I am super frustrated right now because sooo many things went wrong/are unintuitive. Feel free to link to bug reports or write bug reports, I don‘t have the time right now.
Small organisation with ~120 users, ~20 actively using it, Nextcloud 20.0.8, group folders 8.2.0, Everyone Group 0.1.7, everything I describe here was done in web interface with Firefox 86.0, logged in as admin user.
We have ~10 folders shared from an admin account with different groups and individual users, some subfolders are shared with groups/individual users. Via regular sharing this structure was possible and easy to manage.
But when I delete a user, all files he/she created in shared folders will be deleted too, that is already bad UX and should be fixed! To deal with this now, people told me to migrate to group folders. Some problems:
- group folders can only be shared with groups, not with individual users, devs say this won‘t be fixed Feature request: Sharing with single user · Issue #28 · nextcloud/groupfolders · GitHub
- In admin panel for group folders, it happened a few times that I clicked on „create“ and nothing happened. Later it worked, with same settings.
- I thought the everyone group app would be useful with group folder app but no. If I share a group folder with everyone group, I cannot select other groups for managing advanced permissions, only users.
- Via advanced permissions, it is possible to deny read access to the everyone group, locking everyone out and making the folder unusable → bad UX design.
- it happened multiple times that I click on advanced permission settings in the file sidebar and the popup is not where it should be, but about 5cm moved to the top
As I said, it is not enough for us to share a folder with a group, we need subfolders shared with other groups/users. Here https://github.com/nextcloud/groupfolders/issues/28#issuecomment-810973163 the following was suggested:
Add group with the individual user in it (maybe like an “all staff” for most flexibility) to have appropriate access to the group folder. Enable advanced permissions for an appropriate group(s)/person(s) for that group folder.
If what the person should have access to is in the root of the group folder, add an ACL allowing them access, and another removing access for the “all staff” group. Adjust as necessary for subfolders.
This approach fits the logic of group folders while providing for moving the fine-grained controls to the responsible parties which makes more sense in a organisational sense (you can of course still have IT support doing it, but it shouldn’t be unless they are people responsible for deciding who has access to content).
Test 1___
TESTUSER is part of TESTGROUP. The goal was to have this folder structure:
— TEST: group folder shared with ADMIN and TESTGROUP groups, advanced permissions: write access for ADMIN group, no access for TESTGROUP
— SUBFOLDER (within TEST): advanced permissions: write access for ADMIN group, no access for TESTGROUP, write access for TESTUSER
This did not work, TESTUSER cannot see the SUBFOLDER, even though it says „the “allow” permission will overwrite any “deny” permission“ here GitHub - nextcloud/groupfolders: 📁👩👩👧👦 Admin-configured folders shared by everyone in a group. https://github.com/nextcloud-releases/groupfolders
Test 2_____
Then I thought ok, at least I will migrate the simple folders to group folders (they are only shared with one group and no subfolders are shared otherwise).
Original folder was FOLDER. I renamed it to FOLDER-OLD, created a group folder FOLDER, shared it with ADMIN and TESTGROUP.
Tried to move files from FOLDER-OLD → „could not be moved“
Tried to copy files from FOLDER-OLD → „could not be copied“
The only thing I can do in group folders is create new files.
By the way, the warnings stay floating for ever and make the web interface unusable – bad UX.
Later I also tested to use a different name for the group folder than the original folder, same errors (note that the group folders should have the same name as the old shared folders, for end users everything should look the same as before).
So migration to group folders was a complete fail, in the end I could not migrate a single file. Including research and communication with our hoster I probably spent 6 hours on this, all for nothing.