Подскажите, как реализовать подобную фичу:
Необходимо, чтобы одна группа пользователей (admin) видела файлы другой группы (user), а юзеры могли бы видеть и взаимодействовать только со своими файлами и не видели файлы других юзеров.
hi @Alex_Sapronov welcome to the forum
Admins can access
files everything of the user with “
impersonate” app… using impersonate is reported in users activity (AFAIK)… Permanent and “silent” access from one user to another users files is somewhat against the privacy idea behind Nextcloud.
you can take a look at circles and collectives apps - maybe you can build some smart config around them…
you can create a group folder where admins and users participate and having (low) quotas user must use this group folder to collaborate, but this way all the files exist there and accessible by everybody.
P.S. your requirement sounds somewhat like a school - search for Nextcloud + school or university - likely the was some discussion already.
I do not recommend the app Impersonate. This allows an administrator to assume the identity of any user. This does not increase trust in administrators. I even consider this a data protection violation. The app should be removed. The app is not officially supported in Nextcloud 25.
Maybe you should take a closer look at the principle of Nextcloud as a collaborative platform. For example, Nextcloud offers the possibility of using Group folders. There is also such a thing as data protection. Private files should remain private. If not, I would recommend your users to switch to another Nextcloud. There are hundreds of thousands on the internet.
Use DeepL Translate: The world's most accurate translator to translate back to russian.
I definitely share your concerns regarding privacy @devnull but like many other technologies this is not the app itself it’s the human who use it for good or evil purposes. Impersonate App is definitely a good idea for user support - not every user want and can dig through settings and sometimes prefer to delegate account administration to an admin.
But definitely the admin should never access the account without a reason and knowledge of the user. At the end this is more a theoretical discussion - “the admin” often has access to server storage as well and doesn’t require the impersonate app to access the files. In opposite such app can be more trustful as access is/can be authenticated and logged by the application itself.
Yes @wwe i agree with you in the most points e.g. “good or evil purposes”.
But “remote” administration support does not work with e.g. Impersonate for me. I think it is better if the administrator and the user look at the situation at the same time, e.g. via a split screen in Nextcloud Talk, BigBlueButton or Jitsi. So that the user retains control over his own data. And just because you could do something as an administrator does not mean you have to apply it.
I don’t believe and hope that if I ask Microsoft, they will accept the identity of my Microsoft 365 account if I have one there. Funny that there are companies that can work with Microsoft 365 without the possibility of identity assumption. Seems to be necessary only for Nextcloud.
I continue to believe that Impersonate is dangerous and unnecessary.
Same at Microsoft 365. Does this justify the possibility of assuming the identity of users?