Experience Optimization file system permissions on presentation side
Various file system locations require differing levels of system access for different user accounts.
Account
The following table summarizes the Experience Optimization subsystem and services user accounts. The names of the users in the User account column are suggestions; you are free to choose your own user account names.
| User account | Description |
|---|---|
WebUsers | The user of your website, for example IUSR for anonymous users in IIS. |
xouser | Experience Optimization API user and web service API user |
xodeployer | Experience Optimization Deployer Extension user |
File system permissions
The following table summarizes file system settings for Experience Optimization and running on the presentation side and the permissions required. It is assumed that the permissions are inherited in all subfolders and only overridden in a subfolder if it is specifically listed.
| Location | Access level | Reason |
|---|---|---|
| C:\ (Windows only) | All users require Read access. | Proper system functionality (instantiate objects, open folders) |
| Website folders | Read and Execute access for WebUsers. | Needed to access the pages on your website. |
| %TRIDION_HOME%\config or %WEBSITE%\config | Read access for the following users:
| Reading of configuration files. |
| %TRIDION_HOME%\lib or %WEBSITE%\lib | Read access for the following users:
| Calling the Experience Optimization and Content Delivery APIs. |
| Log directory (configurable) | Write access for the following users:
| Log files are stored here (as configured in logback.xml). |
| Google Analytics Private Key directory (The location of the P12 Key generated when you set up your Project) | Read access for WebUsers (For Experience Optimization web service and website) | For the website to collect and store statistics associated with this project. For the Experience Optimization web service to retrieve and display statistics in Targeting Dashboard. |
| Java executable (\bin) | Read and Execute access for the following users:
| Needed to run the Java code
|
| JRE / runtime libraries | Read access for the following users:
| Needed to run the Java code
|