Use the Edit Feature Permissions dialog box to configure the access policy that specifies the type of feature rights allowed for handlers at the Web server, site, application, directory, or file levels in IIS. The feature rights that you can enable or disable in the access policy are: read, scripts, and execute. The access policy, together with a handler's required access setting, determines whether a handler can run. If a handler requires a type of feature right that is not enabled in the access policy, the handler will be disabled and all requests that are processed by that handler (based on the handler mapping) will fail, unless there is another handler that can process the request.

When you select an option in the Edit Feature Permissions dialog box, the State column on the Handler Mappings page displays Enabled for the handlers that are enabled by the selection. Similarly, when you clear a selection in the Edit Feature Permissions dialog box, the State column on the Handler Mappings page displays Disabled for the handlers that are disabled by the selection. You can preview the handlers that are enabled or disabled by viewing the Handler Mappings page, and then clicking OK to dismiss the Edit Feature Permissions dialog box. If you click Cancel instead of OK, the changes that you make in the dialog box will not be saved.

Note

To configure the required access setting for a handler, you can edit the handler mapping and click Request Restrictions to configure the setting on the Access tab.

For example, you might enable Read and Scripts at the Web server level, but decide to disable Scripts for a specific site that serves only static content. This prevents the server from running scripts for that site if a user adds a handler mapping for a script or executable at the site level.

UI Element List

Element NameDescription

Read

Select the Read check box to enable handlers that require read access to a virtual directory or clear the Read check box to disable handlers that require read access to a virtual directory. You should enable read in an access policy if you want to serve static content, or want to configure default documents and directory browsing. By default, read permissions are enabled.

Scripts

Select the Scripts check box to enable handlers that require script rights to a virtual directory or clear the Scripts check box to disable handlers that require script rights in a virtual directory.

Execute

Select the Execute check box to enable handlers that require execute rights in a virtual directory or clear the Execute check box to disable handlers that require execute rights in a virtual directory. The Execute check box is enabled only when the Scripts check box is selected. You should enable execute in an access policy only if you want to enable executable files, such as .exe, .dll, and .com files, to run in addition to scripts.

Important

For security and performance reasons, you should enable executable rights only for programs that you have tested and that your applications require.

See Also


Table Of Contents