After completing this lesson, you'll be able to:
FME Flow security and permissions work together to restrict and allow access to FME Flow items. It's essential to ensure users have access to the items they're supposed to, and oftentimes, only the admin account has access to all items on an FME Flow instance.
You have full permissions when you create an item; however, that does not mean your colleague can access it when needed. Depending on the permissions set up for each user to access FME Flow items, the easiest way for FME Flow users to collaborate and access the same content is by sharing it across users and roles.
Generally, sharing content on FME Flow follows one of these methods:
When you choose the Workspaces menu option in the FME Flow web interface, you will see a list of the repositories you can access.
If you own a repository, you can click the button to Share with Others.
A pop-up dialog appears where you select a user or role and choose the level of permission that you wish to give them.
Users and roles also impact FME Flow security. Roles are analogous to a group of users. When sharing an item, you may select a combination of users and roles to give permissions. For example, you can give anyone in the fmeuser role the ability to run workspaces in a repository.
Security is a critical capability. You may create workspaces for multiple users on FME Flow. However, they must have access to use the workspace. The Sharing Options dialog allows you to give others access to your workspace without needing the advanced User Management permissions.
You share other items on FME Flow the same way you share repositories. The only options that differ are the level of permissions that you may grant to the user or role you're sharing with. For example, you can share Projects, which group FME Flow content together. The permissions options include options to view and edit the project, which differ from the Can Run and Can Download options for repositories. You will learn more about Projects in the following lessons of this course.
For example, when you share a Resource folder, you can only allow users to view the content or assign them full access.
An FME Flow administrator may also manage access to items directly in User Management through Users, Roles, or Items. Permissions for users and roles work the same. You may grant permissions to all features and functions of FME Flow, or on an item basis. Some features have different levels of permissions, including Access, Create, and Manage.
For items, you would select the content category on FME Flow and then grant permissions by sharing items to users or roles. You will see the same Sharing Options here when sharing from the item itself.
Frank, a GIS and FME Flow administrator, has a CAD data validation workspace on FME Flow for his city's Engineering and GIS departments. The workspace validates water line data and is running successfully as expected. Frank needs to share it with his colleagues so they can access and use the workspace on FME Flow.
For this exercise, follow along with Frank's steps.
If you're taking a live Safe Software-hosted training course or using an on-demand lab for this course, we've already imported the content required for this lesson into your FME Flow.
If you're completing this lesson with your own FME Flow, you must import the starting project with the content into your FME Flow. If you don't want to import this project on your own FME Flow, you can use existing content that you've created or Samples workspaces to share content.
The first two steps of this exercise require User Management permissions, usually granted by the fmeadmin and fmesuperuser roles. If you are using an FME Flow account that does not have User Management permissions, like an fmeauthor, you won't have access to User Management to create a role and enable the author user. Instead, you may share a repository with another active user or role.
In the Admin section of the FME Flow side menu, Frank expands User Management and goes to Roles. He clicks Create to make a new role.
He names the group DataSubmitters and assigns the admin and author users to the role.
Frank clicks Load Template for Permissions and then selects the fmeauthor to copy permissions.
By using this role as a template, Frank doesn't remove any permissions from users, like admin, who have more permissions than the fmeauthor role. It only grants permissions to users who do not already hold the same permissions as the fmeauthor role.
Frank scrolls down and clicks Create to finish creating the new role.
Frank will test the sharing permissions using the author user that defaults on FME Flow. After he creates the role, Frank clicks the Users tab in User Management. Frank sees that the admin and the author users are assigned his new DataSubmitters role; however, the author user is disabled.
Frank clicks author to open the user settings. He toggles on the button for Account Enabled.
Frank doesn't need to alter any other settings. By default, the author user's password is also "author," which he will use to log in as the author user. Frank scrolls to the bottom and clicks Save.
Now that Frank has created the DataSubmitters role for his colleagues, he can share the repository housing the workspace with the role. When Frank adds new users to the role, they will gain the permission to access the repository, so Frank won't need to repeat the sharing process.
Frank clicks Workspaces on the side menu to open the list of repositories on FME Flow.
For the Data Validation repository, Frank clicks the Share icon.
Frank selects the DataSubmitters role he just created and then grants the Can Run permission to the role. This allows his colleagues to access the workspace and run it, but they won't be able to alter any settings or download it.
Frank reviews his selections and clicks Share.
Frank clicks the User Settings button in the top right corner and logs out as the admin user.
Frank logs in to FME Flow as the author user.
Frank opens Workspaces and selects the Data Validation reposithat he shared with the DataSubmitters role.
He clicks on the CAD_Data_Validation.fmw workspace to open it in Run Workspace.
He runs the workspace with the Data Streaming service and leaves all parameters as default.
FME Flow returns the HTML report of the CAD validation results to Frank as expected in the web browser.
Frank has successfully shared a workspace with his colleagues to run it on FME Flow. Frank accomplished this by creating a role to group the users and then sharing the workspace's repository with them. Now, the users can run the workspace and access FME functionality while being limited in modifying or altering anything.
