Users

Select User Management > Users.

A user is someone who accesses FME Flow applications, services, and other resources. A user can belong to one or more roles.

For more information about users and roles in FME Flow, see Role-Based and User-Based Access Control.

When FME Flow is installed for the first time, default user accounts are created. Note that the default Status of these accounts, except the admin account, is Disabled.

To customize the display of columns in the Users table, click the Customize Columns icon. The available columns are:

Name: Name of the user account.
Full Name & Email: Full name of user and email address.
Roles : Roles assigned to the user account.
Type: Origin of the user account.
- System: The user originated or was created directly in FME Flow.
- Active Directory: The user was imported from Authentication Services.
- SAML: The user was imported from a SAML identity provider.
Status: Whether the User account is enabled or disabled. Additionally, an icon displays if the account is configured to require a password change on next login, either explicitly (see below), or because the password has expired.

Quick Tasks

To enable or disable user accounts, check their corresponding boxes, and click Actions > Enable or Disable.
To remove users, check their boxes, and click Actions > Remove.
To add users to roles, select one or more users and click Actions > Add Roles. In the Add Roles dialog, click inside Role(s) to Add and select a role to which to add the user(s). Repeat to add the user(s) to more roles.

Adding and Removing Users

To add a user account, click New. Alternatively, select an existing user and click Actions > Duplicate. A dialog displays to add a new user account. This dialog is similar to Configuring an Existing User, below.

Note Usernames cannot contain any of the following special characters: /:*?"<>|^&='+%#

To remove user accounts, select them and click Actions > Remove. On the Remove User(s) dialog, specify a user to take ownership of any items that may be owned by the users you are removing, and click OK.

Note

Removing a user that owned Flow Apps causes them to be disabled. The API token for a Flow App will no longer be associated with that user. To run, the app must be explicitly enabled.
Removing a user that owned Automations that are in start or debug mode causes them to enter the stopped state.

Requiring Password Change on Next Login (Multiple Users)

You can require all users, or selected users, to update their passwords upon next login to the Web User Interface. This action may be useful in the event of a security breach of FME Flow.

When requiring a password change from multiple users, keep in mind the following:

You cannot require users imported from Authentication Services to update their passwords. As well, the account implementing the requirement is exempt.
To set standards for new and updated passwords, see Password Policy.

To require password change on next login (multiple users):

Select the users who must update their passwords.

Tip To select all users, check the box beside Name, at the top of the Users table.

Select Actions > Require Password Change.
On the Require Password Change dialog, click OK.

Viewing and Configuring User Permissions and Other Settings

To configure an existing user account, click an entry in the table. The Edit User page opens. Configure the following settings, and click OK to save your changes.

Expand for details

Username

The account name to use for logging in to FME Flow. This field displays only when adding a user.

Full Name

Display name of the user account.

Account Enabled

If green (slider to the right), the user account is enabled. To disable the user account, move the slider to the left.

Sharing Enabled

If enabled, the user can share items they own or manage with other users or roles. To disable sharing, move the slider to the left. For more information, see Shared Access

Require Password Change on Next Login

If enabled, the password of this user account must be updated on each subsequent login. This setting is useful for user accounts that are shared among multiple persons.

Tip To require all or multiple users to update their passwords upon next login, see Requiring Password Change on Next Login (Multiple Users) (above). To set standards for new and updated passwords, see Password Policy.

(Optional) Email address of the user. This field must be set if Reset Password is enabled and you want this user to be able to reset their password.

Assigned Security Roles

Roles to which the user belongs.

To assign roles to the user, click inside the blank space of the field and select a role in the drop-down. To remove roles from the user, click the "x" beside the role name.

Change Password

(Optional) Click to change the password that must be entered by the user to log in.

Tip To allow users to reset their own passwords, see Reset Password. To set standards for new and updated passwords, see Password Policy.

Permissions

You can give a user access to different functions in FME Flow, regardless of assigned role. Check the box beside a function to grant access. If a user already has access through membership in a role, it is indicated with a check icon. Mouse-over an icon to see the role through which permission is granted.

Optionally, you can add permissions to match those from an existing role. Click Load Template. On the Load Template from Role dialog, select the role from which to load permissions, and click OK. This option adds any additional permissions that are not already granted. No permissions are removed. You can click Load Template multiple times to add permissions from more roles.

There are two levels of permissions:

General: Allows a user to view the corresponding navigation link in the Web User Interface, along with select management functions, depending on the category. For example, if Access is checked beside Repositories, the user can access the Repositories page. Additionally, if Create is checked, the user can create repositories on the Repositories page.
Item: Allows a user specific permissions on items within functional categories. To view items, click the drop-down icon of a category (v). For example, when you expand the Repositories category, you see the individual repositories on your FME Flow, along with the permissions that can be granted for each one.

The following is a detailed explanation of general- and item-level (where applicable) permissions for each category:

Analytics

Permission	Description	Roles Granted This Permission, by Default
Access	Access Analytics.	fmeadmin, fmesuperuser

Automations

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Automations page, and list workflows and tags.	fmeadmin, fmeauthor, fmesuperuser
Create	Create automations.	fmeadmin, fmeauthor, fmesuperuser

Individual Automations:

Read: View a workflow and its log file.
Write: Edit or remove a workflow.
Run: Start and stop a workflow.
Apps: Run a workflow through an automation app.
Webhooks: Access a URL generated by a Webhook trigger that requires authentication.

Note Automations requires additional permissions. You are prompted to grant any additional permissions that are required.

Broadcast Messages

Permission	Description	Roles Granted This Permission, by Default
Manage	Access and manage Broadcast Messages.	fmeadmin, fmesuperuser

Connections

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Database Connections and Web Connections pages.	fmeadmin, fmeauthor, fmesuperuser
Create	Create connections.	fmeadmin, fmeauthor, fmesuperuser
Manage	Access, create, and remove connections.	fmeadmin, fmeauthor, fmesuperuser

Individual Connections:

Access: Manage web services.

Dashboards

Permission	Description	Roles Granted This Permission, by Default
Access	Access the Dashboards page.	fmeadmin, fmeauthor, fmesuperuser

Data Collection

Permission	Description	Roles Granted This Permission, by Default
Manage	Configure Data Collection.	fmeadmin, fmesuperuser

Deployment Parameters

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Deployment Parameter Store.	fmeadmin, fmeauthor, fmesuperuser
Create	Create deployment parameters.	fmeadmin, fmeauthor, fmesuperuser

Individual deployment parameters:

Read: Access a deployment parameter.
Write: Edit a deployment parameter.
Remove: Remove a deployment parameter.

Flow Automation Apps

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Automation Apps page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create automation apps.	fmeadmin, fmeauthor, fmesuperuser

Individual Automation Apps:

Run: Run an automation app.
Read: Access an automation app.
Write: Edit or remove an automation app.

Flow Gallery Apps

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Gallery Apps page	fmeadmin, fmeauthor, fmesuperuser
Create	Create gallery apps.	fmeadmin, fmeauthor, fmesuperuser

Individual Gallery Apps:

Run: Open links in a gallery app.
Read: Access a gallery app.
Write: Edit or remove a gallery app.

Flow Workspace Apps

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Workspace Apps page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create workspace apps.	fmeadmin, fmeauthor, fmesuperuser

Individual Workspace Apps:

Run: Run a workspace app.
Read: Access a workspace app.
Write: Edit or remove a workspace app.

Jobs

Permission	Description	Roles Granted This Permission, by Default
Access	Access the Jobs page to view the jobs you have run, or cancel any of your jobs that are currently running or in queue.	fmeadmin, fmeauthor, fmeguest, fmesuperuser, fmeuser
Manage	Access and manage the jobs of all users. You can: Cancel any job that is currently running. Remove the history of jobs that were previously run.	fmeadmin, fmesuperuser

Licensing & Engines

Permission	Description	Roles Granted This Permission, by Default
Manage	Licensing, Engines, and Deployment Status (Deprecated).	fmeadmin, fmesuperuser

Note Licensing permission also requires membership in the fmesuperuser role.

Network Configuration

Permission	Description	Roles Granted This Permission, by Default
Manage	Access Network & Email configurations, except Services.	fmeadmin, fmesuperuser

Packages

Permission	Description	Roles Granted This Permission, by Default
Access	Add FME packages to Projects.
Upload	Publish FME packages from FME Form to FME Flow and remove existing packages.	fmeadmin, fmeauthor, fmesuperuser

Projects

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Projects page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create projects.	fmeadmin, fmeauthor, fmesuperuser

Individual Projects:

Read: View information about a project.
Write: Edit a project.
Delete: Delete a project, or delete items from a project.

Note Access or Create permission is not required to have Read/Write/Delete permission on individual projects. These tasks can still be accomplished with the REST API.

Publications

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Publications page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create Notification Service Publications.	fmeadmin, fmeauthor, fmesuperuser

Individual Publications:

Read: View information about a publication.
Write: Edit a publication.
Remove: Delete a publication.

Queue Control

Permission	Description	Roles Granted This Permission, by Default
Manage	Access to Queue Control, except engine assignment rules (also requires Manage permission in Licensing & Engines).	fmeadmin, fmesuperuser

Repositories

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Workspaces page. Note Access permission is not required to run a workspace. Only Run permission on the applicable repository is required (see below).	fmeadmin, fmeauthor, fmesuperuser
Create	Create repositories.	fmeadmin, fmeauthor, fmesuperuser

Individual Repositories:

Download: Download workspaces and other repository items from FME Flow into FME Workbench.
Read: View repository information.
Publish: Publish workspaces and other items to the repository from FME Workbench.
Run: Run repository workspaces from FME Flow.

Note Users must also have Allow permission on the applicable service (see Services) when running workspaces.

Remove: Remove a repository, or remove items from a repository.

Note You must uncheck all five permissions to completely remove a role from membership with a repository.

Resources

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Resources page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create connections to network resources.	fmeadmin, fmesuperuser

Access: Access the Resources page.
Create: Create connections to network resources.

Individual Resource connections (top-level folders):

Access: Read and download a file.
List: List the folders and files of a resource.
Write: Write to files.
Upload: Upload files.
Remove: Delete files.

Run Workspace

Permission	Description	Roles Granted This Permission, by Default
Access	Access the Run Workspace page.	fmeadmin, fmeauthor, fmeguest, fmesuperuser, fmeuser
Advanced	Access Job Directives when running workspaces.	fmeadmin, fmeauthor, fmesuperuser

Schedules

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Schedules page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create schedules.	fmeadmin, fmeauthor, fmesuperuser

Individual Schedules:

Full Access: Edit or delete a schedule.

Security Configuration

Permission	Description	Roles Granted This Permission, by Default
Manage	Access to Security configurations.	fmesuperuser

Services

General Permission	Description	Roles Granted This Permission, by Default
Manage	Configure the FME Flow services.	fmeadmin, fmesuperuser

Individual Services:

Full Access: Manage FME Flow services.

Streams

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Streams page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create streams.	fmeadmin, fmeauthor, fmesuperuser

Individual Streams:

Read: View a stream.
Write: Edit or remove a stream.

Subscriptions

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Subscriptions page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create Notification Service Subscriptions.	fmeadmin, fmeauthor, fmesuperuser

Individual Subscriptions:

Read: View information about a subscription.
Write: Edit a subscription.
Remove: Delete a subscription.

System Cleanup

Permission	Description	Roles Granted This Permission, by Default
Manage	Configure system cleanup.	fmeadmin, fmesuperuser

System Events

Permission	Description	Roles Granted This Permission, by Default
Manage	Configure System Events.	fmeadmin, fmesuperuser

Topics

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Topics page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create topics.	fmeadmin, fmeauthor, fmesuperuser

Individual Topics:

Read: View information about a topic.
Write: Edit a topic.
Publish: Publish notifications to a topic.
Remove: Delete a topic.

User Management

Permission	Description	Roles Granted This Permission, by Default
Manage	Configure users and roles.	fmeadmin, fmesuperuser

Version Control

Note Version Control must be enabled to view these permissions.

Permission	Description	Roles Granted This Permission, by Default
Access	Commit versions and view repository history.	fmeadmin, fmeauthor, fmesuperuser
Manage	Enable version control and configure with a remote Git repository.	fmeadmin, fmesuperuser