If I’m not mistaken tasks are run by workers = windows service accounts which must have an access to C drive of the server I guess. They may need an administrative privilege, I don’t know exactly, and of course access to workspace folder and repo.sqlite connectors file.
What does it mean ? Imagine a user who has the privilege to create task, he can build a project to access the C drive of the easymorph server, he can then even try to delete system files through a server task ?!
A Server worker (except for the Default worker) is a child Windows process that runs under the specified Windows account.
A worker (except for the Default worker) does NOT require:
An account with elevated privileges (i.e. admin account) or access to the C drive to operate.
Access to the repository file, space configuration files, journal, or any other system file
The Default worker is the Server service process, and therefore it has access to the system files by design.
Every worker needs to have access to user files: the projects and data files that are required by the tasks in the spaces that use the worker.
To prevent users from accessing system files:
Create a Windows account that doesn’t have access to the system files/folders. It can be but doesn’t have to be a service account or managed account, it can be any type of account.
Configure a new Server worker to use that account
Make sure the worker can access all the public folders and projects of spaces that use that worker
Isolation of users from accessing system files was one of the reasons we’ve introduced workers in the Enterprise edition of EasyMorph Server.