Content Delivery security settings file system permissions

This topic describes the required file system settings for Content Delivery micoservices.

In the following table, SERVICEROOT refers to the root directory of a microservice.

DirectoryAccess level for the user running the microserviceReason
SERVICEROOT\binRead and ExecuteSystem functionality
SERVICEROOT\configRead and WriteXML configuration files , serviceName.txt
All file system storage locations configured in the Storage Layer configurationRead, Write and ExecuteTarget to save metadata to when using file system as storage.
SERVICEROOT\libReadSDL Tridion Sites JAR files
SERVICEROOT\logWriteLogging purposes
HKLM\Software\JavaSoft\Java Runtime EnvironmentReadRuntime check for Java environment
Java Runtime and SDK EnvironmentRead and Execute
Java executable (/bin)Read and Execute
JRE / runtime librariesRead
Queue locationModify
Logging directoryModify
Input directory (incoming) for HTTP(S)Modify
Microservice root folderWrite
The log folder configured in SERVICEROOT\config\logback.xmlWriteLogging purposes

In addition, administrator-level users running the updateRepository script require Write access to the services\ subfolder of Content Service root location, so that they can write the device repository database.