While Nextcloud is often used in companies to replace aging ‘shared folder’ solutions like a Windows Network Drive, the sharing model modern Dropbox-like solutions use is very different. Rather than a single, fixed folder structure available to all users and tightly controlled by the IT administrators, users have their own view on their data and can share files and folders at will with others. Recipients receive shared files in their home file view as independent files and folders they can move, re-organize and even rename and re-share.
What are the benefits and downsides of these two models and how does Nextcloud bring you the best of both worlds?
Most modern file sharing platforms provide users with their ‘private’ space for documents. They can freely share individual files or folders whenever they want, controlling access rights if they want. When somebody shares files with them, these are added in their document list, usually with a little share icon or avatar of the owner. Users have the freedom to re-organize their own files, including the ones shared with them.
This flat, user-centric way of sharing allows low-friction, direct collaboration within the organization but also across its borders as most solutions allow making documents or folders public. Users are empowered to make decisions on who gets to work with them how, without needing heavy oversight or top-down decision making. This is a better fit with the flexible, fluid demands of modern organizations. To ensure compliance, Nextcloud offers a rule-based file access control feature with Flow.
Before this flat way of sharing, network filesystems would effectively be a single ‘drive’ shared with the entire organization. A single folder structure, where everybody often had their own little space (their home directory) and many shared folders and files. A major difference between the folder tree ruled by system administrators and the user-centric view is the use of access control lists (ACL’s) in the ‘old’ world.
Wikipedia describes Access Control Lists this way:
In computer security, an access-control list is a list of permissions associated with a system resource. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation.
In the world of files and file systems, “the privileges or permissions determine specific access rights, such as whether a user can read from, write to, or execute” a file.
These ACL’s allow an admin to share a folder with all users while changing the access rights on sub folders and folders in those folders and so on. This makes it possible to have read-only access to a top folder, write access to a sub folder, read-only to a folder in there again and so on. This was a crucial feature to make the “single large shared drive for all organization members” model work.
Nextcloud can give users access to a Windows Network Drive (WND) as external storage. These have such folder structures with ACL’s, and might even contain user home directories which each also are managed by ACL’s. Nextcloud reads, understands and gives access to data to users based on these ACL’s, but does not otherwise expose them to the administrators for manipulation.
This helps organizations who still have a legacy WND to migrate to a more modern, user-centric way of collaboration.
But there is still a real need for more centrally managed resource sharing. Think of a common folder for the Sales team or the Marketing team. Certainly, the team lead could share a folder everybody has access too, but there are too many situations in which that would not be ideal. Changes in management, certainly, but also a potential for user mistakes like removing the share. Also, not in the least, the quota rules in Nextcloud mean that this team share is counted against the manager’s quota, which can cause problems.
For these reasons, Nextcloud has introduced the concept of Group Folders. These are configured by the admin, have their own, set quota and can’t be un-shared accidentally.
In a way, these folders bridge part of the gap between the ‘old’ world of a shared folder structure, and the ‘new’ world of flat sharing. But that old world had some additional benefits. What about the need to shield part of that folder structure from some of those who have access to it? What about ACL’s?
Indeed, Nextcloud offers support for ACL’s in group folders. This can be enabled on a group folder. System administrators can then set, on every file and (sub)folder in a group share, specific access rights. These are inherited by default, so a ‘no write access’ for a specific user or group will apply to all files and sub folders, unless overridden again by the system administrator at a deeper level. Managing access permissions can be delegated to specific users or groups.
Available for configuration are Read, Write, Create, Delete and Share permissions, each of which can be set to ‘inherit’, ‘allow’ or ‘deny’ for each user or group for each file and (sub)folder in a group share.
To set up a group folder with ACL’s, the administrator enables the Group Folders app, creates a group folder and selects the groups who should have access to it. Make sure the admin who has to set up the permissions is included. Then, enable the ‘advanced permissions’ setting.
In the Files app, go to the group folder and look at the sharing view. There will be a group folder permissions view, where you can specify permissions. Use the ‘Add advanced permission rule’ button to add a rule.
You now pick from a list of all groups and users who have access to the group folder and can then set the fine-grained permissions. Note that ‘inherit’ is default, and by removing the rule with the ‘x’ on the right you can return to the permissions inherited from the parent folder.
Users can see what their rights are, but not modify them, unless they are part of the users and groups who have permission to manage the ACL’s.
Groupfolders with ACL’s bring a controlled way of sharing team resources to Nextcloud without fundamentally changing the flat, user-centric collaboration model it is built on.
Nextcloud has been recognized with the World Summit Award Germany that selects and promotes local digital innovation improving society, aiming to contribute to the United Nations' agenda of sustainable development goals.
Read More
Nextcloud has been awarded Platinum at the IT Awards 2024. Today, we celebrate this win together!
Read More
The first ethical, open-source AI assistant that can get a multitude of tasks done for you without compromising your data.
Read More
Nextcloud Hub 9 lets you stay connected. Discover new federation features, workflow automation, big design overhaul and much much more in your favourite open-source collaboration platform!
Read More
DIE ZEIT, a prominent German outlet, interviewed Nextcloud’s founder Frank Karlitschek for an article on Microsoft’s anti-competitive behaviour on the European office software market. Read for a recap of the article and the key takeaways.
Read More
MagentaCLOUD’s migration to Nextcloud in 2021 resulted in a fully equipped Online Storage with an integrated online office suite that further improves the user experience, flexibility and security for customers.
Read More
We bring you a major update to the Nextcloud AI Assistant, plus the news we work with several big hosting providers like IONOS and OVHcloud to bring AI-as-a-Service options to you!
Read More
Bechtle and Nextcloud announce today a complete managed collaboration platform for the public sector that requires no tender and can be deployed immediately.
Read More
Discover how to make the switch from ownCloud to Nextcloud. Our quick guide provides insights into the migration process, helping you make the transition smoothly.
Read More
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
Read More
Nextcloud founder and CEO Frank Karlitschek earns the honorary SFS Award at the 20th annual SFSCON taking place in South Tyrol, Italy.
Read More
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Read More
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]
Read More
Maintenance updates 28.0.12, 29.0.9 and 30.0.2 for Nextcloud Hub 7, 8 and 9 respectively are here! Read an update summary and access full changelog on the website.
Read More
Frank Dengler from audriga joins the Nextcloud Enterprise Day program with a keynote about migration from SharePoint to Nextcloud. Read this article for more details about the keynote and the speaker.
Read More
