Role Policies
There are various sections of security policies that can be set for each role.
General
These are general policies such as the ability to manage jobs, services, and security. For example, if you don’t have the ability to manage security, that item will be missing from the main menu of the user interface.
Topics
Topics are related to Notifications, which we’ll cover later. Different capabilities – read, write, publish, remove – can be assigned for each topic you create.
Resources
Resources are files and datasets stored on FME Server. Different permissions – read, write, upload, delete – can be assigned to each resource.
Services
Services are key items of functionality on FME Server. They are the different methods by which a workspace can be run and output data delivered. Each role can be allowed – or not – to use a particular service.
Repositories
As you know, repositories are a place to store and categorize workspaces. Each role can be given different permissions for each and every repository.
Connections
Connections are predefined logins to either web services or databases. Each role can be given permission to access different connections stored in FME Server.
Applications
Applications are the different ways in which FME Server can be accessed. For example, it’s possible to control access to the FME Server Web Interface for a specific role.
Other Security Functions
FME Security can be fully integrated with both Active Directory and Integrated Windows Authentication (IWA). The FME Server Administrators Guide explains how this can be achieved.
Encryption
FME Server also allows Secure Sockets Layer (SSL) connections in order to encrypt transaction data. This is most important for ensuring sensitive log in information is not exposed and is particularly important when you are using Active Directory.
Again, the FME Server Administrators Guide explains the steps needed to implement this. In brief the process consists of two steps:
- Modify web service URLs to use HTTPS instead of HTTP
- Enable SSL on the web and/or application server.
Police Chief Webb-Mapp says... |
I am the law! The FMESuperUser role is the high court of FME Server and is granted all permissions on all security settings. What’s more, these permissions cannot be revoked, unset, or appealed against!
So, be sure not to assign accounts to the FMESuperUser role unless you really, really mean for them to be given that degree of power! |
Miss Vector says... |
If I want one user to have a higher level of access to other users in the same role (say I wish to let an FME author be able to manage engines) what must I do?
1. Simply select that user from the user list and set the manage engine policy to yes 2. Promote that role to superuser status so that the user has a higher level of security 3. Create a new role with manage engines = yes and move that user to it 4. Create a new role with manage engines = yes and add that user to it as well as the original role |