Admin Rights & Groups

Ntinos · November 26, 2020, 7:28am

I am the admin and i have created several groups and folders. I have for all of them the admin rights. Each group is one of my clients. The main goal is every client to upload its folders on its own. I have already create for them user name and password with which they can log in in their Nextcloud account.
My question is:
When they want to change their password, how can i have access to their folders without asking them their password?

My details are:
Operating System: Linux 5.4.0-52-generic x86_64
PHP Version: 7.4.11
Database: mysql Version: 10.5.6
Nextcloud Version: 20.0.0

j-ed · November 26, 2020, 11:00am

I would recommend to use the Impersonate app, which has designed exactly for this purpose

Ntinos · November 26, 2020, 3:23pm

thnx a lot!!
I hope with that app solution not to have problems in the future.

Ntinos · November 27, 2020, 7:38am

@j-ed is there a possibility in the future something to goes wrong with that app and then not have access to my clients? I am already using what you suggest me but i would kindly ask if there is also another solution.

kinimodmeyer · November 27, 2020, 7:57am

there can always be a problem in future with any app or the core system. the mentioned app seems quite stable so i would not worry much.

btw why you need to access their data? if you allowed to access the data then why you not add yourself to the main shares? (then it is also more transparent for your users)
don´t know where you living/hosting but keep GDPR and other rules in mind.

when your users or you not using end to end encryption you could (not should!) also access the files on the filesystem in the data directory.

Ntinos · November 27, 2020, 8:16am

Their files believe me are not critical and till now i am doing this job for them but i keep what you said.
How can i add myself to the main shares? Could you please explain?

kinimodmeyer · November 27, 2020, 8:59am

are the clients somehow departments of your company?

if yes then you could create the main folder structure of your organisation:

teamname 1 (share with group team1)
teamname 2 (share with group team2)
…

in that case technically every folder/files of the official folder structure is in your account.
the users adding then new folders/files to the official folder structure provided by you.

if someone adding new folders not to official structure it is fine IMHO that you don´t see it
because its somehow personal stuff. (impersonate / direct access on file-system sitll possible in that case)