Nexcloud client privilege management

Nexcloud client privilege management

So I just finished installing nexcloud in a subdomain, at my webhost. The result: serveur.ctps.ca
If I consider using the Nexcloud client on my other machines under windows, everything seems to work fine for the privileges of a single user, especially as the local synchronization of the files is very fast. I pointed my nexcloud client to a local directory and all the directories of the nexcloud server were automatically synchronized.

For my needs the synchronization of the files locally is crucial and necessary, because much faster and complete (much like a Dropbox) …

However I try to understand the logic of privileges if I want to configure say four users with different privileges.

Let’s imagine, Four users (U1-U2-U3-U4) sharing and alternating between four different computers on which a NextCloud Client is installed.

What I need:
User 1 (Administrator). It has access to all directories A-B-C-D.
User 2: I want it to have access only to directories A-B.
User 3: I want it to have access only to the B-C directories.
User 4: I want it to have access only to the B-C-D directories.

On each computer is it possible to switch from one user to another so that the access privileges are adjusted according to the user present at the station?

If a user logs in (name and password), they have access to certain directories (management of groups that share certain directories only). Then the user disconnects, but the directories remain accessible locally by someone else ???

I have a hard time understanding how to set up the separate privileges and privileges common to these users, so they can share the same computer ???

What about this?

https://docs.nextcloud.com/server/12/admin_manual/file_workflows/access_control.html

Ok I have found it in the applications menu, then I press the “activation” bouton…

So now in Nextcloud server how and where do I configure “File Access Control 1.2.4” ?

I have also found the file “files_accesscontrol-1.2.4.tar.gz”. Do I download it ? Where do I install it ?

Do I upload it (ftp) on my NextCloud section of my web site ?

I would like to add the following application in my server Nexcloud
https://apps.nextcloud.com/apps/files_accesscontrol

I downloaded the file “files_accesscontrol-1.2.4.tar”. Unzipped this contains a directory “files_accesscontrol”.

Where do I place this directory in my Nextcloud server (serveur.ctps.ca) to use it?

When connect to the server with admin privilge and trying to go to the link:
http://serveur.ctps.ca/apps/files_accesscontrol/

I receave the message: Access forbidden… ???

Ok I have found it in the applications menu, then I press the “activation” bouton…

So now in Nextcloud server how and where do I configure “File Access Control 1.2.4” ?

I have also found the file “files_accesscontrol-1.2.4.tar.gz”. Do I download it ? Where do I install it ?

Do I upload it (ftp) on my NextCloud section of my web site ?

I would like to add the following application in my server Nexcloud
https://apps.nextcloud.com/apps/files_accesscontrol

I downloaded the file “files_accesscontrol-1.2.4.tar”. Unzipped this contains a directory “files_accesscontrol”.

Where do I place this directory in my Nextcloud server (serveur.ctps.ca) to use it?

When connect to the server with admin privilge and trying to go to the link:
http://serveur.ctps.ca/apps/files_accesscontrol/

I receave the message: Access forbidden… ???

File Access Control can be found in the Administration Settings. Login as admin, click the Gear icon (or Avatar) in the upper right corner and chose the “Management” (the entry below “Personal”; don’t know the exact english naming).

Then on the left side bar you should find File Access Control. There you can setup your rules.

After upgrading to Nextcloud 12.0.2 I had to reinstall Access control
https://apps.nextcloud.com/apps/files_accesscontrol

Tank’s

Nexcloud client privilege management -
Files Access control is installed fine and i have access to rules for all my group.

But I’m stock with the same problem :

Nexcloud server in a subdomain, at my webhost : serveur.ctps.ca
Nexcloud client in a few machines under windows.
Nexcloud Clients work fine for the privileges of a single user
The local synchronization of the files is very fast.

Let’s imagine, 4 users (U1-U2-U3-U4) sharing four different computers on which a NextCloud Client is installed.
What I need:
User 1 (Administrator). It has access to all directories A-B-C-D.
User 2: I want it to have access only to directories A-B.
User 3: I want it to have access only to the B-C directories.
User 4: I want it to have access only to the B-C-D directories.

On each desktop computer is it possible to switch from one user to another so that the access privileges are adjusted according to the user present at that on that Pc ?
If a user logs in (name and password), they have access to certain directories (management of groups that share certain directories only). Then the user disconnects, but the directories remain accessible locally by someone else ???
I have a hard time understanding how to set up the separate privileges and privileges common to these users, so they can share the same computer ???

Hi,

I’m not sure if I understand your problem. I believe I’m much too tired to follow you. However while I first just read your request about File Access Control, I didn’t read your initial post and fear this app won’t help you.

Why I have big problems following you is maybe because I don’t understand how the client machines (with Windows) are used.
If I had different users which need their own private space, I’d create 4 accounts on Windows. So whenever someone needs to access one of the client machines, the user has to login with his own username and password. For every user Windows has a private environment. While applications can be installed for all users or only for the current user, even the installed applications can be different for every user. However if an application is installed for all users, it doesn’t mean, that this application shares its configuration across all user accounts.
What I mean by that: when User1 logins and enters his credentials in the Nextcloud App, accesses your Nextcloud server, then logs out from Windows and User2 logs in at the same Windows machine, he can’t automatically access the Nextcloud server with the credentials of User1. Instead he has to enter his own credentials in the app to access the server.

My approach therefor:

• 4 user accounts on windows
• 4 user accounts on Nextcloud
• Nextcloud client installed on Windows for all users
• either 4 groupfolders (Groupfolder app) or admin user (on Nextcloud) shares 4 folders

While every user can access the folders as intended then, every user can easily sync the files between Windows machines and Nextcloud server.
However this seems answer seems too simple to me, so I fear I totally missed your point

Tank a lot Schum to take de time to read me.

Here is a description more in line with my real needs.

Let’s resume:

Nextcloud Server (serveur.ctps.ca) users privileges

1 user administrator
9 users (Nextcloud clients) on W7 or W10. Theses users move from on PC others occasionally, but every week. When done, each user needs their own private space, but some users also share other directories.

Groups = Directories on the server
ERGO-ARCHIVES
ERGO-CMPB
ERGO-EPD
ERGO-EPM
ERGO-FAB
ERGO-MONT
ERGO-PERSO
ERGO-SEC
ERGO-TEMP

User #
User 1
User 2
User 3
User 4
User 5
User 6
User 7
User 8
User 9
User 10

Groups / Privileges for Users
ERGO-ARCHIVES / 1 2 3 4 - - - - - 10
ERGO-CMPB / 1 2 - - - - - 8 9 -
ERGO-EPD / 1 - - - - 6 - 8 9 -
ERGO-EPM / 1 2 - - - - - 8 9 -
ERGO-FAB / 1 2 3 4 5 6 7 8 9 -
ERGO-MONT / 1 - - - - - 7 - 9 -
ERGO-PERSO / 1 2 3 4 5 6 7 8 9 -
ERGO-SEC / 1 2 3 4 5 6 7 8 9 10
ERGO-TEMP / 1 2 3 4 5 6 7 8 9 -

Actually, when each user connect to the server via web, the privileges are perfect et limited to there direstories. But the web interface is not as functionnal as the local sync app. (nextcloud client).

But if when each user connect to a pc (Nextcloud client), do we have realy to configure 9 differents (windows accounts) users on each machines ?

By creating as many windows accounts on each microcomputer, I believe this will significantly increase its cpu load for managing these accounts ??? But if this is the only solution I will do so …

Hi @jrauger

Please excuse my late response.

Creating a Windows account for every single user is the best option in terms of functionality and security. With a shared Windows account every user would need to log out from the Nextcloud Client every time he leaves the computer. If that is forgotten, then the next user can access other user files.
Furthermore there are temporary files and so on, that could leak “private” information.

Additional User Accounts on Windows don’t result in additional CPU load. If a user logs out from Windows all resources are freed and even if you only switch the user with the other sessions only on hold, Windows will free resources if necessary. The only part where more resources are needed, is the hard disc, but that’s just a small amount and can be ignored.
With a Windows Account for each user you can even create Network Devices which point to the Nextcloud account on the server. Also the users can stay logged in the Nextcloud Client as well.

The only thing which requires some effort is the creation of the user accounts on all PCs if the users sit on different Windows devices. Active Directory could be helpful there.