Certain features generate related files (for example, saved web order drafts, attachments, etc). To facilitate these features, Directory Security must be configured.

Directory Security Configuration

The SAP Business One attachments folder is not typically accessible to the B1WebAPI. This folder must be updated manually as described in the section SAP Business One Attachments Directory Security below.

For a typical installation, no action is required to ensure web application folders are write-accessible. You may run into problems with file uploads (such as attachments or web orders) in the following scenarios:

  • If the Application Pool user is changed after installation. In this case, the identified folders need to be updated to use the Application Pool’s actual user.
  • If the website is installed manually by copying and pasting files. In this case, the folders will typically inherit permissions on the parent folder, which usually don’t include the needed Application Pool user.

If either of the above scenarios occur, access permissions may need to be updated manually on the application folders identified below.

Directory Security for Employee Portal

A list of the folders for Employee Portal and each folder’s purpose is found below.

Folder Description
/app_data/ The directory /app_data/Expense/ is created as part of the install and has its ACL (Access Control List) setup to allow the .NET worker process to read, write and delete files in this directory.
/customerdata/ This folder is used to save temporary web-only saved order drafts. Once the order is placed, it is deleted from this sub-folder and added as a full order in SAP Business One.
/logs/ This folder is used for logging and file permissions must be set so that logs may be updated.
/signatures/ This folder is used for signature attachments related to Delivery Signature Capture for Sales User.

Directory Security for Customer Portal

A list of the folders for Customer Portal and each folder’s purpose is found below.

Folder Description
/customerData/ This folder is used to save temporary web-only saved order drafts. Once the order is placed, it is deleted from this sub-folder and added as a full order in SAP Business One.
/logs/ This folder is used for logging and file permissions must be set so that logs may be updated.
/uploads/ This folder is used to upload attachments related to Service Calls.

B1 Config Profile Setup

As noted in the B1WebAPI installation walkthrough, ensure Attachments Directory and Temp Directory are set in the B1 Config profile. You can verify or update this using Vision33 Server Tools.

Attachments directory is used by Employee Portal features such as Sales User and Expense User.

Temp directory is used as a temporary location for uploaded web files (such as Expense attachments).

Using Vision33 Server Tools, open the B1 Config profile. Ensure that the Attachments Directory (marker 1 below) and Temp Directory (marker 2 below) are set on every profile.

For Expense User, this will allow Expense attachments (for example receipts) to be included with Expense Claims. For Sales User, this will allow Opportunity and Activity attachments to be loaded into SAP Business One.

Ensure the Attachments Directory (1) is set for each company profile.
Ensure the Attachments Directory (1) is set for each company profile.
Set the Temp Directory (2).
Set the Temp Directory (2).

SAP Business One Attachments Directory Security

The SAP Business One Attachments directory is used by advanced Portal features. Ensure the SAP Business One Attachments directory security is set properly to allow the Service to load attachments into SAP Business One.

Typically, write permissions must be granted for the user “NETWORK SERVICE”. The user can be confirmed by viewing the B1WebAPI Application Pool details in IIS, as shown below.

B1WebAPI Worker Process Identity.
B1WebAPI Worker Process Identity. Select the Application Pool for

Ensure the IIS user has Modify (write) permissions. The screenshot below shows the user NETWORK SERVICE, but this should be confirmed for each installation. Because SAP Business One files are updated by B1WebAPI and not an individual portal, this is the Application Pool to view for any attachments that need to be accessible in B1.

Temp Directory ACL.
Temp Directory ACL.