FME Server 2019 tokens

Question

I'm puzzled how to set up tokens for external applications in server 2019.

We submit workspaces in server from an external application. (Internal WebGIS.) We manage users (who is allowed to do what) in the WebGIS user management. Only backend users connect with server.

Previously we had one authoring account and one api account in server. We maintained workspaces using the authoring account. The api account had submit only rights on specific repositories. When a user started an action, the WebGIS application requested a token using the api account credentials and submitted the workspace.

Now we have server 2019 with AD connected. But I'm not sure how to use it correctly.

- When I create something under my own account, my colleagues can't maintain it. Yes I can give users or roles full access, but I need to do this every time. And I can't transfer ownership?

- When I create an API token it is assigned to my account. This means my name is logged when a job is submitted from WebGIS. My collegues can't manage my API token so they can't give it rights to other repositories.

I think about recreating the authoring account and do token management from the authoring account, but not sure if this is how it is meant to work?

Do I understand correctly that AD in FME Server is meant to let users connect to FME Server directly to submit jobs?

Page 1 / 1

ActiveDirectory shouldn't affect the token service at all, just how accounts are created/maintained on FME Server. Rather than the FME server admin creating accounts for new users, they can import the user/group from AD.

To generate a token for a specific account you need to be logged in to FMEServer as that account, or use the REST API Token Manager.

When you create a repository you need to define the permissions for others. That should be done on a role level. webapi users Run Workspace, Read/Run access to specific repositories, and probably access to specific topics, whereas authors would have download/publish rights on the repository as well. You would use AD to assign specific people/groups to those roles.

Reply

jdh · Answer

ActiveDirectory shouldn't affect the token service at all, just how accounts are created/maintained on FME Server. Rather than the FME server admin creating accounts for new users, they can import the user/group from AD.

To generate a token for a specific account you need to be logged in to FMEServer as that account, or use the REST API Token Manager.

When you create a repository you need to define the permissions for others. That should be done on a role level. webapi users Run Workspace, Read/Run access to specific repositories, and probably access to specific topics, whereas authors would have download/publish rights on the repository as well. You would use AD to assign specific people/groups to those roles.

Reply

Community Stats

Sign up

An FME Account is required to contribute

Login to the community

An FME Account is required to contribute

Scanning file for viruses.

This file cannot be downloaded