Managing Security Tokens

Select the User Settings icon > Manage Token.

Access to FME Flow is controlled through security tokens. Use the Token Management page to work with security tokens in the following ways:

API Tokens: For development purposes, you can create and manage tokens that allow unauthenticated access to FME Flow.
Session Tokens: Session tokens are created automatically when you log on to FME Flow.
All Tokens: Users with Manage permission in User Management can view and manage the tokens of all users.

Working with API Tokens

For development purposes, you can create and manage tokens that allow unauthenticated access to FME Flow.

To get started, select the API Tokens tab.

To Create an API Token

Click New or, to duplicate an existing token, select it and click Actions > Duplicate.
On the Create (or Duplicating) API Token page, specify a token Name, Description (optional), Expiration, and Enabled status.
To grant the user of the token all permissions of the current user, slide the All Permissions control to the right. Otherwise, configure the permissions as desired.

Warning To guarantee the security of the FME Flow, ensure a token's permissions are configured so that it can be used only for its intended purpose, such as running a particular workspace.

About permissions in FME Flow

Analytics

Permission	Description	Roles Granted This Permission, by Default
Access	Access Analytics.	fmeadmin, fmesuperuser

Automations

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Automations page, and list workflows and tags.	fmeadmin, fmeauthor, fmesuperuser
Create	Create automations.	fmeadmin, fmeauthor, fmesuperuser

Individual Automations:

Read: View a workflow and its log file.
Write: Edit or remove a workflow.
Run: Start and stop a workflow.
Apps: Run a workflow through an automation app.
Webhooks: Access a URL generated by a Webhook trigger that requires authentication.

Note Automations requires additional permissions. You are prompted to grant any additional permissions that are required.

Broadcast Messages

Permission	Description	Roles Granted This Permission, by Default
Manage	Access and manage Broadcast Messages.	fmeadmin, fmesuperuser

Connections

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Database Connections and Web Connections pages.	fmeadmin, fmeauthor, fmesuperuser
Create	Create connections.	fmeadmin, fmeauthor, fmesuperuser
Manage	Access, create, and remove connections.	fmeadmin, fmeauthor, fmesuperuser

Individual Connections:

Access: Manage web services.

Dashboards

Permission	Description	Roles Granted This Permission, by Default
Access	Access the Dashboards page.	fmeadmin, fmeauthor, fmesuperuser

Deployment Parameters

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Deployment Parameter Store.	fmeadmin, fmeauthor, fmesuperuser
Create	Create deployment parameters.	fmeadmin, fmeauthor, fmesuperuser

Individual deployment parameters:

Read: Access a deployment parameter.
Write: Edit a deployment parameter.
Remove: Remove a deployment parameter.

Flow Automation Apps

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Automation Apps page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create automation apps.	fmeadmin, fmeauthor, fmesuperuser

Individual Automation Apps:

Run: Run an automation app.
Read: Access an automation app.
Write: Edit or remove an automation app.

Flow Gallery Apps

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Gallery Apps page	fmeadmin, fmeauthor, fmesuperuser
Create	Create gallery apps.	fmeadmin, fmeauthor, fmesuperuser

Individual Gallery Apps:

Run: Open links in a gallery app.
Read: Access a gallery app.
Write: Edit or remove a gallery app.

Flow Workspace Apps

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Workspace Apps page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create workspace apps.	fmeadmin, fmeauthor, fmesuperuser

Individual Workspace Apps:

Run: Run a workspace app.
Read: Access a workspace app.
Write: Edit or remove a workspace app.

Jobs

Permission	Description	Roles Granted This Permission, by Default
Access	Access the Jobs page to view the jobs you have run, or cancel any of your jobs that are currently running or in queue.	fmeadmin, fmeauthor, fmeguest, fmesuperuser, fmeuser
Manage	Access and manage the jobs of all users. You can: Cancel any job that is currently running. Remove the history of jobs that were previously run.	fmeadmin, fmesuperuser

Licensing & Engines

Permission	Description	Roles Granted This Permission, by Default
Manage	Licensing, Engines, and Deployment Status (Deprecated).	fmeadmin, fmesuperuser

Note Licensing permission also requires membership in the fmesuperuser role.

Network Configuration

Permission	Description	Roles Granted This Permission, by Default
Manage	Access Network & Email configurations, except Services.	fmeadmin, fmesuperuser

Packages

Permission	Description	Roles Granted This Permission, by Default
Access	Add FME packages to Projects.
Upload	Publish FME packages from FME Form to FME Flow and remove existing packages.	fmeadmin, fmeauthor, fmesuperuser

Projects

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Projects page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create projects.	fmeadmin, fmeauthor, fmesuperuser

Individual Projects:

Read: View information about a project.
Write: Edit a project.
Delete: Delete a project, or delete items from a project.

Note Access or Create permission is not required to have Read/Write/Delete permission on individual projects. These tasks can still be accomplished with the REST API.

Publications

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Publications page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create Notification Service Publications.	fmeadmin, fmeauthor, fmesuperuser

Individual Publications:

Read: View information about a publication.
Write: Edit a publication.
Remove: Delete a publication.

Queue Control

Permission	Description	Roles Granted This Permission, by Default
Manage	Access to Queue Control, except engine assignment rules (also requires Manage permission in Licensing & Engines).	fmeadmin, fmesuperuser

Repositories

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Workspaces page. Note Access permission is not required to run a workspace. Only Run permission on the applicable repository is required (see below).	fmeadmin, fmeauthor, fmesuperuser
Create	Create repositories.	fmeadmin, fmeauthor, fmesuperuser

Individual Repositories:

Download: Download workspaces and other repository items from FME Flow into FME Workbench.
Read: View repository information.
Publish: Publish workspaces and other items to the repository from FME Workbench.
Run: Run repository workspaces from FME Flow.

Note Users must also have Allow permission on the applicable service (see Services) when running workspaces.

Remove: Remove a repository, or remove items from a repository.

Note You must uncheck all five permissions to completely remove a role from membership with a repository.

Resources

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Resources page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create connections to network resources.	fmeadmin, fmesuperuser

Access: Access the Resources page.
Create: Create connections to network resources.

Individual Resource connections (top-level folders):

Access: Read and download a file.
List: List the folders and files of a resource.
Write: Write to files.
Upload: Upload files.
Remove: Delete files.

Run Workspace

Permission	Description	Roles Granted This Permission, by Default
Access	Access the Run Workspace page.	fmeadmin, fmeauthor, fmeguest, fmesuperuser, fmeuser
Advanced	Access Job Directives when running workspaces.	fmeadmin, fmeauthor, fmesuperuser

Schedules

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Schedules page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create schedules.	fmeadmin, fmeauthor, fmesuperuser

Individual Schedules:

Full Access: Edit or delete a schedule.

Security Configuration

Permission	Description	Roles Granted This Permission, by Default
Manage	Access to Security configurations.	fmesuperuser

Services

General Permission	Description	Roles Granted This Permission, by Default
Manage	Configure the FME Flow services.	fmeadmin, fmesuperuser

Individual Services:

Full Access: Manage FME Flow services.

Streams

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Streams page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create streams.	fmeadmin, fmeauthor, fmesuperuser

Individual Streams:

Read: View a stream.
Write: Edit or remove a stream.

Subscriptions

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Subscriptions page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create Notification Service Subscriptions.	fmeadmin, fmeauthor, fmesuperuser

Individual Subscriptions:

Read: View information about a subscription.
Write: Edit a subscription.
Remove: Delete a subscription.

System Cleanup

Permission	Description	Roles Granted This Permission, by Default
Manage	Configure system cleanup.	fmeadmin, fmesuperuser

System Events

Permission	Description	Roles Granted This Permission, by Default
Manage	Configure System Events.	fmeadmin, fmesuperuser

Topics

General Permission	Description	Roles Granted This Permission, by Default
Access	Access the Topics page.	fmeadmin, fmeauthor, fmesuperuser
Create	Create topics.	fmeadmin, fmeauthor, fmesuperuser

Individual Topics:

Read: View information about a topic.
Write: Edit a topic.
Publish: Publish notifications to a topic.
Remove: Delete a topic.

User Management

Permission	Description	Roles Granted This Permission, by Default
Manage	Configure users and roles.	fmeadmin, fmesuperuser

Version Control

Note Version Control must be enabled to view these permissions.

Permission	Description	Roles Granted This Permission, by Default
Access	Commit versions and view repository history.	fmeadmin, fmeauthor, fmesuperuser
Manage	Enable version control and configure with a remote Git repository.	fmeadmin, fmesuperuser

Click OK.
Click Download to save the token. After the token downloads, click OK.

Working with Session Tokens

When you log in to the Web User Interface, FME Flow grants you a security token to use the Interface for a period of 30 minutes. However, FME Flow automatically extends this period if you remain logged in for more than 20 minutes and your browser window remains open. To view your token ID and expiration, select the Session Tokens tab.

To remove, disable, or enable an active session token, select it and click Actions > Remove, Disable, or Enable. To remove an expired token, select it and click Remove.

Note Expired session tokens cannot be enabled or disabled.

Working with All Tokens

Users with Manage permission in User Management can view and manage the tokens of all users. To view all user tokens, select the All Tokens tab. Under Filters, you can limit your view by token owner, type (API or Session), and status (Active or Expired).

To duplicate, remove, disable, or enable a token, select it and click Actions > Duplicate, Remove, Disable, or Enable.

If the token is an API token, you can click on it to view and edit its properties and permissions. For more information, see Working with API Tokens, above.