Is it necessary to grant an application pool identity a read permission on the web folder?

I always grant application pool identities a write-only permission on the web folder.

However, some people grant them a read-write permission.

The question is

Is it necessary to grant an application pool identity a read permission on the web folder? Does granting a write permission suffice?

Edit 1

Up to now, I have not got any problem by granting write-only permission.

Could you give a case where read permission is needed?

Edit 2

I have a data.txt in App_Data folder and in my action method I have codes as 开发者_如何转开发follows:

        using (StreamReader sr = new StreamReader(Server.MapPath("~/App_Data/data.txt")))
        {
            string text = sr.ReadToEnd();
            // do more things here.
        }

So far so good.

Edit 3

I have a folder Content containing a bunch of pdf files. Users still can download them.

Nice write up here: Why can I upload a file without IIS Write Permission?

• "Read" access controls whether the HTTP GET verb is allowed.

• "Write" access controls whether HTTP PUT verb is allowed.

Pretty sure you need Read access to get the web.config file.

Depends on your security.

Just had to grant a AppPool identity Read access to it could grab a web.config. Not positive if I've ever had to do this in the past but granting read access fixed my problem.

Never had to set write before.