access.

And that's about it I think.

The standard security roles that come with FME Server don't offer this kind of acces. You could take the fmeuser one as a starting point though and then go through the security settings to grant access to all the items you want.

  • Don't allow to run workspaces
  • Allow to manage jobs (this shows all jobs, rather than only the ones of the user itself)
  • Read access on specific repositories and resources. Note that if you want the user to be able to view repositories but not run workspaces in there you'll need to specifically disable run access.

And that's about it I think.

Thanks a lot for you answer!

 

I did exactly as you have described

 

But the problem is that I can cancel the jobs that are still running or have been queued.

 

Is there any way to make it secure? Non-canceleable/Readonly?

 

 

also I was able by readonly Can View delete files from Resources.

It is not GOOD!

Thanks a lot for you answer!

 

I did exactly as you have described

 

But the problem is that I can cancel the jobs that are still running or have been queued.

 

Is there any way to make it secure? Non-canceleable/Readonly?

 

 

No, it's either manage only the jobs of that particular user or manage them all but that comes with the option to cancel them as well if they're running and queued.

 

 

also I was able by readonly Can View delete files from Resources.

It is not GOOD!

I just tried that out on my FME Server and it didn't actually delete the file. It didn't give an error message either that deleting was not allowed for that user (that probably something @stewartharper or @GerhardAtSafe should take a look at).

 

 

Can you actually delete that file?

also I was able by readonly Can View delete files from Resources.

It is not GOOD!

@redgeographics & @alexanderyanush,

 

I tested this in build 17725, 18305 & 18310 and can not reproduce the reported behavior. A user with only Access permission to Resources and only Access & List to an actual resource cannot delete files.

 

In the screenshot (grants.png) you can see that the user created, actually inherits permissions from a role that is assigned to that user the allows Write, Upload & Remove. This is visually indicated by the colored checkmarks right beside the checkboxes.

 

If you remove the assinged role from the user, this user won't be able to delete files from the resources.

 

 

Reply


Community Stats

30,102
Posts
114,259
Replies
37,732
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.