You can set security on database/web connections but the admin user has the permission to view, use and execute by default.
Assume that a user knows the name of a secure database connection on the server and use that same name in his workbench as a private parameter with different parameters but with the same as the secure connection on the server. When the user upload his workbench to the server, he will not be able to execute the workbench on the server because he doesn't have the permission to use the database connection on the server.
But he asks to schedule his workbench and the admin user configures the schedule for this workbench. From that moment the workbench is able to use the database connection on the server because the admin user has the permission to use the secure database connection.
A solution could be that the schedule is configured by another user than admin. Is there any other way to handle this security issue?
We are running FME Server 2020.1.3 and our engines are executed with a AD sys user. We have this case because we have database/web connections consulting private and sensitive data and we have to guarantee that our setup is secure enough.
Thanks!
