FME Server allows you to secure your Web applications and Web services. There are three main tasks you need to perform when configuring access to your Web services and applications:
You can configure FME Server so that some web services require user credentials and others do not. For example, you might want to allow open access to the Data Download service but restrict access to the Data Streaming service.
This can be accomplished by using the guest user account, which is a member of the fmeguest role. If the fmeguest role has been assigned access to a resource, that resource does not require or request authentication.
By default, the fmeguest role has access to all of the web services, which means that the web services provide unauthenticated access by default. You can adjust the resources that the fmeguest role has access to using the Web User Interface.
You configure security configuration, including authentication and access control, using the FME Server Web User Interface, where a Security tab appears, if security is enabled. The Help link in the Web User Interface provides further details on any of the configuration steps described below, such as adding and removing users, changing passwords, and granting access to components.
FME Server allows you to assign access rights to different roles for the web services, applications, and components associated with FME Server. A role is a group of one or more users. A user is the person who accesses the applications or services, and a user can belong to one or more roles.
Before assigning permissions to users and roles, you must define where those users and roles originated. See Choosing Your Security Framework for details on how to do this.
The Security page of the Web UI is where administrators define permissions. It uses the following hierarchy: