- - Community Resources
Ideas
Product Updates
Events
Blog

Home
Forums
FME Flow
Security

Security

Permissions, roles, and administration. Security in data processing.

135 Posts
399 Replies

When you subscribe we will email you when there is a new topic in this category

135 Posts

Recently active

Most replies Most views Newest first

ivanwriterContributor

asked in Security

For Added Security, Can the out-of-the-box admin Login Be Disabled?

Out-of-the-box, FME Flow has an admin login for administration (member of fmeadmin and fmesuperuser).As a measure of added security, can a different, less common, login name be used for administration? In other words, if I were to create a login for administration purpose named MickeyMouse, add MickeyMouse to fmeadmin and fmesuperuser roles, and disable admin, does that work? Are there gotcha’s with doing that? Is it a measure of added security?

121

11 hours ago

ebygommContributor

asked in Security

Stopping the current automation automatically - authentication

We currently have a process where an automation is stopped by any upstream failure triggering a workspace which contains a httpcaller with a call to the fme rest api to stop the automation. The request is configured to use $(FME_SERVER_WEB_URL) and an the Automation General Attribute/Key AutomationID to construct the request for the api so in this way it is generic. I’m wondering if there’s any way to use the user running the automation as authentication for the http request?

251

19 days ago

daraghmccarthyObserver

asked in Security

FTPCaller won't allow both username / password and public / private key

Hi, looking for help please. We are using FME Flow 2024.1.3 Build 24627 - linux-x64 on Ubuntu 24.04 and trying to connect to an external FTP server to transfer files from FME Flow. Our client who owns the FTP Server are asking us to authenticate with both username / password and public / private keys ; we’ve supplied our client with the public key which they’ve loaded successfully. We can connect ok manually using both username / password and public / private keys, but when we try from FME Flow it fails on the public / private key and forces us to enter the password.What we are looking for is a way to call using the public / private key and also specifying a password.

392

1 month ago

nic_ranContributor

asked in Security

How can I allow other users to edit my FME Server App?

I have created an FME Server App. Is it possible to provide permission for another user to edit the App?I have granted full permission to Create Apps and also to the specific App to my other user but I get this error message when the user tries to edit the App:This Server App is owned by "admin". Only the owner or a user who can manage FME Server security permissions can edit this App.This seems to be highly restrictive.

905

1 month ago

sameerContributor

asked in Security

Pen test Remediation required - Enable HSTS and Hide Email server type / version

FME Flow 2023.2.1Build 23774 I’m planning on upgrading FME Form / Flow this weekend which includes fixing the following vulnerabilities detected from our internal Pen Test. USR-640 Email Servers Advertise Software Type and Version Removing the software banner from the email server is typically done in the configuration file, for example sendmail.cf or postfix.conf.Is it possible to fix this and where would the file(s) be located?What change should take place? USR-622 HSTS Missing from HTTPS ServerIs it simply enough to add the following to the web.xml config file? <filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>hstsEnabled</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>hstsMaxAgeSeconds</param-n

915

1 month ago

thomas89Contributor

asked in Security

Is it possible to make a FME web connection to Azure File Storage with Oauth ?

Dear reader, I want to know if it is possible (if yes, how) to connect FME with an Azure File Storage with OAuth. The Azure connection transformer, AzureFileStorageConnector seem to not have a Oauth connection possible. Is this true and are there other ways to make an Oauth connection to Azure File Storage in FME Desktop?

422

2 months ago

ecxContributor

asked in Security

FME Server: How to Determine what Web Connections are Authorised As

On fme server, web connections we can authorise the named connections as various accounts. How can we check what accounts these are currently authorised as? Thanks

Running Workspaces as different users

Is it possible to run workspaces in FME Server as different user accounts i.e. service accounts? I am aware of running FME Services Engine as a different account. The issue there is that over time you will have to grant this account access to a lot of different resources and this would not be good cyber-security practice.

734

2 months ago

kevin_bourrandParticipant

asked in Security

Is there a way to configure automatically permission for running a specific workspace ?

Hi everyone, This question is about the detailed permissions user/role management interface.We’ve been facing issues finding all permissions required to run a specific workspace, like allowing services, access to shared ressources data and to specific connexions. The question is: Is there a hint to grant or list all these needed permissions to run a specific workspace ? Thank’s in advance. Kevin

623

2 months ago

ssmith_ftrContributor

asked in Security

FME Flow and scheduling jobs as alternate user account

We are upgrading to FME Flow 2024 and wanting to make some improvements. As part of this we want to know if we can have a user upload workbenches to FME Flow. Then login to FME Flow with their user account, but somehow build automations, streams, apps, and scheduled jobs to run under a different user account. We are trying to migrate from putting the all the running automations, schedules, and other items under individual user accounts. Instead we want to assign to a departmental account. Since we have FME Flow tied into our Active Directory this will prevent any permission issues of jobs not working when an employee leaves the company and their AD account is suspended. I didn’t really want to have every user login to FME Flow with the departmental user account. Then we won’t keep the individual repositories for workspaces and will become a mess. I know the GUI/Web Front End as-is doesn’t support this but trying to decide what approach I could do to solve this.My easiest thought is to

291

2 months ago

jonvelcoContributor

asked in Security

SAML option missing in FME Flow Connection parameters in Form

Running 2023.2 (both Flow and Form) and I have SAML setup, configured, and working on Flow. However, in Form, when I add a FME Flow Connection - the SAML drop down under Authentication is missing even though the documentation says it should be there.What am I missing?? Missing SAML option in Authentication drop down FME Flow:Our FME Flow site with SAML enabled Documentation:Documentation

281

3 months ago

chelseaParticipant

asked in Security

User Management - User unable to resubmit jobs

Hi all, New user here - trying to get a support-only role set up for a few on my team in FME Form. We sometimes have jobs that need to be resubmitted and would like the support role to have the ability to do this but to NOT be able to edit the workspaces or automations at all. I have played around with editing the role permissions and no matter what I try, the users are not able to resubmit jobs. They can get to the job and view logs but get an ‘Unauthorized request by user due to lack of permissions...’ error. Has anyone experienced something like this or have any idea on what permission set would be tied to resubmitting jobs?Thank you!

231

3 months ago

ivanwriterContributor

asked in Security

With FME Flow, Is There a Way to Block Administrator Logon from Going Through a Proxy Server?

ArcGIS Server can be configured to disallow administrative tasks from being conducted via REST. Is there something similar with an FME Flow that has a proxy server to do something similar--disallowing administrative logons via the proxy server (direct logon to FME Core machine only)?

271

3 months ago

keithhastingsContributor

asked in Security

TLS 1.3 support

Is TLS 1.3 supported for FME 2023.2.1?How do you go about finding this out? ThanksKeith

FlexNet to support other products

We currently have FME-supplied Flexnet running on a Windows server and would like to use the same daemon to licence another product. I have checked in the manual and the suggestion is that I simply need to tweak the other product licence file to point at a different port. However as the current Flexnet install does not show FME as he vendor file, when I try adding a vendor file it causes and error as it can’t find the FME licence file. I did put the other product’s licence file in the same folder as the FME file. I have also spotted a post that suggested adding the second products licence to the same file with FME pointing at the default port (27000) and the other product point at a second port.Can you advise what is the best approach?ThanksChris

261

3 months ago

s.jagerEnthusiast

asked in Security

FME Desktop 2022.2.5 is flagged as having security weaknesses

Hello,FME Desktop 2022.2.5, using OpenSSL 3.0.8.0, is being flagged by Defender as having three weaknesses: CVE-2023-0464, CVE-2023-0465 and CVE-2023-0466. I can't find anything here about these three: Is there anything known about them? CVE-2023-0465 and CVE-2023-0466 are being re-analyzed, so I appreciate that we need to wait for the outcome of that analysis, but CVE-2023-0464 could potentially be quite harmful. Thanks,Stefan

1024

4 months ago

virtualcitymattEvangelist

posted in Security

Just FYI - web connections and database connections are now available with python

In case you missed it you can now access web connection and database connection details in python now.Using the SystemCaller and PythonCallers in the past have always enabled remote code execution but since FME 2023 now your connections are also exposed. Just a reminder to never run what you don’t trust.

210

4 months ago

joshuajames1979Contributor

asked in Security

Setting up a web connection in FME Workbench with OAuth2

Hi there, we are looking at making an OAuth2 connection so that we can pull back JSON files from our Asset Management System in TechOne so that we can then populate our SQL data. I thought FME Workbench would be a lot cleaner than using Python, however I am struggling to connect when setting up a web connection. I receive “an error has occurred” when testing. Out of the three requirements I am unable to set the third one, which is most important. This being grant_type in the body needs to be set to “client_credentials”. Is there any way to change this? I read that you can’t so trying to see if there is a workaround.I read online some are suggesting a REST API but not sure if that’s the way to go in FME Workbench.Regards,Josh

1182

4 months ago

lifalin2016Contributor

asked in Security

Sudden server app token permission change in FME Server/Flow 2022.2.x ?

Hi all.Our FME Servers using version 2022.2.x have been running fine for over a year now, but suddenly (in the last month or so) the existing server apps have begun to fail, stating missing token permission to server and database connections as the cause.What’s causing this sudden change in behaviour ?The server apps have been running without problems until this started.Cheers. EDIT: It worked June 27 but failed June 28.

Is FME Server / Flow vulnerable for Apache ActiveMQ CVE-2023-46604 https://www.cve.org/CVERecord?id=CVE-2023-46604

542

5 months ago

schulte.aContributor

asked in Security

Making a Workspace App, is there a way to get a username verified with windows authentication/SSO, and have that username be a parameter in the workspace?

I am making a self service map generator workspace app. My want is to be able to verify a username by using either SSO/Windows authentication. then I have a script that has outputted all the groups and its users in our ArcPortal in a spreadsheet. so I can relate their username to the group they’re in which then I’ll use a testfilter as to what layers each group is allowed to use in their map. Unless there’s an easier way to go about this?

381

5 months ago

krlemContributor

asked in Security

Is there a way to restrict access to python os module in FME Flow?

As we all know, FME supports use of Python in workbenches, either via PythonCaller, scripted parameters, etc. The risk I see though is, that unexperienced user or malicious insider could potentially run Python code with access to Operating System commands (os.system for example) and create some damages (delete shared data folder contents, remove some files or corrupt Engine host, map external drives and copy data there, etc., you name it).What are the best practices to restrict access to this type of Python modules? Is there any built-in functionality in FME Flow that could help to address this security concern?

806

7 months ago

todd_davisSupporter

asked in Security

Moving user data between Active Directory (AD) to Azure Active Directory (AAD or ME-ID) in bulk

Hi,I have a basic outline of how I would do this with FME Rest API, but wondering if anyone else has done it already in a comprehensive fashion, or whether Safe may have already created something for it? @siennaatsafe We are moving from Active Directory to Azure Active Directory (new name: Entra ID) in FME Flow. I just need to be able to move all user content and roles to a new AAD (new name: ME-ID) user.For instance:group: FME from AD already exists, but I am going to import group: FME from AAD and then switch all the content and role capabilities for all the underlying users. Happy to take anyone's learnings as well, just to ensure we don’t overlook anything? Cheers,Todd

691

7 months ago

jiranek_hsroObserver

asked in Security

how to integrate Flow Apps through iframe into another web site?

Hi everyone, is there a way how to integrate Flow Apps through iframe into another web site page. There is a block in CORS setting Flow Apps strict-origin-when-cross-origin. Any idea? Kindly regards

632

7 months ago

gjaguilarContributor

asked in Security

Error writing to a hard drive on another server

I am starting with FME Server and can someone help me understand and learnI have a download process that runs on a virtual machine with Windows Server 2019 data center (Server 1) and it must write a file to a disk of another virtual machine that also has Windows Server 2019 data center (Server 2), but I gives permissions error. I understand that the process is executed with a user created in the FME Server, in this case of type System.My doubts are:Should the user created on the FME Server also be created as a user on Server 1 and have write permissions to the Server 2 disk?Should the user be changed in FME Server to Directory Server type or is it not necessary?

474

7 months ago

Page 1 / 6

Badge winners

hsnhas earned the badge Webinar Watcher (Grey)
hsnhas earned the badge Welcome Back
vojtechmyskahas earned the badge Welcome Back
delaneytoursihas earned the badge Student (Grey)
gavinparkhas earned the badge FME Certified Trainer

Show all badges

30,141: Posts

Terms & Conditions Cookie settings

Sign up

Already have an account? Login

An FME Account is required to contribute

Login to the community

An FME Account is required to contribute

Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.

Enter your e-mail address

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

A product of

Company Products Giving Back Careers Contact Privacy Feedback

Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.