Using FME Flow for Connection Storage in FME Form

Introduction

FME Flow can be the storage location for database and web connections in FME Form. This allows connections to be shared from an FME Flow instance amongst FME Form users. The same connections can also be used by FME Flow jobs. FME Flow administrators can prevent connections from being modified in FME Form by setting FME Flow permissions. 

For OAuth 2.0 web services that have previously required different configurations for FME Form and FME Flow, configuration only needs to be done for FME Flow. 

This article will cover permissions, enabling FME Flow as the connection storage location, and creating connections.

Requirements

• FME Flow 2025 or later. Note that:
  • Note: for OAuth 2.0 web connections and services, please use 2025.0.2 b25225 or later. In earlier builds of FME Flow 2025, it was not possible to use OAuth 2.0 web connections when FME Flow was the connection storage.
• A reliable web connection from FME Form to FME Flow

Step-by-Step Instructions

Part 1: Managing Permissions

Permissions are the most important consideration when using FME Flow as the connection storage location in FME Form, as actions taken in FME Form will impact FME Flow. The account used in the FME Flow connection determines what permissions you will have for viewing, creating, modifying, or removing connections. 

Connection permissions are managed in FME Flow. Role-based access control (RBAC) is recommended for managing permissions, where possible. FME Flow administrators and superusers have permission to manage role-based access control by default.

Apply permissions

There are two levels of connection permissions:

1. General permissions to the Connections feature. 
2. Permissions to individual connections

For example, a user in a role with permission to manage connections can edit and remove connections they have been granted Write access to. To learn more about what these permissions mean, expand Connections in the FME Flow Roles documentation.

Users with permission to manage connections must be very careful when using FME Flow as the connection storage location. Editing or removing a connection in FME Form can impact other workspaces that depend on it in FME Flow!

In FME Form 2025.0, users without permission to manage web connections can see them in FME Form, when they are not visible in FME Flow. Also, users without permission to access database connections can see database connection details when they have only run access. In both cases, edits cannot be made. These are known issues that will be resolved in a later version (see FMEFORM-33620 and FMEFORM-33621).

Share a connection

Connection owners can share their connections after they have been created. Users with permission to manage connections can also share connections they have been granted Write access to. In FME Flow, click the share icon next to the connection you want to share.

Prevent authors from creating, editing, or removing connections on FME Flow

By default, the fmeauthor role has permission to access, create, and manage connections. To restrict this, administrators can remove Create and Manage permissions.

Authors and other users can still run workspaces in FME Form and Flow with connections as long as they have Access permission and Run permission for the individual connection. For example:

This setup allows FME Form users to author and run workspaces with existing connections. However, without permission to create connections, authors need to switch to a personal or shared connection storage location in FME Form when needed. They will not be able to upload new connections to FME Flow from FME Options or when publishing a workspace to FME Flow. In this more restricted workflow, authors can provide their connection details to an FME Flow administrator who can create it on their behalf and grant the author Run permission.

Part 2: Enabling FME Flow for Connection Storage

Before enabling FME Flow connection storage, consider permissions as discussed in Part 1.

1. Open Tools > FME Options > Default Paths

2. From the Manage menu, choose Change Connection Storage

3. Choose FME Flow as the Connection Storage option

After choosing FME Flow, you can choose the FME Flow connection to use or create a new one. This connection will be created in your personal connection database, so it is not lost when you disconnect from FME Flow.

The account used in the FME Flow connection determines what permissions you will have for viewing, creating, or modifying connections. 

4. View Connections

Any database and web connections your FME Flow account has access to will be listed in FME Options under Database Connections and Web Connections, provided you are connected to the FME Flow instance.  

Part 3: Creating and Managing Connections

Provided you have permissions in FME Flow (see Part 1), the process to create, edit, or remove a connection is the same in FME Form for other types of connection storage. Please see Using Database Connections and Using Web Connections. The significant difference is the connection will be created, edited, or removed from FME Flow. 

The same is true for web services, which store the configuration used by a web connection. When configuring an OAuth 2.0 web service, however, it should be configured for FME Flow:

• The Redirect URI must be in the format <your FME Flow URL>/fmeoauth 
• Any web application-specific configuration required by the web service provider should be applied to the web service in FME Form. For example, Microsoft web services typically require that the Redirect URI is added to the web platform of an Azure app registration and that a client secret is provided.

Troubleshooting

“I don’t see my connections in the publish wizard when publishing to FME Flow. I also can’t upload connections from FME Options.”

This is expected behavior. When FME Flow is used as the connection storage, connections already exist on FME Flow, so there is no need to upload the connection.

“I receive the error ‘Deployment parameter access failed (Connection Error)’ when I try to create a connection.”

This is a known issue (FMEFLOW-24425). You need Access deployment parameter permission to create a connection on FME Flow. 

“I receive the error ‘Package install failed’ when I try to install a package.”

Click “Show Details…” and check the error details. If there is a 403 Unauthorized request, it’s likely because your FME Flow account doesn’t have permission to create connections, which means you can also not create web services. 

Many packages include web service templates. When FME Flow is set as the connection storage location in FME Form, FME Form tries to install the web service template in FME Flow. 

“I receive a ‘403 Unauthorized request’ error on the Database Connections or Web Connections tab in FME Options and I can’t see any connections listed.”

Your account has been prevented from viewing connections in FME Flow. To view connections, Access connection permission and Run permission for the individual connection are required. Speak to your FME Flow Administrator.

“I receive a ‘403 Unauthorized request’ error when I try to create, edit, or remove connections.”

Your account has been prevented from creating or managing connections in FME Flow. Speak to your FME Flow Administrator.