Permissions for the Tax Balance Windows Service

When you install the Tax Balance Server, you’ll have to decide whether Tax Balance should run as the Local System account, or as a custom user. t’s a good practice to set up a dedicated user account for the Tax Balance Server.

Keep in mind that the user principal that the Tax Balance service runs as needs to be able to do many things:

  1. Run as a service (“Log on as a service” rights), so that the service can start.

  2. Read and write the Octopus SQL Server Database. If the SQL database is on another server, this is a good reason to use a custom user account.

  3. Read and write from the file system (details below).

Permission

Object

Reason

Applied with

Permission

Object

Reason

Applied with

Full Control

The XBRL file cache path, e.g., C:\Temp
See: Configuring XBRL cache

Tax Balance relies on cached XBRL taxonomies and must create a mutex file to accomplish thread-safe access.

Windows Explorer

Full Control

The log folder, e.g. C:\temp
Configured in appsetting.json

Tax Balance stores logs at the designated location.

Windows Explorer

Read

The directory Tax Balance was installed

Tax Balance needs these files to run.

Windows Explorer

Listen

Port 443, or whatever port is configured.

If using SSL, the Tax Balance Server responds to browser requests on this port.

netsh.exe

Listen

Port 80, or whatever port is configured.

The Tax Balance Server responds to browser requests on this port.

netsh.exe

db_owner

For the SQL database. Learn more.

Tax Balance needs to able to manage its database, including making schema changes.

SQL Server Management Studio