Solved

Grant read only access to a user based on a role

  • 11 January 2024
  • 1 reply
  • 6 views

Badge +1

I have a Flow/Server running, where users access it via SAML authentication. Each user is then assigned to a role with appropriate permissions for a team user belongs to.

While users have fmeauthor permissions on Test environment, we have a requirement that users can get read only access on Prod env. With this jobs are run by a system account on the Prod. The challenge here is to find a way to let users be able to view "their" job logs, review configuration or perhaps validate generated data in FME_SHARED_RESOURCE_DIR .

 

Is there a way to configure role in a way so a user can view all jobs, job logs, automations, resources, etc.? For example: speaking about jobs - from what I can see I can either grant Jobs/Access permission (so user can see jobs ran by the user only) or Jobs/Manage (which grants too wide permissions for read only access).

 

Version: FME Server 2022.2.4, Build 22792 - linux-x64

icon

Best answer by kate-safe 15 January 2024, 16:45

View original

1 reply

Badge +4

Hi @krlem​ !

Thank you for your post!

Unfortunately, the standard security roles built into FME Flow do not allow this access. For some features, you can adjust the summary access to a view-only (e.g. Resources, Repositories, etc.) which will reduce the access and allow users to access, but not make any critical changes. This ability though is not available for all things, such as jobs. I would recommend creating an Idea in our community so that other users can vote on this and our team can look at implementing this in the future!

Reply