Questions
Here are the answers to the questions in this chapter.
Miss Vector says... |
If I create a database connection that has superuser permissions then it would bypass any permission checks the database would make for creating and dropping tables. So how do you think I might prevent a user misusing that capability?
1. Remove that user's permission to run that workspace on FME Server 2. Remove that user's permissions to access the entire repository that workspace resides in 3. Remove permission to access that particular database connection for that user's role 4. Remove from their role permission to manage database connections You should know it can't be 1 or 2, because security is based on roles, not individual users. You could remove permission to manage connections (4) but that won't prevent access to ones already created. You should look for that connection under Object Policies in the security pages and remove from it any roles that should not have access. |
Miss Vector says... |
Although simple, there is a major limitation to publishing data with a workspace. What do you think it is?
1. The data is only temporary and will be deleted once the workspace is run 2. The data is hidden within FME Server's system files and is inaccessible to any other use 3. The data becomes available to anyone regardless of role and security settings 4. The workspace cannot be run using any other data than that published with it The limitation is that a dataset published in this way can only be referenced by this workspace, and by no other. None of the others are true (it won't be deleted, it isn't open to anyone, and the workspace can be run using other data if required). |
Miss Vector says... |
The system cleanup tools will erase any data uploaded like this when it is more than a day old. But which cleanup task is it that will do so?
1. Delete_DataUpload_Files 2. Delete_EngineResults_Files 3. Delete_Service_Post_Content_Files 4. Delete_UserData_Files It's #1. fyi #4 isn't even a real task! |
Miss Vector says... |
So I can make my workspace read specific data from the resources folders - but how do I stop the end-user from being able to change that?
1. Remove their security permissions for the Job Submitter service 2. Remove their security permissions for the Resources folders 3. Make the source dataset parameter optional for that Reader 4. Delete the published parameter for that source dataset from the workspace Yes, in the Navigator window look for a published parameter that relates to the source dataset, and remove it. The option to change the dataset will then not be presented to the user. |