Restriction for files, Groups

Server
1

Hello,

we are a school and want to use Owncloud 10.4 as follows:

  • We have set two users 1 Teacher 2 Pupils, these are members of two groups BGSteacher and BGSpupils (Pupils only in the latter group). Admin rights for both groups has only the teacher.
    We don’t want hundreds of users just one access for teachers and one for the pupils.

Now the following problems:

  1. Teachers should see and edit the folders of the teacher and pupil-group. At the moment we see just the folders of the teachergroup if we are logged in as teacher.

  2. We would like to restrict the access of the pupils: Some files in the pupils-account should not have the possibility to download or delete, just to see in the browser (e.g. mp4-videos).

  3. The pupils should not see or change the settings button, so they can not change the password or something similar.

How do we achieve these goals? Is there a solution with the guest-app or with tags or user-defined groups?
I tested several things, but don’t get it.
Can you help?

Greetings from Germany

2

Some are easy, some not so or impossible.

  1. You would need quota 0 for all pupils and share folders from the teachers with them, otherwise the teachers can’t see the content. You can use a function user for that sharing and always share with the group of teachers as well …

  2. A view of a video in the browser is technically a download. Therefor it makes no sense to prevent this. Theoretically you could alter the UI to grey out the download button for certain mimetypes, but really there are many workarounds including the API. So you can hide things here but you can’t prevent them.

  3. This can be altered with a theme in the UI or you use LDAP for usermanagement/password setting …

Guest accounts and other means don’t help here as far as I can tell on first view …

1 Like
3

Well, thanks very much for your answer.
Unfortunately I do not understand how to alter the ui or what quota 0 means.
Sorry, but I need a more detailed description (for dummies).
If it’s not possible to restrict downloading files, what about delete-restriction.

I can see as admin under settings and “share” ‘user and group standard authorization for sharing’ and the possibility to set a cross at create, change, delete and share.
How can I use this to achieve what I described above?