User/Group permissions on shared file-folders


#1

NC 14.0.3
I can’t configure this scenario, even i tried many things for many hours:

Different root-folders for different projects. These folders have subfolders.

  • All members of a project should have read-only-access their project-folder and its subfolders.
  • Some members should have read-write access to subfolders.

/project-a
/subfolder-a1
/subfolder-a2
/subfolder-a3
/subfolder-an
/project-b
/subfolder-b1
/subfolder-b2
/subfolder-b3
/subfolder-bn
/project-n

Here is my problem:

  • I give Group-A read-access to project-a (including all subfolders) - works fine.
  • I give Group-A-1 readwrite-access to subfolder-a1 - DOESN’T WORK.

Result:

  • Group-A-1 still has only readaccess to subfolder-a1.

Question:
How do i configure this scenario?

Danke für Eure Hilfe
hmxmuc


Nextcloud 14 - Problem mit User- und Gruppenrechten
#2

Is there anyone with suggestions?


#3

Should all of group A have access to all of the A-folders? Meaning, should should group A2 have read access to folder A1?


#4

@Starfish: Yes


#5

Could you post a partial debug log which contain lines pertaining to you setting up the shares? It might shed some light.


#6

I think, it is a problem of “win of the lowest permission”. Not a configuration problem.


#7

I have set up a test now on our production environment.

TEST-FOLDER (Read access to User1&2)
|->Child_Folder_1 - Read/Write User1
|->Child_Folder_2 - Read/Write User2

Checked, and the permissions are set this way. So imho your scenario should work. Unfortunately I can only confirm with the users I shared with tomorrow during work hours as to what permissions they have, but will report back to you if that would help?


#8

I have to try your scenario with the Users (not Groups). I report.


#9

I have checked with the users with whom I had shared the folders.

Under the heading Shared with you for user1 appears two folders, TEST-FOLDER and Child_Folder_1. If the user clicks on the TEST-FOLDER, at the top appears the message You do not have permission to create or edit files in this folder, but if user1 navigates from Shared with you > Child_Folder_1 they are able to create and edit files and folders. So, by design, it seems your scenario will work if you set it up the way you do. The difference comes in how the user navigates. I see no reason why this would be different for users and groups.

Maybe if I have the time I will log it to github, as I see a possible feature enhancement here.