Thanks to our poor server setup, I’ve spent almost two days trying to restore all of the permissions to a working state for our farm.
We will be upgrading to 6.0 in the next month or so and I wanted to know if there was a base set of permissions required.
The doc says that “Everyone” must be able to read/write and execute files.
That is fair enough, but generally in Windows you do not want to give them the ability to “Modify” as that means that they can change file/folder permissions.
This is what caused a LOT of our grief recently.
Is there a more specific set of permissions, or any information on limiting permissions to base access?
If I can for example control who is creating projects and submitting them to deadline, can I leverage this to restrict general access?
Any assistance would be most appreciated.
Thank you,
Alexander
In Deadline 6, any file written to the repository follows a “write once, read many, delete” model, which solves a lot of the potential permission issues that can come up in version 5 and earlier. As long as you have your permission set up to do the following, you should be good:
- everyone can write to a file that doesn’t exist yet
- everyone can read an existing file
- everyone can delete an existing file
Cheers,
If you really wanted to lock things down you could also probably also remove user modify/delete permissions for:
\Submission, \Scripts, \Plugins, \Licensing, \Draft and \Backup couldn’t you?
Yup, although keep in mind that this could affect the ability to configure plugins from the Monitor, since this involves writing to the \Plugins folder (same thing for the \Events folder). But of course, you can just set permissions so that only admins can update those folders and still lock out regular users.