Permissions on the API Gateway File

Document ID : KB000113627
Last Modified Date : 12/09/2018
Show Technical Document Details
The config file (/opt/SecureSpan/Gateway/node/default/etc/conf/ has global read permissions. The customer's security team wanted to restrict file access to a specific user and remove global read access.

Can they change the file's default permissions without affecting the functionality of the product?
On a high-level, there doesn't appear to be an issue with removing the global read permissions. If you ever have to do a Gateway restoration, you may be unable to connect to the Policy Manager because there are no read permissions on that file.

Reference: Problem: Gateway is not running properly after a restore

The file does contain the Java path and encrypted password for the gateway cluster. Global users can't edit the file so it should be OK to leave it as is.