By default, system built-in Network Service account is used to run VisualSVN Server service and all the required permissions are assigned to this account automatically during the installation. But you might want to run VisualSVN Server service under a dedicated user account. This improves VisualSVN Server service isolation from other services that can be run under Network Service built-in account. In this case, you should grant this dedicated account the required permissions manually. This article describes all access permissions required to run VisualSVN Server.

List of permissions required to run VisualSVN Server

The following NTFS permissions should be granted on the computer where VisualSVN Server is installed:

Object Account Permission
C:\Repositories\ ServiceAccount Modify
C:\ ServiceAccount Read & Execute
C:\Program Files\ ServiceAccount Read & Execute
C:\Program Files\VisualSVN Server\ ServiceAccount Read & Execute
C:\Program Files\VisualSVN Server\certs\ ServiceAccount Read & Execute
C:\Program Files\VisualSVN Server\bin\ Network Service Read & Execute
Note
Note If you have very strict security policy and do not want excessive permissions to be granted to any account, grant nonrecursive permissions for C:\ and C:\Program Files\ folders.

ServiceAccount is the account under which VisualSVN Server service is running (Network Service built-in system account by default).

Note that permissions are listed for the case where VisualSVN Server installation is performed by default, i.e.:

  • VisualSVN Server is installed into C:\Program Files\VisualSVN Server\ folder;
  • Repositories are stored in C:\Repositories\ folder on the same computer.

If you perform installation with the default settings and the default security policy settings applied to your computer, all permissions are assigned automatically. You should configure the required permissions manually in the following cases:

  • Repositories are stored remotely on a network share. In this case, ServiceAccount should have "Modify" NTFS permission and "Read" and "Change" share permissions on the remote storage folder. See KB22 for details on setting VisualSVN Server to store repositories remotely.
  • VisualSVN Server is installed to an alternative location. In this case, permissions for the parent folders of the installation folder should be configured manually.
  • VisualSVN Server service is configured to run under a dedicated user account. See KB24 for details on setting up VisualSVN Server service to run under a dedicated user account.

How to check permissions

To check account permissions on the specific folder:

  1. Open Windows Explorer and browse to the required folder.
  2. Right-click the folder name and select Properties.
  3. Select the Security tab to see the list of permissions for that folder.
  4. Check whether the account name is in the list of accounts and check boxes next to the corresponding permissions are selected.

How to assign permissions

To assign permissions on the specific folder to account:

  1. Open Windows Explorer and browse to the required folder.
  2. Right-click the folder name and select Properties.
  3. Select the Security tab.
  4. If you are using Windows Vista/Server 2008, click Edit (skip this step otherwise).
  5. Click Add, type the account name, and click OK.
  6. Select the required permissions check boxes and click OK to save changes.

Last Modified: