When using FME Server the standard approach is to provide the service account access to the relevant files and folders used by the workspaces. This would technically allow other authors to publish and run workspaces on files they shouldn’t be able to access if they know where the service account has access. This idea is to propose that for any reader/writer that accesses files that set of credentials can be supplied to be used for that read or write operation similar to the way web connections are handled.
Open
Allow setting of credentials for file-based readers/writers
+5- Participant
I would also add: introduce the ability to specify user credentials at the time of defining a network connection - similar to how Web Connections are handled.
This would allow authors to access network files using their own credentials or designated credentials, rather than relying solely on the service account. This limitation where only the service account has access to files, is a common constraint encountered with clients. It raises security and governance concerns, as it may unintentionally allow workspace authors to read or write data they shouldn't have access to, simply because the service account does. Even if connections can be shared manually to certain users/groups, enabling per-connection credentials would align with best practices in access control and improve overall security and flexibility.
Reply
Rich Text Editor, editor1
Editor toolbars
Press ALT 0 for help
Helpful Members This Week
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.