FME Server 2020.0 requires manually fix API Token Permissions after restoring configuration?

Hello,

I upgraded FME Server from 2019.2 to 2020.0, and restored the configuration by importing the backup file which has been downloaded before uninstalling the previous version.

Some of existing workspaces are run via API (request from a web page) and access a PostgreSQL database to read features with a FeatureReader, execute a SQL query with a SQLExecutor and so on.

What I observed is, after upgrading to 2020.0, the workspaces failed to access the PostgreSQL database and logged this error message.

FME Server error: `FME Server error: `Unauthorized request by user due to lack of proper permissions.'

I was able to resolve the failure by manually adding access permission for the database connection to the API token, but it's a bit troublesome if you need to check and fix permissions of every Token whenever upgrading FME Server.

I upgraded the FME Server several times before (FME 2019.0 -> 2019.1 -> 2019.2), but I didn't need to modify permissions of the API token.

Is it an intentional change in FME 2020?

Page 1 / 1

I had the same issues when I installed FME Server 2020.0.

We are investigating this. Thank you for posting.

I am experiencing this same issue with 2020 but with Server Apps - where a workspace needs to be run anonymously for a data upload task. The upload task needs to access a web connection which is why its failing with "Unauthorized request by user due to lack of proper permissions".

Is there any workaround for this in my case? Since its executing anonymously so how do I add permissions?

If I execute the workbench from the admin interface - it works OK.

Thanks

Is there any workaround for this in my case? Since its executing anonymously so how do I add permissions?

If I execute the workbench from the admin interface - it works OK.

Thanks

Hi @jiriteach, try manually setting the permission to access the Web Connection for the API Token of the Server Apps. You can modify permissions of API Token for FME Server App via the Token Management page in FME Server Web UI (log in with admin user or the owner of the Server Apps).

See here to learn more: Managing Security Tokens

Perfect - Thanks. Provided the permission and it works. Thanks for the pointer.

Hi @takashi, @jiriteach and @warrengis,

Thank you for reporting this issue, after some investigation it looks like this was an intentional change when upgrading to 2020 or newer from any prior version to apply some security improvements we implemented.

I have now created an article to cover this and will also be filing an issue with our documentation team to ensure this requirement is clearly indicated, and also our FME Server Development team to see if we can provide additional logging to make this step clear to the Administrator as well.

I am sorry for the inconvenience this may have caused, the good news is that the requirement to manually fix these token/user permissions is a one off and will not be required again going forwards in later upgrades.

Is there any workaround for this in my case? Since its executing anonymously so how do I add permissions?

If I execute the workbench from the admin interface - it works OK.

Thanks

I am having the same issue with 2020 Server Apps: Unauthorized request by user due to lack of proper permissions.'

Hi @frankzandersc,

If the workspace behind your Server App contains Web or Database Connections that are not stored as Published Parameters as Takashi suggested you will need to manually go and modify the App's Token permissions to give this access. Please see the instructions of this article under the heading 'API Token Permissions' for full instructions on how to fix this.

Reply

Community Stats

Reply

Community Stats

Sign up

An FME Account is required to contribute

Login to the community

An FME Account is required to contribute

Scanning file for viruses.

This file cannot be downloaded