Skip to main content
  • Home
  • Ideas
  • FME Server User Role Security Enhancements
Open

FME Server User Role Security Enhancements

Related products:FME Flow
J
R
siennaatsafe
david_r
danilo_fme
+29
  • J
    jlutherthomas
  • R
    reine
  • siennaatsafe
    siennaatsafe
  • david_r
    david_r
  • danilo_fme
    danilo_fme
  • warrendev
    warrendev
  • tcrossman
    tcrossman
  • runneals
    runneals
  • fgiron
    fgiron
  • nic_ran
    nic_ran
  • jelle
    jelle
  • kennyo
    kennyo
  • helmoet
    helmoet
  • smol
    smol
  • revesz
    revesz
  • jasperwis
    jasperwis
  • J
    jnfung
  • J
    josephcannonecc
  • D
    danielbarber
  • mattias
    mattias
  • mholemans
    mholemans
  • davisblack
    davisblack
  • d_l
    d_l
  • candacelow
    candacelow
  • gemini
    gemini
  • francis
    francis
  • marnickcle
    marnickcle
  • kmulhall
    kmulhall
  • J
    jeff_konnen
  • C
    clarkhannon
  • S
    sborens520
  • L
    lenk
  • laurawatsafe
    laurawatsafe
  • fbruimte
    fbruimte
davisblack
Contributor

The following improvements to Role Based Security would be useful:

1.Increased Granularity for Job Viewing and Job Management Permissions

I need the ability to allow users to see specific other user’s jobs and logs rather than all jobs and logs. We use different service accounts for different enterprise projects and currently I am having to share all jobs/logs with users so they can monitor their processes. Since not all groups need to see each other’s jobs this is not the best solution. (Thank you Safe for new search options in 2019 as they slightly help with this issue.)

Likewise, in the current Role system being able to view all jobs requires job management permissions which let users cancel jobs in the queue or terminate running jobs. This puts me in a difficult position regarding how we implement SOX compliance. It is preferred users be locked out from managing running production processes. If the ability to view all logs but not manage jobs was made available that would be a move in a positive direction. If the option to say kill queued jobs but not running jobs was an option that may also be useful.


2. Additional Options on Database Connections

Having a Read option alongside the Full Control option for database connections would be excellent. I am seeing issues when I grant users access to connections without giving them full control over a connection. Since we have many processes using the same named database connection it is not ideal to grant users management access since one incorrect change by any user with access could disrupt jobs for all users using the connection. Something similar to how the Notification items are broken out would be amazing.


3. Automatic Content Sharing with Administrator Accounts

It would be helpful if FME Server automatically shared user created content with members of the Super User role. If this could be an option for the FME Admin role that would also be appreciated. I have a plethora of users creating content and when they ask for help it is cumbersome to have to share their content with myself and my fellow Admins before I can help troubleshoot.


5 replies

davisblack
Contributor
Forum|alt.badge.img
  • davisblackContributor
  • Author
  • Contributor
  • November 14, 2019

Thank you Safe! I noticed in Server 2019.2 that user created items are automatically viewable by the superuser accounts so that addresses item 3 on my list. I appreciate it!

helmoet
Forum|alt.badge.img+8
  • helmoet
  • February 4, 2020

Especially on list item #2 Additional Options on Database Connections. See also my question.

revesz
Contributor
Forum|alt.badge.img+14
  • reveszContributor
  • Contributor
  • February 4, 2020

There are other ideas requesting more granular/flexible privileges.

Eg: admins to have more fine tuned access to items: https://knowledge.safe.com/idea/99535/fme-server-security-full-permissions-for-individua.html

or mine begging for different level of connections and schedules: https://knowledge.safe.com/content/idea/80291/read-only-permission-for-schedules-and-connections.html

As the number of users increase it is a more and more a missing feature.

There are items with more granular options like notification stuff, repositories, resources, etc.

I also would like more granular access levels on connections eg: something like "read only" and "can use".

It would be nice to have "read only" access level on schedules and job logs.

I guess others have further business cases with other item types. a none / read only / use / modify / full access or something similar for every type of items would providea nice granularity and flexibility.

 

david_r
Evangelist
  • david_rEvangelist
  • January 19, 2021

No 1 is definitely needed, the all-or-nothing approach to job management isn't a good fit for enterprise users.

fbruimte
Contributor
Forum|alt.badge.img+1
  • fbruimteContributor
  • Contributor
  • April 1, 2025

Yes No 1 would be very helpfull here, at least for shared schedules/automations.

Users can share schedules/automations with ‘their’ usergroup (role), so their colleagues are able to view and change the schedules/automations, but are unable to view the logs of the jobs ran by those schedules/automations.

Reply


Helpful Members This Week

Community Stats

30,958
Posts
117,331
Replies
38,746
Members

Latest FME

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.