We have a number of clients on our NextCloud - small businesses with a few employees - and I’ve created individual groups for them, so that, with the “restrict sharing to group” option, they are isolated from one another.
So that, from their perspective, it’s as if they’re the only ones using the cloud and they only see others in their own group in the contacts menu and such.
Which is great and exactly what’s needed.
But there might sometimes be occasions where, while not undermining the group isolation, there is a call to share outside one’s group.
For simple example, I’m an admin on the NextCloud instance and so it would be useful if they could temporarily defy the group isolation to contact me for support, or that I could temporarily defy group isolation to share a file with them - e.g. a copy of the NextCloud user manual, say.
The way I envisage this happening is that you can refer to another user account outside your group in the same way that you can do federated cloud links.
That is, presuming my user account was called “admin” on the “cloud.example.com” NextCloud server, then any user - be it on the same or remote cloud - could refer to this account as “admin@cloud.example.com”.
Kind of like, I guess, an “absolute pathname” to any user account on any instance.
Including to user accounts that are on the same cloud but in different groups, so that we could still benefit from group isolation - yet you can temporarily defy this to share between different groups on the same cloud, by referring to them with their “absolute name” of “user@cloud.instance.com”.
Because, basically, the group isolation is good. But, as an admin, there are sometimes occasions where I need to share or communicate beyond my own group - to support our clients - and it’d be good to be able to do things in the way I described. To keep group isolation, but allow it to be by-passed - and in basically the same way that you’d share with a user on a completely different instance (or, put another way, that the federated cloud sharing doesn’t actually care whether the account is on the same instance or not - because users should not need to know or care about this, and it should behave that way for them too).