Feiner einstellbare Berechtigungen in Nextcloud dringend nötig / Finer-grained permission control in Nextcloud urgently needed

srrprojects · October 11, 2025, 5:20pm

Hallo zusammen,

ich arbeite seit einigen Jahren mit Nextcloud in Kundenprojekten und stoße immer wieder auf dasselbe Problem:

Die Berechtigungen in Gruppenordnern sind zu grob und lassen sich nicht praxisgerecht anpassen.

Konkret:

Wenn man das Recht „Löschen“ deaktiviert, können Benutzer auch keine Dateien umbenennen oder verschieben.

Das liegt daran, dass Nextcloud diese Aktionen technisch als „move operation“ behandelt. Verständlich aus Sicht des Dateisystems – aber im Arbeitsalltag völlig unpraktisch.

Viele Organisationen wollen ihren Mitarbeitern ermöglichen, Inhalte zu strukturieren und sinnvoll zu benennen, aber eben nicht versehentlich zu löschen.

Mit der aktuellen Logik ist das nicht möglich. Man muss sich entscheiden zwischen:

zu restriktiv (alles gesperrt, keine Organisation möglich)
oder
zu offen (Löschrisiko).

Was fehlt, ist eine feingranulare Rechteverwaltung, zum Beispiel getrennt nach:

Lesen
Schreiben / Erstellen
Umbenennen
Verschieben
Löschen
Internes Teilen
Externes Teilen

Gerade bei Gruppenordnern, die als zentrale Projekt- oder Teamlaufwerke dienen, wäre das ein riesiger Fortschritt.

Ich habe inzwischen mehrere Kunden, die diesen Punkt bemängeln – einer davon hat sich deswegen gegen Nextcloud entschieden.

Zur Einordnung:

Wir verwenden die aktuellste Nextcloud-Version, gehostet bei Hetzner, also keine veraltete Instanz.

Das Problem besteht also auch im neuesten Release und betrifft produktive Setups direkt beim Hosting-Partner.

Daher meine Frage an die Entwickler und die Community:

Gibt es Pläne, die Rechteverwaltung künftig differenzierter zu gestalten oder als Feature aufzunehmen?

Falls es dazu bereits ein offizielles Issue oder eine Roadmap gibt, wäre ein Hinweis super.

Viele Grüße

English version:

Hi everyone,

I’ve been working with Nextcloud in client environments for several years and keep running into the same issue:

The permission system in Group Folders is too coarse and not practical enough for real-world use.

Specifically:

If you disable the “Delete” permission, users are also unable to rename or move files.

I understand this from a technical perspective (since it’s treated as a move operation), but in daily work this is a real limitation.

Most organizations want their users to be able to organize and rename files, but not delete them accidentally.

At the moment you have to choose between:

too restrictive (no flexibility to organize files)
or
too open (risk of deletion).

What’s missing is a finer-grained permission model, for example separated into:

Read
Write / Create
Rename
Move
Delete
Internal sharing
External sharing

Especially in larger environments using Group Folders as shared team or project drives, this would make a huge difference.

Several of our clients have raised this issue – one even decided against Nextcloud because of it.

For context:

We are running the latest Nextcloud version hosted by Hetzner, so this is not about outdated code.

The limitation exists in the most recent release and directly affects production setups.

Are there any plans to improve or expand the permission system in future versions?

If there’s already an issue or roadmap item, I’d appreciate a pointer.

Best regards

Mornsgrans · October 11, 2025, 6:11pm

Unfortunatelley you did not write, which apps currently are installed.
The command can be found in the Support Template.

Did you checkout the app Files_accesscontrol?

srrprojects · October 11, 2025, 7:23pm

Thanks for the reply.
The list of installed apps isn’t really relevant in this case.
This isn’t about missing functionality from Files_accesscontrol or other add-ons, but about how permissions work in Group Folders in general.

Even on a clean setup – latest Nextcloud version, hosted at Hetzner, only the core apps and Group Folders – the problem is the same:
Users can’t rename or move files unless they also have delete rights.

That makes it impossible to give someone the ability to organize content without also allowing them to delete things.
Files_accesscontrol doesn’t solve that, because it’s rule-based, not a rights system.

What’s needed is a simple way for normal users to share folders internally with their team members and set rights like read, write, no delete.
Directly from the UI, not via admin rules or automation.

This is about everyday collaboration inside teams, not external sharing.
Right now, you either give too many rights or too few – there’s no middle ground.

Best

Mornsgrans · October 11, 2025, 7:50pm

Can you tell me, which file system does allow that?

srrprojects · October 11, 2025, 8:07pm

That’s exactly the problem.

I get that on a filesystem level, rename or move might technically involve delete operations.
But this isn’t about how Linux handles inodes. It’s about what users expect from a collaboration platform.

In real use, rename and move are organizational actions, not destructive ones.
People don’t care about backend details, they just want to keep their folders in order without the risk of deleting files.

Nextcloud already abstracts filesystem behavior in many other places, so it should do that here too.
The permission model should follow what people actually do in shared workspaces, not what the filesystem happens to require.

Other tools like SharePoint, FileCloud or Seafile solved this long ago.
They all separate data management (rename, move, copy) from data destruction (delete).
That’s what’s missing here.

tflidd · October 12, 2025, 9:05am

If you move files around (on purpose or by accident) you can also “destroy” the data structure. So some people even ask about a feature that you can do certain stuff but not move around too many files or folders.

If you delete something by accident, there should be the trash bin where you can restore things.

Also if people work productively on a folder (create content), they need full access, if they want to rename things, delete old stuff, restructure things, remove files they put there by accident etc.

Nowadays, you end up with a number of shares (so I don’t see the shares I am not part of) vs. before (on network shared drives) there might have been folders you couldn’t access.

bb77 · October 12, 2025, 9:35am

However, the way Seafile handles file storage also comes with one major drawback: it doesn’t allow transparent file access. You can’t simply cd into a folder and view your data. This means that if, for example, your database becomes corrupt, you lose direct access to your files.

With Nextcloud, on the other hand, even if you completely remove Nextcloud and its database, your files remain fully accessible through the underlying filesystem, no recovery tools needed.

srrprojects · October 12, 2025, 11:04am

I understand your point, but that argument doesn’t really hold. Sure, moving or renaming files can change an existing structure, but that’s not “destroying” anything. It’s part of normal collaboration. That’s the difference between control and trust in a shared workspace.

The trash bin only helps when something is deleted, not when files are renamed or moved. If someone accidentally moves or renames a file, there’s no easy way to undo it. And even if there were, that’s not a reason to block these actions entirely.

The idea that “productive users need full access” isn’t always true either. In many teams, roles are clearly defined: some people create content, others organize or review it. A proper permission model should reflect that, without forcing admins to choose between chaos and paralysis.

Other systems handle this separation just fine. Nextcloud shouldn’t be less flexible than a simple network share.

bb77 · October 12, 2025, 11:37am

I can’t speak for @tflidd here, but I for myself can certainly see how this could be useful, particularly for larger organisations. Ultimately, however, we can’t change things here in the forum, so you don’t necessarily need to convince us.

Also, while I’m neither an expert nor a developer, I’d imagine such a change probably can’t be implemented overnight with just a small patch, as it may require deeper changes or additional prerequisites in the Nextcloud core.

However, I see that you have already opened a feature request on GitHub, so I’d say let’s see what the developers think…

github.com/nextcloud/groupfolders

Separate permissions for Rename, Move and Copy from Delete in Shared Folders and Group Folders

opened 07:55PM - 11 Oct 25 UTC

srrprojects

enhancement 0. Needs triage

## Description We run several Nextcloud setups for different customers, all hos…ted on Hetzner. There’s one problem that keeps coming up, and it’s a real issue for normal work with shared folders. Right now, if a user doesn’t have **delete** permission, they also can’t **rename**, **move**, or **copy** files or folders. Nextcloud treats all these actions as a “move” operation that depends on delete rights. That might be logical from a filesystem point of view, but it’s not practical for real use. This happens not only in **group folders**, but also in **regular shared folders** between users. So it’s not just an app issue – it’s part of how sharing works in general. --- ## What happens - Users without delete permission can’t - rename files or folders - move them - copy them - Same behavior in both: - normal shared folders - group folders - Happens even on a clean setup (latest version, only core + group folders app). - ACLs don’t help, because they can’t override denied rights. --- ## What should happen Permissions should be split up. Rename, move and copy should not depend on delete. A user with write access should be able to - rename files and folders - move or copy files within allowed folders - but still **not delete** anything Something like this would make sense: - Read - Write / Create - Rename - Move - Copy - Delete - Share (internal / external) That’s what people need in real collaboration. It’s a simple thing, but it makes a big difference. --- ## Why this matters In daily work, people need to clean up folders, rename files, move things around – without the risk of deleting data. Right now, admins have to choose between - too strict (no one can organize anything), or - too open (risk of deletions). This affects normal shares and group folders. We have several customers who ran into this, and one dropped Nextcloud completely because of it. That’s frustrating, because otherwise it’s a great system. --- ## How to reproduce **Case 1 – shared folder** 1. User A shares a folder with User B. 2. In the share options, remove the “delete” permission. 3. User B tries to rename or move a file → blocked. **Case 2 – group folder** 1. Create a group folder. 2. Give a user read + write but no delete. 3. That user tries to rename or move a file → blocked. --- ## Request - Please separate rename, move and copy from delete. - If that’s hard to change on filesystem level, maybe add an option in the core or group folders app to control these rights separately. - Would be good to know if this is already planned or being discussed. Happy to test or give feedback if there’s a patch or nightly build. --- ## References - [Nextcloud v30 – Rename/Delete coupling discussion](https://help.nextcloud.com/t/nextcloud-v30-renaming-now-a-deletion-risk-a-nightmare-for-our-rights-management/220333) - [Group folders ACL issue](https://github.com/nextcloud/groupfolders/issues/3685) - [Server issue – rename and delete coupling](https://github.com/nextcloud/server/issues/48983) We already reached out to Hetzner since all our customer instances run there. Would be great if this could be prioritized together with bigger hosting partners – this is something many business setups run into. --- Thanks for reading and for the work you do on Nextcloud. This small change would fix a big real-world problem. Best

Mornsgrans · October 12, 2025, 2:26pm

Works as designed:

github.com/nextcloud/groupfolders

[Bug]: Can rename file/folder in group folder without delete permission

opened 06:39PM - 08 Aug 24 UTC

luka-nextcloud

bug 0. Needs triage

### ⚠️ This issue respects the following points: ⚠️ - [X] This is a **bug**, no…t a question or a configuration/webserver/proxy issue. - [X] This issue is **not** already reported on [Github](https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3Abug) OR [Nextcloud Community Forum](https://help.nextcloud.com/) _(I've searched it)_. - [X] Nextcloud Server **is** up to date. See [Maintenance and Release Schedule](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) for supported versions. - [X] I agree to follow Nextcloud's [Code of Conduct](https://nextcloud.com/contribute/code-of-conduct/). ### Bug description Users can rename a file/folder when the right of delete file is denied in advanced authorization. Happens on 29 and master. ### Steps to reproduce 1. Create a group folder "GroupFolder1" 2. Create a group "Group1" 3. Assign user "UserA" to group "Group1" 4. Assign group "Group1" to "GroupFolder1" 5. Enable "advanced permissions" for group folder "GroupFolder1" and select "Group1" 6. Login as "UserA" 7. Access files 8. Open sharing tab of folder "GroupFolder1" 9. Add advanced permission for group "Group1". Allow read, write, create, share. Deny delete 10. Access folder "GroupFolder1" 11. Create any file/folder 12. Rename created file/folder ### Expected behavior File/Folder cannot be renamed without delete permission. ### Installation method None ### Nextcloud Server version 29 ### Operating system None ### PHP engine version None ### Web server None ### Database engine version None ### Is this bug present after an update or on a fresh install? None ### Are you using the Nextcloud Server Encryption module? None ### What user-backends are you using? - [ ] Default user-backend _(database)_ - [ ] LDAP/ Active Directory - [ ] SSO - SAML - [ ] Other ### Configuration report _No response_ ### List of activated Apps _No response_ ### Nextcloud Signing status _No response_ ### Nextcloud Logs _No response_ ### Additional info _No response_

tflidd · October 13, 2025, 3:52pm

I think for that idea you have the workflows:

I’m not sure, if the tags are not part of the workflows, so you can also control access to files (e.g. as they go through a certain process).

Rudibert · October 26, 2025, 9:02am

Du sprichst aber schon von der Team-Ordner-App, die früher Group Folder hieß, oder?