Folder Sharing with fine-grained permissions - help!


#1

Hi all,

I’m sure this is a newbie question but I’ve spend an hour googling and not found an answer. I want to set up a document tree with selective permissions. I’ve created a dedicated user to host the shared documents, and then created some top level directories:

  • Client Folders
  • Payroll
  • Company Documents

Then inside each I want to create subfolders (eg Client A, Client B under Client Folders) that are allocated to individual users or user groups, such that they can only see the subfolders that have been shared with them. However what I find is that if I give everyone access to the “Client Folders” folder for example, they have full permission to everything underneath, regardless of the share status of individual files or folders. Is it not possible to share a root folder, and then selectively share subfolders? And if so, how do I set that up (happy to be pointed to a how-to or formal documentation if there is some).

If I just share the subfolders with my users and not the top level folder, then they have a cluttered root folder with Client A mixed with Payroll subfolders etc and no structure to it.

Thanks,
Zane.


#2

Zane_Wilson,
I think I understand what you are trying to do. I am not sure how you have your shares configured. However, I think I do something similar… most all my shares are via SMB across my network to RAID boxes. What I do is create multiple separate shares with the permissions I select via individual users or groups. A few revisions of oC ago I was forced to do this because sharing got changed that I could not “drill” down more that 2 levels beyond the root directory. This meant I had to move gigabytes of data to higher level directories “nearer” the root directory. In the end it worked out OK and is a little bit better organized as well. Not sure I made my response clear enough but it works well for me. :slight_smile:


#3

In ownCloud you can’t break inheritance at this time, so if you share a folder - all subdirectories can be seen. If you do a share, its always at the / level of the user, or in a predefined folder. However, the sharee can do all kinds of sorting by himself/herself in a self-service way and you can always corespond using the private link as a common denominator. Its a different system then when you use SMB …
We are however looking at forced group shares, but they would not allow what you describe above as they again would inherit rights.
Using SMB and mounting it into ownCloud you can show the described behaviour, like described by @kolbmech and this might or might not fit your use case.


#4

Hi,

I don’t want to do multiple individual shares because then the users will see all those shares in their root folder without any organisation.

Is it possible to share multiple folders with a larg number of users, and then in an automated/scripted way, move those folders as they appear in each user’s root view into local subdirectories?

Eg if I have Client Folders -> Client A, Client B, and Client C - I can share A and B with user1, B and C with user2; then each user can have a local Client Folders directory created and their shares of ClientA/B and Client B/C moved into it. Then each user has “Client Folders” in their root, with the correct subset underneath.

I can do that manually by impersonating each user, but I’d like to be able to automate that.

This would give me sufficient granularity to be useful.

Regards,
Zane.


#5

With a CLI WebDAV Client like “cadaver” you could indeed automate this. For sharing its the share API and then WebDAV for move and rename (if needed). Hope this helps.