I have no support/technical question and have seen the support category. (Be aware that direct support questions will be deleted.)
on
Which general topic do you have
Hello there! I finally started using a self-hosted Nextcloud instance, and it works great for providing, working with, managing, and sharing files with others.
But when we talk about the concept of Team Folders, things seem a bit complicated to manage, because each Team Folder must have a group of users for more fine-grained permission management. It doesn’t allow you to set individual users directly to access a Team Folder (I’m guessing — I’m not an experienced Nextcloud administrator yet, maybe one day).
So I would like to know how you manage your Nextcloud nodes. Do you use Team Folders? If so, do you rely on user groups, or do you use another approach? Please share your impressions with me.
I create a group for each user. So user Markus is in the group Markus. And user Tim is in the group Tim and so one… This allows me to decide individually for each user which team folders they have access to. Doesn’t scale, but that’s not a problem in my case (~15 User).
Team folders (formerly group folders) is basically just the classic user group concept, where you can only assign permissions based on groups.
Real ACLs or per-resource permissions would likely require radical changes to the backend and/or certain more tight prerequisites for backend services and storage, or possibly even a completely new product.
However, I doubt that something like that would be less complicated to manage. More options and fine grained control, yes, but less complicated, probably not.
Nextcloud Team folders has ACLs / per-file/folder-permission and has had them for many years!
And while you can only add groups to the teamfolder as a whole, you can absolutely add ACL rules for individual users without some group workaround for files and folders within the teamfolder. As long as they also have some group, that gives them access to the teamfolder at all those ACLs work exactly as one would expect.
By “per-resource permissions,” I actually meant something along the lines of role-based or attribute-based access control… Attribute-based access control - Wikipedia
But yes, I shouldn’t have written this post. It doesn’t help anyone, and I’m not really an expert on this in the first place, so it’s probably best to just forget what you’ve read there.
