Content Delivery security settings file system permissions
This topic describes the required file system settings for Content Delivery micoservices.
In the following table, SERVICEROOT refers to the root directory of a microservice.
| Directory | Access level for the user running the microservice | Reason |
|---|---|---|
| SERVICEROOT\bin | Read and Execute | System functionality |
| SERVICEROOT\config | Read and Write | XML configuration files , serviceName.txt |
| All file system storage locations configured in the Storage Layer configuration | Read, Write and Execute | Target to save metadata to when using file system as storage. |
| SERVICEROOT\lib | Read | SDL Tridion Sites JAR files |
| SERVICEROOT\log | Write | Logging purposes |
| HKLM\Software\JavaSoft\Java Runtime Environment | Read | Runtime check for Java environment |
| Java Runtime and SDK Environment | Read and Execute | |
| Java executable (/bin) | Read and Execute | |
| JRE / runtime libraries | Read | |
| Queue location | Modify | |
| Logging directory | Modify | |
| Input directory (incoming) for HTTP(S) | Modify | |
| Microservice root folder | Write | |
| The log folder configured in SERVICEROOT\config\logback.xml | Write | Logging purposes |
In addition, administrator-level users running the updateRepository script require Write access to the services\ subfolder of Content Service root location, so that they can write the device repository database.