FME服务器安全性基于两个主要概念:
- 用户s: Users are the individual accounts that access FME Server. When FME Server is installed for the first time,default user accountsare created.
- 角色s: Roles are comprised of one or more users.
FME服务器安全性控制通过role-based要么用户-basedaccess.
Optionally, you can incorporate your organization's Active Directory groups and users into your FME Server security configuration.
基于角色的访问
角色使得基于作业函数可以轻松为多个用户分配相同的权限集。执行某些操作的权限被分配给特定的角色。反过来,这些权限适用于属于该角色的用户。
For example, a request by user用户1could be to run a workspace in the Samples repository for the Data Download Service. FME Server security grants access if any of the roles to which用户1is assigned has permission to run workspaces in the Samples repository, and also has access to the Data Download Service.
FME Server provides a set of default roles:
Click to view default roles
| 角色 | Description | 用户 |
|---|---|---|
fmeadmin |
提供对FME服务器的完全访问,包括Web用户界面。 |
“管理员”(安装期间指定的用户名) |
FMeAuthor. |
提供Workspace Authors访问FME服务器以发布,作者和测试新工作区。 |
author |
Fmeguest. |
Provides unauthenticated access to run jobs via Web Service URLs. |
guest |
| fmesuperuser | 授权访问FME服务器的所有资源,包括现有和新创建的资源。 | "administrator" |
| Fmeuser. | Provides users access to the Web User Interface and Web Services. | 用户 |
On the角色s页面的Web用户界面,管理员can:
- Create and remove roles.
- Configure users in roles.
- 配置角色权限。
On the活动目录页面的Web用户界面,管理员can integrate the organization's Active Directory groups and users into its FME Server security configuration.
用户-Based Access
Another way for FME Server to determine if a user can access a resource is whether the user owns it, or has been given permissions on it.
用户Ownership
Anything a user creates in FME Server, such as a repository, is owned by that user. When you own something, you have full permissions on it. This permission supersedes the permissions you have on other items in FME Server based on the role to which you belong.
Additionally, as an owner, you can:
- Share permissions on the items you own with other users or roles.
- Assign ownership of something to another user.
用户Permission
用户s can be granted permissions on resources, and these permissions may supersede the permissions available to them through their role. (In fact, it is not even necessary for a user to belong to a role.)
On the用户s页面的Web用户界面,管理员can:
- 创建和删除用户。
- Configure users in roles.
- Configure permissions of users.
On the活动目录页面的Web用户界面,管理员can integrate the organization's Active Directory users and groups into its FME Server security configuration.
Shared Access
Through sharing, users can be granted different levels of access to items in FME Server. An item can be shared by its owner, or by a user with Manage Security permissions, such as an administrator. Permissions on an item can be granted directly to a user, or indirectly by granting permissions to a role.
About the Trusted User Account
A special account, referred to as the trusted account, can be used to provide unauthenticated access to any component. By default, this trusted account is namedguest并被分配到Fmeguest.角色。默认情况下,Fmeguest.角色被配置为允许未经神秘的访问权限FME Server Web Services。这意味着可以在不提供任何凭据的情况下调用服务URL。
Note:If you want all of the FME Server Web Services to prompt for authentication, remove the guest account after you configure your own set of users and access control for your server.
可信用户帐户配置在每个Web服务的propertiesfile.properties文件中。如果您的FME服务器安装使用内置Apache Tomcat Servlet,则这些文件位于以下:
<FMEServerDir>\Utilities\tomcat\webapps\<服务>\WEB-INF\conf\propertiesFile.properties
要更改服务的可信帐户的用户名和密码,请配置DEFAULT_USER_ID和DEFAULT_PASSWORDparameters.
See Also