Questions
Here are the answers to the questions in this chapter.
Miss Vector says... |
If I create a database connection that has superuser permissions then it would bypass any permission checks the database would make for creating and dropping tables. So how do you think I might prevent a user misusing that capability?
1. Remove that user's permission to run that workspace on FME Server 2. Remove that user's permissions to access the entire repository that workspace resides in 3. Remove permission to access that particular database connection for that user's role 4. Remove from their role permission to manage database connections If I want to deny a user access to a superuser database connection, then I (or a system admin) just removes permission to access that connection for that user's role. Well done. |
Miss Vector says... |
Firstly: I copy a workspace into a resources folder using the upload tool. What then?
1. I can run it by browsing the resources, selecting the workspace, and clicking run 2. I can run it through the Manage > Workspaces menu tools 3. I can run it by calling it with the FMEServerJobSubmitter transformer in FME Desktop 4. I can't run it because it's not properly published to a repository Secondly: Uploading an entire folder of files come with what restriction? If I copy a workspace into a resources folder using the upload tool, I can't run it at all! It must be published properly with the publishing wizard in order for Server to run a workspace. |
Miss Vector says... |
Secondly: Uploading an entire folder of files come with what restriction?
1. Folder upload only works on certain web browsers 2. Folder upload requires the folders to be zipped into a single file 3. Folder upload only works on Windows C: drive (not D:, E:, etc) 4. Folder upload requires FME Desktop to be installed on the computer being uploaded from Folder upload works in Chrome, but not in Firefox, Internet Explorer, or any other web browser. |
Miss Vector says... |
So I can make my workspace read specific data from the resources folders - but how do I stop the end-user from being able to change that?
1. Remove their security permissions for the Job Submitter service 2. Remove their security permissions for the Resources folders 3. Make the source dataset parameter optional for that Reader 4. Delete the published parameter for that source dataset from the workspace To stop the end user being able to change the data being used by a workspace, I simply delete the source dataset published parameter from the workspace. Now no-one can change it without editing the workspace. |