Hi there,
I am looking for a way to secure my documents in my company. Is there a ay to secure some users to connect their account only in the app and not from web ?
Is there a way, once the access is reduced to app only to prevent downloading folders and pdf ? View only ?
Thanks a lot
Not sure, but probably not on a per user basis. If these users have an account, which they need in order to use the app, and if they can reach the login page, they can also log in… At least I don’t know a way to prevent browser logins only.
Somone described a workaround here… Can I setup a user as read-only? - #2 by wlanowski
But be aware that if you serve something via Nextcloud, there will also be a way to download it. Because technically the client (browser, app, whatever…) has to download it in order to be able to present it to the user. In order to prevent this, you would have to use some kind of DRM like the big streaming providers such as Netflix do. But this is not something Nextcloud can do.
Hi,
Thanks for the quick reply.
I know that there are no perfect solution cause you’ll always be able to download it in a different way.
I am working with people with little to know knowledge in the computing world. That is why narrowing the access to te android app with disabling the download button would be enough for me … But the 0 Bytes solution does not seem to work for me. I can still download the folders and the files 
Ah you’re right. That does only prevent them from uploading things…
In order to “prevent” downloading you can uncheck “Allow download” in the three dot menu of the respective share…
Maybe you can use a kind of 2FA. Then you secure it with your device and it is from web same secure than from app.
Also you can use End-to-End Encryption. It is only supported for Nextcloud apps. 
For view only you must use apps like OnlyOffice and/or Collabora with watermarking (secure view). Every HTTP-request is a download. It is not possible to prevent the download of files when you can display them in apps or web.
I looked at the “secure view” thing that you are talking about but couldn’t find how to activate it
Read this article:
https://nextcloud.com/blog/secure-view-prevent-your-shared-files-from-getting-downloaded/
The option “Hide download” is a nice feature for all shares but does not really increase the security. The user can use browser developer tools (e.g. Firefox F12, network analysis) to find the documents. Every view is a download.
Sorry i can not read your options in the screenshot.
Change language to english and post a new screenshot.
Please control your global sharing option. Access with your domain and your admin:
https://cloud.server.tld/settings/admin/sharing
(or Admin-Menu for Sharing)
Which version are you on? I’m not sure but I think they only added this feature recently for shares with “internal” users. Before it was only available for public shares / links…
@theo.villainne
There is no reshare option because you have disabled it in your global menu. I think download/not download is set to default. Which Nextcloud version do you use?
@bb77
On my server (Nextcloud 24) is an option “Hide download” and not “Allow download”. Do you know the position of the option? Which Nextcloud version do you use?
Also there are more options in Nextcloud 24.
24.0.3. But you’re right it only seems to be available on my test server which is on 24.0.3 RC1. Seems odd though, that they would introduce this with a minor release… So I’m not sure at the moment, why it isn’t available on my production instance, maybe it’s a checkbox somwhrere in the “Share” settings?
And one more thing. It seems only to be available for folders and not for a single file…
@bb77
Sorry i do not find it in Changelog - Nextcloud.
Maybe you can search it at Github and ask there. Not the question here but not good if really a change.
@theo.villainne
It’s funny that you don’t have an option to enable or disable download. Even if it does little for security.
Here a screenshot of a Nextcloud 23:
Here a screenshot of a Nextcloud 24:
Thats a screenshot of a shared link / public link. For “internal” shares the option is called “Allow download” like on my screenshot. But as I said in my previous post, I don’t have this option on my production instance with 24.0.3 either, but I have it on my test instance with 24.0.4 RC1…
@bb77
internal vs. public: ok. that makes a little bit sense of course (allow vs. hide)
Ok the changelog is for Nextcloud 24.0.3. My fault. Maybe there are some issues at Github.
I am using Nextcloud 24.0.3
Well then you probably better wait until Nextcloud 24.0.4 is out. I wouldn’t recommend installing Release Candidates on a production instance.
In order to use secure view I need either collabora or onlyoffice right ? My web server is not able to run docker, what can I use ?
I think secure view is more for professional use. Maybe you should discard this idea.
Perhaps describe in new words what your goal is. What data are we talking about? Perhaps it would make more sense to seek professional support.
I also don’t know if it would be sufficient to restrict access to Android, for example. The files are copied somewhere in the Android structure. This is not secure. I think you must access the date through secure view also on Android.
