File Access Permissions

Parent Previous Next

File Access Rights

If you are in a larger company, you should set file access rights.


The table shows typical file access rights, some are required (like executable rights), some are optional (like no write access for default artists).


Inherit permissions:

You should always start from the root directory, set the permissions there, enable inheritable permissions and replace permissions for all child objects.


Windows:

To change permissions: right-click on an folder, "Properties", "Security" Tab, then you should use the "Advanced" button.






There are five kinds of users:

Everyone/ Artists

All following users types are part of this "Everyone" user group

Artists submit and check jobs.

They do not change global RR settings. (But submitter defaults settings)


Admin

You need one user that is allowed to write/change all data, including the executables. 
This user is required for updates only.

Tech

Technical Staff Members. 
They are allowed to change all RR settings.

rrService user
(can be same as "Tech" for a simpler setup)

The user that was set in the workstation installer for the rrService.
All Clients and the Server runs with this user account.

Plugin TD
(can be same as "Tech" for a simpler setup)

If you want to allow TDs to write and modify RR plug-ins, 
but not the configuration of RR.



The access rights/permissions used in the following table are:

R

Read access (this includes the eXecute right on linux for folders, otherwise you cannot read the dir listing)

W

Write/Create/Change Access

X

Execute files (Linux and OSX only)






We describe two types of permission setups:



A) Permissions with 5 user types/groups (Windows)

In this case "A (Windows)", we ignore the "Execute" permission as it is the same as "Read" on Windows.

And we do not specify the "Read" permissions as everyone need to read all files.

       

RR network folder - Everyone/Artists

Folder

Permissions


[RR]\inhouse

 W

Used by custom scrips/jobs to create excel tables with some information/statistics.

[RR]\sub\cfg_user

 W

Artists are allowed usually to write files in there. This folder is for

  • userInformation.htm:
    Informations for users shown in rrControl and rrSubmitter, changeable via the rrControl menu.

  • flipbooks.txt:
    Commandlines for the flipbooks executed if an artist uses the "play" button.

  • clientgroups.ini:
    Config file that saves the client groups.

  • executables.txt:
    File to define the executables that should be used for displaying html files, quicktimes and folders

  • submitter_prj_[ProjectName].txt
    submitter_usr_[UserLoggedIn].txt
    submitter_mac_[MachineName].txt
        Config files for the default setting at the submitter. 

[RR]\rrJobData

 W

Job data folder. Used for html files, render log files, image caches, ...
If an artists resets or deletes a job via rrControl, rrControl needs to delete the files in the website folder of that job

[RR]\sub\log_user

 W

Application log files of apps that artists may start. (not rrClient and not rrServer)

RR v8 only:
[RR]\sub\log

 W

Application log files of Royal Render v8.



Optional: 
In case that you start the rrClient in application mode, 

then your everyone (who starts the rrClient) needs access to:

Folder

Permissions


[RR]\sub\stats\clients

 W

Statistic files of the rrClients




RR network folder - Admin

Folder

Permissions


[RR]

 W

Allowed to change all files for an update 



RR network folder - rrService user

Folder

Permissions


[RR]\sub\cfg_global

 W

Global RR settings. 
The rrServer changes the client list.

[RR]\sub\stats

 W

Statistic files of the rrServer and rrClients

[RR]\sub\history_db

 W 

The rrServer saved deleted jobs into these files.



RR network folder - Tech

Folder

Permissions


[RR]\autoload

 W

Used by updater and rrServerWatch to send commands to the rrServer.
(Or by skilled Tech users)

[RR]\sub

 W

This folder contains multiple subfolders:

  • cfg_global_ 
    Global RR settings. 
    Artists usually do not need to change RR settings, but all apps read the settings.
    (You can allow them to change settings by giving write access to some files in there) 
  • cfg_user: 
    Settings that artists are allowed to create
  • history_db: 
    Contains all jobs that have been deleted from the RR job queue.



RR network folder - Plugin TDs

Folder

Permissions


[RR]\plugins

[RR]\plugins64

W

RR plugin files.
Instead of allowing write access to all subfolders, you could pick some that your TDs are allowed to change.

[RR]\render_apps

W

This folder contains all settings for render applications.
Commandlines, Submission Plugins, Render Plugins, ...




B) Owner-group-everyone permission setup (Linux)


In this case, we ignore the user group "Plugin TDs".

In case you need such a user group, please create a user group for "Tech + rrService + Plugin TDs"

See permission table "Plugin TDs" above where to change the group of the folder to this group.

And allow write access for the group for these folders.



RR network folder

Folder

Admin

"Tech+rrService" group

Everyone


[RR]

RWX

 R

 R

Root folder, everyone needs to be able to read it. 

[RR]\*.bat

[RR]\*.sh 

RWX

 R X

 R X

Startup scripts, everyone need to execute them

[RR]\autoload

RWX

 RW

 R

Used by updater and rrServerWatch to send commands to the rrServer. (Or by skilled Tech users)

[RR]\bin

RWX

 R X

 R X

RR executable files   
(recommended to write protect for group because of virus attacks)

[RR]\inhouse

RWX

 RW

 RW

Used by custom scrips/jobs to create excel tables with some information/statistics.

[RR]\plugins

[RR]\plugins64

RWX

 R X

 R X

RR plugin files  
(recommended to write protect for group because of virus attacks)

[RR]\sub\cfg_global

RWX

 RW

 R

Global RR settings. 

Artists  do not need to change RR settings.

All apps read the settings.

(You can allow them to change settings by giving everyone write access to some files in there) 

[RR]\sub\cfg_user

RWX

 RW

 RW

Artists are allowed to write files in there. This folder is for

  • userInformation.htm:
    Informations for users shown in rrControl and rrSubmitter, changeable via the rrControl menu.

  • flipbooks.txt:
    Commandlines for the flipbooks executed if an artist uses the "play" button.

  • clientgroups.ini:
    Config file that saves the client groups.

  • executables.txt:
    File to define the executables that should be used for displaying html files, quicktimes and folders

  • submitter_prj_[ProjectName].txt
    submitter_usr_[UserLoggedIn].txt
    submitter_mac_[MachineName].txt
        Config files for the default setting of the submitter. 

[RR]\rrJobData

RWX

 RW

 RW

Job data folder. Used for html files, render log files, image caches, ...
If an artists resets or deletes a job via rrControl, rrControl needs to delete the files in the folder of that job




Local Data Folder permissions

The Local Data Folder is created on every machine that runs the client.

As it contains rendered images and scene files, you can restrict the access rights.

Only the client requires to read that folder and sub-folders.


Folder

rrService

Tech

Artists

../rrLocalData

RW