The js-io-rights.conf file contains rules that permit write access to defined directories in the server file system.
Mandatory Content of the js-io-rights.conf File
Each line of the js-io-rights.conf file must contain the following information.
A plus (
+) or minus (
-) sign to indicate whether rights are permitted or denied
The read (
r), write (
w), and execute (
x) levels of rights
The path on which to apply the rights
Default Content of the js-io-rights.conf File
The default content of the js-io-rights.conf configuration file in the Orchestrator Appliance is as follows:
-rwx / +rwx /var/run/vco -rwx /etc/vco/app-server/security/ +rx /etc/vco +rx /var/log/vco/
The first two lines in the default js-io-rights.conf configuration file allow the following access rights:
Rules in the js-io-rights.conf File
Orchestrator resolves access rights in the order they appear in the js-io-rights.conf file. Each line can override the previous lines.
The default configuration allows workflows and the Orchestrator API to write to the c:/orchestrator directory, but nowhere else.
You can permit access to all parts of the file system by setting
+rwx / in the js-io-rights.conf file. However, doing so represents a high security risk.