Everyone

Artists submit and check jobs.

They do not change global RR settings. (But submitter defaults settings)

Note that "everyone" contains the other user types like Admin/Tech/... as well.

Admin

You need at least one user that is allowed to write/change all data, including the executables. 
This user is required for updates only.

rrService user

The user that was set in the workstation installer for the rrService.

All Clients and the Server runs with this user account.

Tech  (optional)

Technical Staff. 
They are allowed to change RR settings.
You may use Admin users instead.

Plugin TD  (optional)

If you want to allow TDs to write and modify RR plug-ins, 
but not the configuration of RR.

You may use Admin users instead.

R(ead)

Read access (this includes the eXecute right on linux for folders, otherwise you cannot read the dir listing)

W(rite)

Write/Create/Change Access

X (execute)

Execute files
(Linux and OSX only. On Windows it is the same as "Read")

Optional

You may or may not require to apply these access rights.
Please read the description for more information.

Optional Tech / Plugin TD

If you do not have any Tech or Plugin TDs, then these settings are NOT required.
Because instead of having a new user group for Tech and/or Plugin TDs, 

you could simply use an Admin user to change files and configurations.

In this case ignore these access rights.

Folder

Permissions

Description

[RR]

Read - Everyone

Write - Admins

Everyone requires to read all files.
Admins change files during an update.

[RR]\  rrJobData

Write - rrService user
Write - Everyone  (optional, but recommended)

Job data folder. 

Used for html files, render log files, image caches, ...

If an artists resets or deletes a job via rrControl, 

rrControl tries to delete the folder of that job.

If rrControl can not delete the files due to a missing right, 

the rrServer deletes the files instead (slower).

[RR]\  sub

Write - Tech
Write - rrService user (optional)

Note: 
This folder contains multiple subfolders and files.

You can choose to allow write access to some config files or folders only.
Even for artists to e.g. update their password in rrConfig/rrLogins.

Optional: You may allow the rrService user to write all files.
Instead of applying write access to some folders only (as stated below:)

[RR]\  sub\   cfg_global

Write - rrService user

Write - Tech
Write - Everyone

The rrServer requires to save config files like the client list.

Write access is required for everyone who should be allowed to change rrConfig settings.
You may allow write settings for some selected files only.

[RR]\  sub\   history_db

Write - rrService user

The rrServer exports deleted jobs into these databases.

[RR]\  sub\   log
[RR]\  sub\   stats

Write - rrService user
Write - Everyone (optional)

Contains app log files and statistic files of the rrServer and rrClients.

In case that you start the rrClient in application mode (and not as background service), 

then everyone (who starts the rrClient) requires access to these two folders.

[RR]\  inhouse

Write - Everyone

May be used by custom scrips/jobs to create excel tables with some information/statistics.
(See rrSubmitter menu Scripted Jobs)

[RR]\  sub_artists

Write - Everyone

Artists are allowed to write files in there. 
This folder is for

• Log files of manually started apps like rrSubmitter or rrCloudManager.
  
  
• userInformation.htm:
  Informations for users shown in rrControl and rrSubmitter, changeable via the rrControl menu.
  
  
• flipbooks.txt:
  Commandlines for the flipbooks executed if an artist uses the "play" button.
  
  
• clientgroups.ini:
  Config file that saves the client groups.
  
  
• executables.txt:
  File to define the executables that should be used for displaying html files, quicktimes and folders
  
  
• Config files for the default setting at the submitter. 
  submitter_prj_[ProjectName].txt
  submitter_usr_[UserLoggedIn].txt
  submitter_mac_[MachineName].txt
  
  
• rrControl UI layout presets

[RR]\  autoload

Write - Tech

Used by updater and rrServerWatch to send commands to the rrServer.

e.g. Restart rrServer.

[RR]\  plugins

[RR]\  plugins64

Write - PluginTDs

Plugin files for RR applications

[RR]\  render_apps

Write - PluginTDs

This folder contains all settings for render applications.

Commandlines, Submission Plugins, Render Plugins, ...

[RR]\  sub_server\

Remove Everyone (optional)
Read/Write - rrService user

In case you do not want someone else than the rrServer to read the job database, 

then you have to remove READ access for everyone beside the rrServer rrService user.

Folder

Admin user

User Group
"Tech + rrService + Plugin TDs" 

Everyone

[RR]

RWX

 R

 R

[RR]\ *.bat

[RR]\ *.sh 

RWX

 R X

 R X

[RR]\ autoload

RWX

 RW

 R

[RR]\ bin

RWX

 R X

 R X

[RR]\ inhouse

RWX

 RW

 RW

[RR]\ sub_artists

RWX

 RWX

 RWX

[RR]\ sub_server\

RWX

 RWX

 (none)

[RR]\ rrJobData

RWX

 RW

 RW ( Write is optional, but recommended)

[RR]\ plugins

[RR]\ plugins64
[RR]\ render_apps

RWX

 RW

 R

[RR]\ sub

RWX

 RW

 R

Folder

rrService

Tech

Artists

C:\rrLocalData
/usr/local/rrLocalData

RW