If I create a database connection that has superuser permissions then it would bypass any permission checks the database would make for creating and dropping tables. So how do you think I might prevent a user misusing that capability?
Remove that user's permission to run that workspace on FME Server
Remove that user's permissions to access the entire repository that workspace resides in
Remove permission to access that particular database connection for that user's role
Remove from their role permission to manage database connections
If I want to deny a user access to a superuser database connection, then I (or a system admin) just removes permission to access that connection for that user's role. Well done.
Although simple, there is a major limitation to publishing data with a workspace. What do you think it is?
The data is only temporary and will be deleted once the workspace is run
The data is hidden within FME Server's system files and limited in its use
The data becomes available to anyone regardless of role and security settings
The workspace cannot be run using any other data than that's published with it
The limitation is that a dataset published in this way can only be referenced by its own workspace or workspaces run from the same repository. Even then there is no browse capability in the FME Server web interface; the source dataset parameter would need setting manually.
Incidentally, none of the other answers are true: the data won't be deleted, it isn't open to anyone (unless they have specific access to this repository), and the workspace can be run using other data if required.
I copy a workspace into a resources folder using the upload tool. What then?
I can run it by browsing the resources, selecting the workspace, and clicking run
I can run it through the Manage > Workspaces menu tools
I can run it by calling it with the FMEServerJobSubmitter transformer in FME Desktop
I can't run it because it's not properly published to a repository
Basically, if you don't publish the workspace properly, you aren't able to have Server run it.
Uploading an entire folder of files come with what restriction?
Folder upload only works on certain web browsers
Folder upload requires the folders to be zipped into a single file
Folder upload only works on Windows C: drive (not D:, E:, etc)
Folder upload requires FME Desktop to be installed on the computer being uploaded from
Folder upload works in Chrome, but not in Firefox, Internet Explorer, or any other web browser.
I can make my workspace read specific data from the resources folders - but how do I stop the end-user from being able to change that?
Remove their security permissions for the Job Submitter service
Remove their security permissions for the Resources folders
Make the source dataset parameter optional for that Reader
Delete the published parameter for that source dataset from the workspace
Yes, in the Navigator window look for a published parameter that relates to the source dataset, and remove it. The option to change the dataset will then not be presented to the user.