Skip to main content

I adapted code of Upload File In Session example to call my workspace in cloud. I get error message: "Authentication failed: Account is disabled"

What am I missing?

You should check the account you are using the run the workspace. If you haven't defined an account it could be that you are trying to run it as the 'guest' account? By Default for security reasons the Guest account is disabled

 

If so you can check the Users and Security in the FME Server UI to see if the guest account is active.

 

If you are using an account check that you have correctly set up the API token with the correct permissions.

https://community.safe.com/s/article/token-management-in-fme-server-2019


Dear @virtualcitymatt​ , thanks very much!

I'm newbie...

As I wrote, I took the code of that example (which woks fine), copied the workspace to my cloud, and in the html, replaced the names of the repository and the workspace, and in the javascript code, set the server and token.

I just know nothing - which account is my code addressing?

 

  1. How do I know on which account does my web app run?
  2. How do I instruct my web app javascript code to access a specific account?
  3. Should each workspace be connected to a specific account? If yes, How do I define it?
  4. my app should be run by person from another company. Should I open geust account or some new specific account for that user who runs my web app? Should I expose the token in the url (as is in the example)?
  5. What permissions do I need for the user running the web app of that example?
  6. I see there are predefined "roles". Do I have to grant "fmeuser" role to the "guest" user? or should I define specific user?

I'll start to read your link, but maybe I'm missing more knowledge?

Michael

 


Dear @virtualcitymatt​ , thanks very much!

I'm newbie...

As I wrote, I took the code of that example (which woks fine), copied the workspace to my cloud, and in the html, replaced the names of the repository and the workspace, and in the javascript code, set the server and token.

I just know nothing - which account is my code addressing?

 

  1. How do I know on which account does my web app run?
  2. How do I instruct my web app javascript code to access a specific account?
  3. Should each workspace be connected to a specific account? If yes, How do I define it?
  4. my app should be run by person from another company. Should I open geust account or some new specific account for that user who runs my web app? Should I expose the token in the url (as is in the example)?
  5. What permissions do I need for the user running the web app of that example?
  6. I see there are predefined "roles". Do I have to grant "fmeuser" role to the "guest" user? or should I define specific user?

I'll start to read your link, but maybe I'm missing more knowledge?

Michael

 

Hmm, if you set the token then it should be fine. As far as I know if you've created the token then the user is based off of the user creating the token (I think).

 

When crating the token you will need to give the token permission to access the repository where the workspace is and that should be enough I think.

 

How did you create the API token?


I entered the cloud and created the token. I don't understand - should the web app use a special "APi token"?


problem solved. Case closed.


problem solved. Case closed.

Ah, great news! what did you do in the end?


I saw that if I give the token all permissions it works ok, So I checked adn found the token was not given all permissions it needed. I finally and gave the token the proper permissions. I'll check and let you know soon.


I saw that if I give the token all permissions it works ok, So I checked adn found the token was not given all permissions it needed. I finally and gave the token the proper permissions. I'll check and let you know soon.

Ahh great stuff. Yeah - permissions are a pain for sure!


I managed for my web app to do run,upload (download I haven't tested yet) with these minimal permissions set (I attach screenshot)permissions_for_webapp_run_upload_download


I saw that if I give the token all permissions it works ok, So I checked adn found the token was not given all permissions it needed. I finally and gave the token the proper permissions. I'll check and let you know soon.

In case anyone comes across this in the future, make sure the token has permission to access the FME Server Service that you're submitting the job to (Manage Tokens > token > Services).


Reply