Other admins can't see rights of groups/users

Reth · May 28, 2025, 1:51pm

Hi everyone

I’m very new to Nextcloud and am using an automatic installation from my hoster.

When I give rights to a group or user to a folder other admins can’t see what rights these have in the folder details. Is there any way to make the rights visible for other admins or even better for group admins? So there is no way to tell who has read only rights nor a way to change this by others. Or did I miss something?

The Basics

Nextcloud Server version (e.g., 29.x.x):
- 23.0.12 - 23.0.12.2
Operating system and version (e.g., Ubuntu 24.04):
- Linux 3.10.0-1160.119.1.el7.x86_64 x86_64
Web server and version (e.g, Apache 2.4.25):
- Don’t know
Reverse proxy and version _(e.g. nginx 1.27.2)
- nginx/1.20.1
PHP version (e.g, 8.3):
- 7.3.33
Is this the first time you’ve seen this error? (Yes / No):
- No
When did this problem seem to first start?
- It’s always been like this
Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- I don’t know
Are you using CloudfIare, mod_security, or similar? (Yes / No)
- No

Nothing in the logs

Web Browser

This appears on any Browser

Apps

- accessibility: 1.9.0
 - activity: 2.15.0
 - calendar: 3.3.3
 - circles: 23.1.2
 - cloud_federation_api: 1.6.0
 - comments: 1.13.0
 - contacts: 4.2.5
 - contactsinteraction: 1.4.0
 - dashboard: 7.3.0
 - dav: 1.21.0
 - deck: 1.6.7
 - federatedfilesharing: 1.13.0
 - federation: 1.13.0
 - files: 1.18.0
 - files_pdfviewer: 2.4.0
 - files_rightclick: 1.2.0
 - files_sharing: 1.15.0
 - files_trashbin: 1.13.0
 - files_versions: 1.16.0
 - files_videoplayer: 1.12.0
 - firstrunwizard: 2.12.0
 - forms: 2.5.1
 - logreader: 2.8.0
 - lookup_server_connector: 1.11.0
 - nextcloud_announcements: 1.12.0
 - notifications: 2.11.2
 - oauth2: 1.11.0
 - password_policy: 1.13.0
 - photos: 1.5.0
 - privacy: 1.7.0
 - provisioning_api: 1.13.0
 - recommendations: 1.2.0
 - serverinfo: 1.13.0
 - settings: 1.5.0
 - sharebymail: 1.13.0
 - support: 1.6.0
 - survey_client: 1.11.0
 - systemtags: 1.13.0
 - text: 3.4.1
 - theming: 1.14.0
 - twofactor_backupcodes: 1.12.0
 - updatenotification: 1.13.0
 - user_status: 1.3.1
 - viewer: 1.7.0
 - weather_status: 1.3.0
 - workflowengine: 2.5.0

BasSom · May 29, 2025, 7:35pm

We also face a sort of same problem.
We are helping organisations to move to Nextcloud and this is a blocking issue.
Our organisations have different groups.
Each group has a sub-admin who is responsible for user adminstration of that group.
A sub-admin

logs in
goes to the Accounts page
creates a new user

expected result
this new user has default the ‘group’ group.
sub-admin can create a new user

actual result
this new user has default the ‘admin’ group.
I cannot remove this role.
consequence this sub-admin cannot create new users.

I found on github this issue

github.com/nextcloud/server

[Bug]: For subadmins, the accounts page does not list the groups.

opened 08:03PM - 29 Apr 25 UTC

joergmschulz

bug 0. Needs triage 31-feedback

### ⚠️ This issue respects the following points: ⚠️ - [x] This is a **bug**, no…t a question or a configuration/webserver/proxy issue. - [x] This issue is **not** already reported on [Github](https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3Abug) OR [Nextcloud Community Forum](https://help.nextcloud.com/) _(I've searched it)_. - [x] Nextcloud Server **is** up to date. See [Maintenance and Release Schedule](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) for supported versions. - [x] I agree to follow Nextcloud's [Code of Conduct](https://nextcloud.com/contribute/code-of-conduct/). ### Bug description All users are synchronized from LDAP, including group information. There is one user who should be sub-admin and be able to review the group membership of the users of his group: ``` <subadmin> <element>FDS_Riesklasse</element> </subadmin> ``` on the accounts page, the users belonging to that group are listed correctly. But the list of groups remains empty. The JAVA console displays the following error: ``` response: "{\"ocs\":{\"meta\":{\"status\":\"failure\",\"statuscode\":403,\"message\":\"Das angemeldete Konto muss ein Administrator, ein Unteradministrator sei…" responseText: "{\"ocs\":{\"meta\":{\"status\":\"failure\",\"statuscode\":403,\"message\":\"Das angemeldete Konto muss ein Administrator, ein Unteradministrator sei…" ``` consequently: <img width="288" alt="Image" src="https://github.com/user-attachments/assets/23893186-00b2-4fba-977a-eafd3ea56543" /> Also, the group in question cannot be found in the search box. ### Steps to reproduce 1. Grant subadmin privileges to a ldap user on a ldap group 2. login using this credential ### Expected behavior the user should see the correct groups ### Nextcloud Server version 31 ### Operating system Debian/Ubuntu ### PHP engine version PHP 8.4 ### Web server Nginx ### Database engine version PostgreSQL ### Is this bug present after an update or on a fresh install? Upgraded to a MAJOR version (ex. 31 to 32) ### Are you using the Nextcloud Server Encryption module? None ### What user-backends are you using? - [ ] Default user-backend _(database)_ - [x] LDAP/ Active Directory - [ ] SSO - SAML - [ ] Other ### Configuration report ```json { "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "datadirectory": "***REMOVED SENSITIVE VALUE***", "apps_paths": [ { "path": "\/www\/nextcloud\/apps", "url": "\/apps", "writable": false }, { "path": "\/data\/apps\/", "url": "\/custom-apps", "writable": true } ], "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "cloud.freie-dorfschule.de" ], "dbtype": "pgsql", "version": "31.0.4.1", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "trusted_proxies": "***REMOVED SENSITIVE VALUE***", "lost_password_link": "https:\/\/ssp.faudin.de\/?action=sendtoken", "enabledPreviewProviders": [ "OC\\Preview\\TXT", "OC\\Preview\\MarkDown", "OC\\Preview\\PDF", "OC\\Preview\\MSOfficeDoc", "OC\\Preview\\JPEG", "OC\\Preview\\PNG", "OC\\Preview\\GIF", "OC\\Preview\\BMP", "OC\\Preview\\XBitmap", "OC\\Preview\\MP3", "OC\\Preview\\HEIC", "OC\\Preview\\Movie", "OC\\Preview\\MKV", "OC\\Preview\\MOV", "OC\\Preview\\MP4", "OC\\Preview\\AVI", "OC\\Preview\\PNG", "OC\\Preview\\TIFF" ], "maintenance_window_start": 1, "htaccess.RewriteBase": "\/", "forwarded_for_headers": [ "HTTP_X_FORWARDED", "HTTP_FORWARDED_FOR", "HTTP_X_FORWARDED_FOR", "X-Forwarded-For" ], "htaccess.IgnoreFrontController": true, "default_phone_region": "DE", "overwrite.cli.url": "https:\/\/cloud.freie-dorfschule.de", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "password": "***REMOVED SENSITIVE VALUE***" }, "maintenance": false, "memcache.local": "\\OC\\Memcache\\Redis", "memcache.distributed": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_sendmailmode": "smtp", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "2587", "mail_smtpauth": 1, "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "defaultapp": "", "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory", "loglevel": 2, "app_install_overwrite": [ "snappymail" ] } } ``` ### List of activated Apps ```shell Enabled: - activity: 4.0.0 - app_api: 5.0.2 - bruteforcesettings: 4.0.0 - calendar: 5.2.2 - circles: 31.0.0 - cloud_federation_api: 1.14.0 - comments: 1.21.0 - contacts: 7.0.6 - contactsinteraction: 1.12.0 - dashboard: 7.11.0 - dav: 1.33.0 - deck: 1.15.1 - federatedfilesharing: 1.21.0 - federation: 1.21.0 - files: 2.3.1 - files_downloadlimit: 4.0.0 - files_pdfviewer: 4.0.0 - files_reminders: 1.4.0 - files_sharing: 1.23.1 - files_trashbin: 1.21.0 - files_versions: 1.24.0 - groupfolders: 19.0.4 - logreader: 4.0.0 - lookup_server_connector: 1.19.0 - mail: 5.0.3 - nextcloud_announcements: 3.0.0 - notifications: 4.0.0 - notify_push: 1.0.0 - oauth2: 1.19.1 - password_policy: 3.0.0 - photos: 4.0.0-dev.1 - polls: 7.4.2 - privacy: 3.0.0 - profile: 1.0.0 - provisioning_api: 1.21.0 - recommendations: 4.0.0 - related_resources: 2.0.0 - richdocuments: 8.6.4 - serverinfo: 3.0.0 - settings: 1.14.0 - sharebymail: 1.21.0 - snappymail: 2.38.2 - socialsharing_email: 3.3.0 - support: 3.0.0 - survey_client: 3.0.0 - systemtags: 1.21.1 - tables: 0.9.2 - text: 5.0.0 - theming: 2.6.1 - twofactor_backupcodes: 1.20.0 - updatenotification: 1.21.0 - user_ldap: 1.22.0 - user_status: 1.11.0 - viewer: 4.0.0 - weather_status: 1.11.0 - webhook_listeners: 1.2.0 - workflowengine: 2.13.0 Disabled: - admin_audit: 1.21.0 - calendar_news: 1.1.15 (installed 1.1.15) - collectives: 2.16.3 (installed 2.16.3) - encryption: 2.19.0 - files_external: 1.23.0 - firstrunwizard: 4.0.0 (installed 3.0.0) - spreed: 21.0.4 (installed 21.0.4) - suspicious_login: 9.0.1 - twofactor_nextcloud_notification: 5.0.0 - twofactor_totp: 13.0.0-dev.0 ``` ### Nextcloud Signing status ```shell No errors have been found. ``` ### Nextcloud Logs ```json nothing interesting ``` ### Additional info members of the admin group are also fed via ldap - in NC it has the name admin_2

How should you report issues? Here or in Github?

BasSom · June 4, 2025, 4:39pm

I got an email that the issue is solved.

Closed #52545 as completed via #52776.

How do I know in which release this will be included?

thanks
bas

Reth · June 10, 2025, 7:39am

Haha! I guess one way to avoid waiting for a new topic being checked is to hijack a similar topic.

But I guess nobody knows any solution to my problem anyways?