Following the instructions in this questions I can successfully change the permissions for the application pool identity
However, after I publish the web app...
The application pool identity's has been reset to just Read
How can I give the application pool identity full permissions even after I re-publish the web app? The same behavior also occurs if I give IUSR full permissions.
As far as I know, if you use Web Deploy from Visual Studio, the publish will overwrite the ACLs on the server by clearing them to the inherited defaults of the parent.
To avoid update ACL each time when you publish your web application.
You could try to add below command in your PublishProfiles's pubxml.
Details publish profile as below:
Then you will find the permission will not be changed after you publish the application.