Groupfolder with "subtree" access rights


we’d like to use one directory structure for the shared files within our company. We’d like to avoid a cluttered set of individually shared directories, so I assume that the “groupfolder” App is basically what we need.

The directory structure we’d like to share within the company should have subdirectories with different permissions. For Example:

groupfolder/dir1 -> access for all
groupfolder/dir2/subdir1 -> access only for group1
groupfolder/dir2/subdir2 -> access only for group2
groupfolder/dir2/subdri3 -> access for all

is this possible without having “subdir1” and “subdir2” as a dedicated folder below the “shared” folder for users of group1 or group2?


1 Like

Sorry, I am not really sure I understand the question. Could you rephrase it?

Basically we want to define a folder structure accessible for all users in the company with different access rights on subfolders – similar to a typical ACL definition in local file systems. I’ll try to describe the current situation and what we do not want with an example:

  • we have a shared Folder “company”, with access to all authenticated users
  • below “company”, we have a folder “department”. This folder has to have restricted access for only one group of users

If I define access rights in Nextcloud both for “company” and for “department”, a user with access to both has the following directory structure:


Our goal is to have a common directory structure for all users. If we define different access rights on subfolders users will see various folders below “shared” which are also in the “company” folder tree. This leads to a cluttered “shared” structure. Our goal is to prohibit the appearance of the “department” folder below “shared”.

I hope this makes it more understandable?

I think the best way would be the possibility to exclude sub(-sub)-folders from sharing…

Thank you, this gives a clear picture.

The user will always be able to change the directory structure to his likings: the individual can move around the shared folders as much as she likes.

If you create a folder inside one that is shared to all authenticated users, the created folder would also be available to any recipient of the parent folder. @rullzer correct me if i am wrong.

Currently, there is no way to force a share into a target folder(structure). Also I cannot think of a workaround, unfortunately.

A nice solution would be as described by me in the other reply.
Normally the folders are already sorted by owner. The problem is mostly that you do not want to share all subfolders. If there’s a functionality to disable some sub(-sub)-folders, I think this problem would be solved in most scenarios. I hope such functionality will be available in next versions :slight_smile:
I’ll create a ticket for that :smiley:

Feature request created:

Hi all,

thanks for the quick responses and the overview about the possibilities. We’ll review how to proceed.

Note that if this is a capability you want, you can contact to see if we can provide this.

1 Like

Dear all,

I have a Groupfolder problem wich is similar to yours…
We also want to use subfolders / subtrees and we want that specific users has specific rights for reading or writing the folders/files in the folders.
It is possible to set up the folderstructure as we want it to be.
But if a specific user has NO rights for one specific subfolder (no READ, no WRITE,… rights) he will not see this folder (which is OK) but he still can copy the root folder to another “private” folder in his nextcloud instance then all folders will be copied! Also the folders for which he has no READ rights! So he easily can read out files he should not have access to.
Please help!
thank you!

Maybe also check this post/request: