Roles
Select Security > Roles.
A role is a group of one or more Users.
For more information about users and roles in FME Server, see Role-Based and User-Based Access Control.
The default columns displayed in the Roles table are:
- Name - Name of the role.
- Users - User accounts assigned to the role.
FME Server provides a set of default roles:
Role | Description | User |
---|---|---|
fmeadmin |
Provides full access to FME Server, including the Web User Interface. |
admin |
fmeauthor |
Provides workspace authors access to FME Server to publish, author, and test new workspaces. |
author |
fmeguest |
Provides unauthenticated access to run jobs via Web Service URLs. |
guest |
fmesuperuser | Authorized to access all resources of FME Server, including existing and newly-created resources. | admin |
fmeuser | Provides users access to the Web User Interface and Web Services. | user |
Adding and Removing Roles
To add a role, click New. Alternatively, select an existing role and click Duplicate. A dialog displays to add a new role. This dialog is similar to Configuring an Existing Role, below.
To remove a role, select it and click Remove.
Note: You cannot delete the fmesuperuser role.
Configuring an Existing Role
To configure an existing user role, click an entry in the Roles table. The Edit Role page opens. Configure the following settings, and click OK to save your changes.
Associated Users
To assign users to the role, click inside the field and select a user in the drop-down. To remove users from the role, click the "x" beside the user name.
Permissions
You can give a role access to different functions in FME Server. Check the box beside a function to grant access.
Optionally, you can add permissions to match those from an existing role. Click Load Template. On the Load Template from Role dialog, select the role from which to load permissions, and click OK. This option adds any additional permissions that are not already granted. No permissions are removed. You can click Load Template multiple times to add permissions from more roles.
There are two levels of permissions:
- General: Allows users of the role to view the corresponding navigation link in the Web User Interface, along with select management functions, depending on the category. For example, if Access is checked beside Repositories, users can access the Repositories page. Additionally, if Create is checked, users can create repositories on the Repositories page.
- Item: Allows users of the role specific permissions on items within functional categories. To view items, click the drop-down icon of a category (v). For example, when you expand the Repositories category, you see the individual repositories on your FME Server, along with the permissions that can be granted for each one.
The following is a detailed explanation of general- and item-level (where applicable) permissions for each category:
- Access: Access the Run Workspace page.
- Advanced: Access Job Directives when running workspaces.
- Access: Access the Jobs page to view the jobs you have run, or cancel any of your jobs that are currently running or in queue.
- Manage: Access and manage the jobs of all users. You can:
- Cancel any job that is currently running.
- Remove the history of jobs that were previously run.
- Manage Job Queues. (Also requires Manage permission in Engines & Licensing.)
- Access: Access the Automations page.
- Create: Create workflows.
- Read: View a workflow and its log file.
- Write: Edit a workflow.
- Run: Start and stop a workflow.
Individual Automations:
Note: Automations requires additional permissions. You are prompted to grant any additional permissions that are required.
- Access: Access the Schedules page.
- Create: Create schedules.
- Full Access: Edit or delete a schedule.
Individual Schedules:
- Access: Access the Repositories page.
- Create: Create repositories.
- Download: Download workspaces and other repository items from FME Server into Workbench.
- Read: View repository information.
- Publish: Publish workspaces and other items to the repository from Workbench.
- Run: Run repository workspaces from FME Server.
- Remove: Remove a repository, or remove items from a repository.
Note: Access permission is not required to run a workspace. Only Run permission on the applicable repository is required (see below).
Individual Repositories:
Note: Users must also have Allow permission on the applicable service (see Services) when running workspaces.
Note: You must uncheck all five permissions to completely remove a role from membership with a repository.
Note: Version Control must be enabled to view these permissions.
- Access: Commit versions and view repository history.
- Manage: Enable version control and configure with a remote Git repository.
- Access: Access the Workspace Viewer.
- Access: Access the Server Apps page.
- Create: Create new FME Server apps.
- Read: Access an FME Server app.
- Write: Edit or Remove an FME Server app.
Individual Server Apps:
- Access: Access the Publications page.
- Create: Create Notification Service Publications.
- Read: View information about a publication.
- Write: Edit a publication.
- Remove: Delete a publication.
Individual Publications:
- Access: Access the Subscriptions page.
- Create: Create Notification Service Subscriptions.
- Read: View information about a subscription.
- Write: Edit a subscription.
- Remove: Delete a subscription.
Individual Subscriptions:
- Access: Access the Topics page.
- Create: Create topics.
- Read: View information about a topic.
- Write: Edit a topic.
- Publish: Publish notifications to a topic.
- Remove: Delete a topic.
Individual Topics:
- Access: Access the Resources page.
- Create: Create connections to network resources.
- Access: Read and download a file.
- List: List the folders and files of a resource.
- Write: Write to files.
- Upload: Upload files.
- Remove: Delete files.
Individual Resource connections (top-level folders):
- Access: Access the Database Connections and Web Connections pages.
- Create: Create connections.
- Manage: Access, create, and remove connections.
- Access: Manage web services.
Individual Connections:
- Access: Access the Projects page.
- Create: Create projects.
- Read: View information about a project.
- Write: Edit a project.
- Delete: Delete a project, or delete items from a project.
Individual Projects:
Note: Access or Create permission is not required to have Read/Write/Delete permission on individual projects. These tasks can still be accomplished with the REST API.
- Access: Access the Dashboards page.
- Manage: Configure engines and licensing, except job queues (requires Manage permission in Jobs).
- Manage: Configure users and roles, and manage Cross-Origin Resource Sharing.
- Manage: Configure system cleanup.
- Access: Access the /metrics endpoint of the FME Server REST API.
- Manage: Configure the FME Server services.
- Full Access: Manage FME Server services.
Individual Services:
- Manage: Configure System Events.
- Upload: Allow publishing FME packages from FME Desktop to FME Server.