Separate instances of security metadata files exist for all hosting accounts created in Plesk - domains and web user hosting accounts. The files are located in the root folders of corresponding hosting accounts and contain security rules for all objects manageable by the authorized hosting account.
The following security metadata files are used by Plesk to administer security of hosted content for different hosting accounts:
%plesk_vhosts%\<domain root path>\.plesk\.security(domains)
%plesk_vhosts%\<domain root path>\.plesk\.Web.<Web user name>.security(web users)
Note: Exercise caution when changing hosting security rules by editing security metadata files. Follow recommendations in the section Customizing Hosting Security to avoid potential problems in administering hosting security policy in Plesk.