I’m using NextCloud 10 and having some problem with the file access control.
I have one folder shared to a big group of people. In the folder, there’re two sub-folders: FolderA and FolderB. There’re two sub-groups of the people: GroupA and GroupB. There’s also an administrator group GroupAdmin.
I want to set up the file access control rules to achieve the following:
a. Only GroupA and GroupAdmin can access FolderA.
b. Only GroupB and GroupAdmin can access FolderB.
The plan is to tag FolderA with TagA and FolderB with TagB. Then in file access control, set two rule group:
RuleGroupA
“File system tag” is tagged with TagA;
“User group membership” is not member of GroupA;
“User group membership” is not member of GroupAdmin;
RuleGroupB
“File system tag” is tagged with TagB;
“User group membership” is not member of GroupB;
“User group membership” is not member of GroupAdmin;
After saved these rule groups and refreshed the file access control page, some rules are missing. RuleGroupA seems ok, but RuleGroupB missed the last rule.
My question: is it possible to have two rules of the same type within one rule group? It seems partially working.
Another question: is it possible to use file access control to restrict user have read-only access of a folder?
When there’s only one rule group, it works. When there’s multiple rule groups, only one rule group can have two rules of the same kind “Use group membership”.
Checked oc_flow_checks table, and it looks confusing. Some rules are deleted already, but still in the table. The first 26 lines in the table probably should be gone because they are deleted.
Some FileSystemTags referenced in the oc_flow_checks are deleted as well.
BTW, how are the rules in oc_flow_checks grouped as Rule Group?
I face the same issue using a cloud account on ocloud.de.
The scenario is as indicated by the group names above: members of a group shall not have access to a folder with a certain tag, but group admins shall have.
When saving a rules group everything looks fine, but when getting back to review the rules, the first rule group is fine but starting with the second group, only one rule using group membership has survived.