Permissions for the Tax Balance Windows Service
- CBE
When you install the Tax Balance Server, you’ll have to decide whether Tax Balance should run as the Local System account, or as a custom user. t’s a good practice to set up a dedicated user account for the Tax Balance Server.
Keep in mind that the user principal that the Tax Balance service runs as needs to be able to do many things:
Run as a service (“Log on as a service” rights), so that the service can start.
Read and write the Octopus SQL Server Database. If the SQL database is on another server, this is a good reason to use a custom user account.
Read and write from the file system (details below).
Permission | Object | Reason | Applied with |
|---|---|---|---|
Full Control | The XBRL file cache path, e.g., | Tax Balance relies on cached XBRL taxonomies and must create a mutex file to accomplish thread-safe access. | Windows Explorer |
Full Control | The log folder, e.g. | Tax Balance stores logs at the designated location. | Windows Explorer |
Read | The directory Tax Balance was installed | Tax Balance needs these files to run. | Windows Explorer |
Listen | Port 443, or whatever port is configured. | If using SSL, the Tax Balance Server responds to browser requests on this port. | netsh.exe |
Listen | Port 80, or whatever port is configured. | The Tax Balance Server responds to browser requests on this port. | netsh.exe |
db_owner | For the SQL database. Learn more. | Tax Balance needs to able to manage its database, including making schema changes. | SQL Server Management Studio |