Group Folder with Special Permission

Hi

i want to use nextcloud with map drive windows
and i want to create 4 folder with group folder app

i want everybody can read 4 folder but each user can write, delete and full access to own folder
for example
we have
folder x
folder y
folder z
folder h

user x can full access to folder x
user y can full aceess to folder y
and etc

i try to do and access allgroup to read and Advanced Permissions to user only
but nothing happend and user cannot full access to own folder

anyone can help me?

hi!
1 - Create subfoldes in the main group folder.
2 - Give all users access to all the folders.
3 - In each folder, add an advanced permission, denying write/create/share to the users you donā€™t want to allow to do it (ie folder X users Y Z H only can read them)

System gonna get the main permission (full access) to the folders that not explicit are denied (so, simply deny users, no need to allow them, its an inherit permission to allow access)

Hope this helps,

1 Like

thanks for replay

but i have 200 users if iwant deny user for all folder i should add 199 user in advance permission for each folder
do you have easiest way?

can i denying user in advanced permission with interface ?

Put this user in a separate group and deny access for said group, respectively allow access only for the other group(s). There is a reason why itā€™s called Groupfolders. You donā€™t have to add or remove every single user to every single folder separately. But maybe I donā€™t quite understand what the actual goal is here.

1 Like

The goal is for each user to have full access to their own folder and read-only access to all other folders with map drive.
like windows share folder
how to do this?

Sometimes I ask myself why people start using Netxloud, when they want to work exactley the same way as they did beforeā€¦ But nevermind :wink:

ā€¦to a 199 Induvidual user folders? That doesnā€™t make much sense and would indeed be a pain to manage.

But you can separate your users to groups and than create corresponding group folders:

Folder1: Marketing Dept.
Folder2: Sales Dept.
Folder3: Enineering Dept.
etcā€¦

You will still need to set permissions on the folders, like @coyotenq already explained but you would do it per group instead doing it for each individual userā€¦ GitHub - nextcloud/groupfolders: šŸ“šŸ‘©ā€šŸ‘©ā€šŸ‘§ā€šŸ‘¦ Admin-configured folders shared by everyone in a group. https://github.com/nextcloud-releases/groupfolders

1 Like

Itā€™s true, but, sometimes, you need to adapt ā€œoldā€ ways in new systems first, and then, make them move to new concepts/ways.

Uses to be various ways to do the same, as @bb77 explains, group folders are designed to manage multiple user permissions at once. But, maybe, in your scenario, need a big fine tune.
Personal folders are designed to be that, personal (but shareable), so, maybe sharing as read only can be a solution too.
IMHO, the best way is via group folders.

Yes, you can, but one by one (maybe this require a new feature, allowing, via web interface, apply an advanced group permission to a range of folders)
To solve your problem now, the only way is via console. I solve it doing a bash one liner script that iterates thru all the folders and deny access to them to a given user, and, then, via web interface, delete the restriction to the given user allowed to R/W the folder.

so, via console:

find [MAIN DATA STORAGE]/__groupfolders/[NUMBER OF GROUP FOLDER]/* -prune -type d -exec bash -c 'sudo -u [your NC running USER] php [your NC WEB PATH]/occ groupfolders:permissions 4 -u [USER TO DENY] "[PATH TO GROUP FOLDER/]/${0//.\/}" -- -read -write -create -delete -share' {} \;

This command iterates thru all the folders inside the main group folder, and add a deny permission to the given user. The last params (-read -write etc, are self explanatory)
Then, via web interface, you can allow only to the given user (modifying the permission) to +r +w etc etc.
Sadly, you need to do this (or improve the script to take all users from the group via occ command too) for each user.

As you can see, there is no easy way to achieve your goal, but is a ā€˜one time jobā€™.

(edited to clarify paths in command)

3 Likes

with @coyotenq and @bb77 help, thank you
i disable Group Folder and create a personal folder and share personal folder to everybody group with download access
for now everybody can see and download folder
and user can upload and edit

1 Like