You are here: Administrator's Guide > Securing FME Server > Securing FME Server and Applications/Services > Configuring Authentication for Security Resources

Configuring Authentication for Security Resources

You can configure FME Server so that some web services require user credentials and others do not. For example, you might want to allow open access to the Data Download service but restrict access to the Data Streaming service.

If you are not using Active Directory user accounts with FME Server, this can be accomplished by using the guest user account, which is a member of the fmeguest role. If the fmeguest role has been assigned access to a security resource, that resource does not require or request authentication.

By default, the fmeguest role has access to all of the web services, which means that the web services provide unauthenticated access by default.

This example adds authentication to the Data Download service by removing fmeguest role access:

  1. Browse to the Security page of the FME Server Web User Interface and click on the Object Policies tab.
  2. Click on the Data Download service.
  3. On the Editing page, remove the fmeguest role.
  4. Click OK.

Now, if you try to access the data download service from outside of the Web User Interface (http://localhost/fmedatadownload/Samples/austinApartments.fmw), it requires authentication:

Alternatively, on the Role Policies tab, you can adjust the security resources to which the fmeguest role has access.

If you are using Active Directory, this can be accomplished by the following steps:

  1. Pick an Active Directory user that you will use to provide anonymous access.
  2. Add that user's security group to FME Server as a role.
  3. Allow that role to use the web services for which you want to allow anonymous access.
  4. Configure the web services to make use of this user.

Modifying the Default Guest Role

If you want to create your own guest user, or modify the password for the existing guest user, you must change the service’s propertiesFile.properties file.

The following example removes the guest user and then creates a new user datadownloadguest and assigns it to the fmeguest role.

  1. Browse to the Security page of the FME Server Web User Interface and click on the Roles tab.
  2. Edit the fmeguest role and remove the guest user from the list of members.

    3. If you now try access the data download service (http://localhost/fmedatadownload/Samples/austinApartments.fmw), it requires authentication because the guest user that the data download service uses to authenticate is no longer assigned to a role.

  3. Go to the Users tab and create a new user called datadownloadguest. Give it whatever password you want and assign it to the fmeguest role.
  4. Open the file: <FMEServerDir>\Utilities\tomcat\webapps\fmedatadownload\WEB-INF\conf\propertiesFile.properties
  5. Locate the parameters listed below and set:

    6. DEFAULT_USER_ID=datadownloadguest

    DEFAULT_PASSWORD=<password>

Now, when you access the data download service (http://localhost/fmedatadownload/Samples/austinApartments.fmw), it runs without prompting for authentication.