Old Forums
Search:
Installation and deployment Questions on installation, system configuration and deployment to the live server.
Version 4.x > Installation and deployment > Exactly what file and database permissions are required? View modes: 
User avatar
Member
Member
Jeroen-insumma - 2/10/2009 7:02:11 AM
   
Exactly what file and database permissions are required?

At this moment, I see the Kentico site *should* have Modify permissions on the whole site and if I remove the db_owner role from the Kentico database account, it fails to work properly.

I think these are major issues to be resolved!
Please take care of that quickly, at least with some guidance for administrators.

Is there some guidance as to which permissions are required? For example: If I store all files in the database, do I only need to assign Write permissions to the export and import directories?

Can I create a database role and grant access to execute all stored procedures, would that be enough? I understand that the Custom Tables option will require additional permissions since it physically creates tables in the database, but exactly which permissions are required?

TIA,
Jeroen
User avatar
Kentico Support
Kentico Support
kentico_jurajo - 2/11/2009 4:45:46 AM
   
RE:Exactly what file and database permissions are required?
Hi,

It depends on what you want to do - if you want to make the development, it is good to have the modify permissions set everywhere.
If you want to publish your the site to your live server, you can restrict the access e.g. by pre-compiling the web site in Visual Studio.

There is no documentation to the permissions yet, but we are working on it. Here you can find some information about the folder structure in CMS - http://www.kentico.com/docs/devguide/folder_structure_and_importexp.htm.

Best Regards,
Juraj Ondrus

User avatar
Guest
Kioton - 2/11/2009 6:32:18 AM
   
RE:Exactly what file and database permissions are required?
Hey Juraj the way kentico is delivered today is exactly in the development model that is modify permissions set to everywhere. How complicated is to relase list of folder permission? it must take only a few hours...

However there is nothing about database related permission - which are more important. Simply I believe that kentico is not mature yet and can not be used for enterprise class business (yet).

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 2/11/2009 7:04:15 AM
   
RE:Exactly what file and database permissions are required?
Hi,

It is not that easy as it sounds - it is easy to say, yes, you can restrict the permissions for this folder. But there is need to test the CMS for any case if it won't crash due to this retriction. And also, there are many possible combinations of the permissions and restrictions, user roles (not only system users but also CMS user roles and restrictions). We do not have resources for this testing right now but we are working on it in the spare time.

Best Regards,
Juraj Ondrus

User avatar
Member
Member
Jeroen-insumma - 2/11/2009 6:36:54 AM
   
RE:Exactly what file and database permissions are required?
Hello Juraj,

Good to hear the documentation is in progress. If I would pre-compile my website, what limitations would that introduce? Can I also pre-compile the site while it's on the server already (perhaps using NGen)?

I would think about pre-compiling to have better performance.

Furthermore, do you also intent to release guidance on securing the database access? For example, can I use a SQL account with less permissions (only having read and write permissions)?

Which functionality will then no longer be available (creating custom tables etc)?

TIA,
Jeroen

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 2/11/2009 7:10:13 AM
   
RE:Exactly what file and database permissions are required?
Hi,

Here you can find the recommended way for pre-compiling the web site - http://www.kentico.com/docs/devguide/pre_compilation_publishing.htm. The limitation is that the web site won't be updatable everywhere in CMS Desk and Site Manager.

Also, we will try to include the DB permissions, but it is very hard to say - it depends on you and on the web site. It is the same question as the recommended HW configuration.

It depends what everything will be done on the web site, what are the visitors actions, which modules are you using, etc. So it is not that easy to make a document with "this yes and this not" since every web site is used in different way.

I do not want to recommend something exactly - it would be easy for me to say that you can restrict the DB access to read/write, but I do not know what everything you want to develop on your web site for further usage.
I hope you understand it.


Best Regards,
Juraj Ondrus

User avatar
Guest
Kioton - 2/11/2009 5:01:28 PM
   
RE:Exactly what file and database permissions are required?
I see in this case would be possible to release list of features in connection with necessary permission for these to work properly? Then I would be able to decide which permissions I have to set.
Or it would be great if installer or external app can set the mininum permission for me based on the features that is activated or "selected from menus" but yes this is bonus the list is just OK.

Kioton

Top