Rightsmanagement in subfolders

when I grant rights to a folder, all of its subfolders inherit theese access rights. Is it possible to change this? I want to grant access rights to one subfolder only to some users.
e.g.

  • folder1
    • subfolder-a
    • subfolder-b

folder1 shall be granted to group 1 and group 2 but subfolder-b shall only be visible to group 2.

Maybe not exactly what you are looking for but why not simply create three folders on same level?

  • folder a+b
  • folder a
  • folder b

you don’t win or loose anything for folder a+b… maybe even more convenient if you access folder a and folder b

Thank you wwe for investigating. Unfortunately your proposal does not fit my requirements.
It works for a small amount of folders, but if you have about 100+ customers and for each customer about 3 to 5 groups you would need to have 100 * (3+1) folders in the same level which makes the whole story not beautiful :wink:

It gets even more complicated if every customer consists of several sub-firms and wants to separate them. It could help if sharing a high-level-folder would be selectable if it inherits its rights to all below…

e.g.

  • customer-folder
    • sub company 1 (group 1+2)
      • general files (group 1+2)
      • groupfolder 1 (group 1)
      • groupfolder 2 (group 2)

etc.

the situation remains the same, it doesn’t matter if you handle 3 or 300 folders. You are looking for a solution which doesn’t exist (now) in Nextcloud.

One could definitely discuss if your desired solution of “breaking” inheritance is good/bad/ugly/better/worse of the existing solution but the solution your suggest is not easier then existing one and the one I provide. It is different and may look better for your specific use-case. In fact it is build around the number of configs:

your solution

  • group a+b (grant access fora+b)
    – group a (grant access fora+b, revoke access for b)
    – group b (grant access fora+b, revoke access for a)

your solution (alternative)

  • group a+b (grant access fora+b)
    – group a (stop inheritance, grant access for a)
    – group b (stop inheritance, grant access for b)

if your count every single access right combination this not easier than what I suggest. Depending on your experience and the way you used to grant access rights this may look more simple but it is not. Based on your 2nd example you still can apply my initial suggestion

  • company 1 (no access for foreign users)
    • sub company 1 (no access for foreign users)
      • general files (access for group 1+2)
      • groupfolder 1 (access for group 1)
      • groupfolder 2 (access for group 2)
    • sub company 2 (no access for foreign users)
      • general files (access for group 3+4+5)
      • groupfolder 3 (access for group 3)
      • groupfolder 4 (access for group 4)
      • groupfolder 5 (access for group 5)

this look pretty close to your expected organization… and every user from every group only has access to 2 different folders: group X and general files (of the specific sub company)

one can expect some users to become members in different groups and in turn confused somehow. if you manage to keep folder naming unique it should be good enough to manage the situation…

if not you have to formulate of straight forward scenario you are looking for, formulate clear guthub issue and hope the devs are willing to add this for good reasons your provide.

Update: same as Inheritance of rights

Did you already check out the groupfolders app? You should be able to set the permissions the was you want with it and the extended permissions. :slight_smile:

1 Like