Can the permissions for the files and directories be safely updated without affecting the Web client?

What are the minimal permissions that we can use to permit to run the web client?

Is it enough to have the owner of the identified files/directories be the same ID as the ID that runs the VSP Web Client STC? 

The install folder is not used by VANWEBUI, as long as you have configured Tomcat logs folder there.

For runtime and webclientdb/datadb, the owner who is running VANWEBUI should have all permissions (7). You can remove other access if you want as long as the group/other users have at least read access. 

During installation, the runtime and webclientdb folders should have 775 access granted. Thereafter you can change the Group/Others to the lower permissions such as 4. (example 744)

Therefore, applying chmod 775 to a file or directory in USS allows the owner and the file's group full read, write, and execute access, while other users can only read and execute (or search, in the case of directories). 

The 775 permission value, in octal representation, signifies the following:
Owner (first 7): Grants read (4), write (2), and execute (1) permissions, totaling 7.
Group (second 7): Grants read (4), write (2), and execute (1) permissions, totaling 7.
Others (third 5): Grants read (4) and execute (1) permissions, totaling 5.