Skip to main content
Open

FME Flow User Role Security Enhancements

Related products:FME Flow
  • June 6, 2019
  • 6 replies
  • 103 views
davisblack
Contributor
Forum|alt.badge.img

The following improvements to Role Based Security would be useful:

1.Increased Granularity for Job Viewing and Job Management Permissions

I need the ability to allow users to see specific other user’s jobs and logs rather than all jobs and logs. We use different service accounts for different enterprise projects and currently I am having to share all jobs/logs with users so they can monitor their processes. Since not all groups need to see each other’s jobs this is not the best solution. (Thank you Safe for new search options in 2019 as they slightly help with this issue.)

Likewise, in the current Role system being able to view all jobs requires job management permissions which let users cancel jobs in the queue or terminate running jobs. This puts me in a difficult position regarding how we implement SOX compliance. It is preferred users be locked out from managing running production processes. If the ability to view all logs but not manage jobs was made available that would be a move in a positive direction. If the option to say kill queued jobs but not running jobs was an option that may also be useful.


2. Additional Options on Database Connections

Having a Read option alongside the Full Control option for database connections would be excellent. I am seeing issues when I grant users access to connections without giving them full control over a connection. Since we have many processes using the same named database connection it is not ideal to grant users management access since one incorrect change by any user with access could disrupt jobs for all users using the connection. Something similar to how the Notification items are broken out would be amazing.


3. Automatic Content Sharing with Administrator Accounts

It would be helpful if FME Server automatically shared user created content with members of the Super User role. If this could be an option for the FME Admin role that would also be appreciated. I have a plethora of users creating content and when they ask for help it is cumbersome to have to share their content with myself and my fellow Admins before I can help troubleshoot.


6 replies

davisblack
Contributor
Forum|alt.badge.img
  • davisblackContributor
  • Author
  • Contributor
  • November 14, 2019

Thank you Safe! I noticed in Server 2019.2 that user created items are automatically viewable by the superuser accounts so that addresses item 3 on my list. I appreciate it!

helmoet
Forum|alt.badge.img+8
  • helmoet
  • February 4, 2020

Especially on list item #2 Additional Options on Database Connections. See also my question.

revesz
Contributor
Forum|alt.badge.img+21
  • reveszContributor
  • Contributor
  • February 4, 2020

There are other ideas requesting more granular/flexible privileges.

Eg: admins to have more fine tuned access to items: https://knowledge.safe.com/idea/99535/fme-server-security-full-permissions-for-individua.html

or mine begging for different level of connections and schedules: https://knowledge.safe.com/content/idea/80291/read-only-permission-for-schedules-and-connections.html

As the number of users increase it is a more and more a missing feature.

There are items with more granular options like notification stuff, repositories, resources, etc.

I also would like more granular access levels on connections eg: something like "read only" and "can use".

It would be nice to have "read only" access level on schedules and job logs.

I guess others have further business cases with other item types. a none / read only / use / modify / full access or something similar for every type of items would providea nice granularity and flexibility.

 

david_r
Celebrity
  • david_rCelebrity
  • January 19, 2021

No 1 is definitely needed, the all-or-nothing approach to job management isn't a good fit for enterprise users.

fbruimte
Contributor
Forum|alt.badge.img+2
  • fbruimteContributor
  • Contributor
  • April 1, 2025

Yes No 1 would be very helpfull here, at least for shared schedules/automations.

Users can share schedules/automations with ‘their’ usergroup (role), so their colleagues are able to view and change the schedules/automations, but are unable to view the logs of the jobs ran by those schedules/automations.

martinkoch
Supporter
Forum|alt.badge.img+22
  • martinkochSupporter
  • Supporter
  • December 9, 2025

Could it be helpful if members of a role, can ‘act as that role', so items are automagically shared with other members, and, as such, processes running or log-files produced by an account part of a role, can be interacted with by all members of that role.

Above sketched challenges grow as FME Flow finds use in more and different parts of organisations.

Community Stats

32,207
Posts
122,305
Replies
39,891
Members

Latest FME

Terms & ConditionsCookie settingsAccessibility statement
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.