API impersonate users or to have access to all files/folders from all users

We need to scan all folders/files for all users in nextcloud for data classification. Is there API to impersonate users or to have access to all users data folders and files so that with just one credentials/token we could travarse all users and all folders and files? not just the files/folder from the credentials?

I’m unaware of such a kind of credentials. That would be a big security risk.

The Impersonate App can be used to log into the accounts of individual users.

If you want to scan user data, consider writing a Nextcloud app which does this (or gives you the required access credentials) or use third party software to scan the Nextcloud data directory directly. (This can be done if you have access to the server e.g. trough SSH/SFTP)

1 Like

it is possible to access to activity of all users? looks like activity api only returns user activity, for security we need to access all activity from all users and analyze files, what is best way to do this?

As i said, there is no general user independent api access. One credential to compromise all accounts is a bad idea.

Here is some ideas what you can do

Admin Audit log

Nextcloud has an Admin Audit log feature, maybe check that out. (I don’t know what it does, just that it’s there).

Nextcloud Flow

Nextcloud Flow/Workflows offers a “user-defined event-based workflow engine” so you can hook in whenever things happen. There are a lot of apps for this, including some that run external scripts or call webhooks based on events.

Other apps

There seems to be this abandoned app which allows admins to see some activities: Activities for shared file downloads, visible to all admins - Apps - App Store - Nextcloud, but it is NC 22 only.

Your own app

If those apps don’t provide the functionality you need, then consider writing your own. Nextcloud apps have access to all users, they can run code whenever any event is triggered and run background tasks e.g. to run more time intensive scans.

Just get the data from the DB

If you just want all activity data, you can also consider just dumping the database table with the activity data into a CSV.

1 Like

If you have access to the host itself, it is basically just a linux file-folder tree. Just setup your scan there on the raw files themselves.