File System permission for the BizTalk Server 2004 to 2020 File Adapters

by | Sep 10, 2023 | BizTalk Community Blogs via Syndication

This post was originally published here

Today, I will bring back to life another old BizTalk Server blog post, the last one, written by an old friend of mine, Thomas Canter, with his permission, that I find pretty interesting and helpful: File System permission for the BizTalk Server 2004 to 2010 File Adapters – be aware that I rename it to File System permission for the BizTalk Server 2004 to 2020 File Adapters. This was initially published on http://geekswithblogs.net/ThomasCanter, now retired.

I’m sure that over time, you’ve run into the dreaded File transport does not have read/write privileges for receive location error.

Usually, you simply go to the folder and either give the BizTalk Account Full Permission (bad) or Everyone Full Permission (really bad).

So, what are the absolute minimum permissions required for a production environment?

Receive File Adapter

For the Receive File Adapter, the explicit permissions are:

NTFS Attribute Property Name
DELETE Delete Files
FILE_READ_DATA List Folder / Read Data
FILE_WRITE_DATA Create Files / Write Data
FILE_APPEND_DATA Create Folders / Append Data
FILE_READ_EA Read Extended Attributes
FILE_WRITE_EA Write Extended Attributes
FILE_DELETE_CHILD Delete Subfolders and Files
FILE_READ_ATTRIBUTES Read Permissions
FILE_WRITE_ATTRIBUTES Write Attributes

How does this translate into what to do in the System?

Right-clicking on the folder and select Properties. In the security tab, setting Modify is not enough, though you would think so:

Strangely enough, the Delete Subfolders and Files attribute is not set when the Modify property is set. You need to add the FILE_DELETE_CHILD Delete Subfolders and Files Attribute:

Once you have added the Delete Subfolders and Files check box, you will have the minimum permissions for the file receive adapter.

Send File Adapter

The permission for the File Send adapter depends on what properties you have set in the Adapter’s Advanced properties:

If you have the Use temporary file while writing flag un-checked, then all you need are:

NTFS Attribute Property Name
FILE_WRITE_DATA Create Files / Write Data

If you have the Use temporary file while writing flag checked, then the flags you need are:

NTFS Attribute Property Name
DELETE Delete (or Delete Files)
FILE_WRITE_DATA Create Files / Write Data
FILE_DELETE_CHILD Delete Subfolders and Files
FILE_READ_ATTRIBUTES Read Permissions

Note: I couldn’t get the original pictures in good quality, so I decided to create and update the pictures to the current days but keep the essence of the original ones.

Hope you find this helpful! So, if you liked the content or found it helpful and want to help me write more content, you can buy (or help buy) my son a Star Wars Lego! 

Author: Sandro Pereira

Sandro Pereira lives in Portugal and works as a consultant at DevScope. In the past years, he has been working on implementing Integration scenarios both on-premises and cloud for various clients, each with different scenarios from a technical point of view, size, and criticality, using Microsoft Azure, Microsoft BizTalk Server and different technologies like AS2, EDI, RosettaNet, SAP, TIBCO etc.

He is a regular blogger, international speaker, and technical reviewer of several BizTalk books all focused on Integration. He is also the author of the book “BizTalk Mapping Patterns & Best Practices”. He has been awarded MVP since 2011 for his contributions to the integration community.
View all posts by Sandro Pereira