Description
The way the Permissions in Group Folders with Advanced Permissions are implemented now is confusing to admins and users.
I see two main issues:
- Two levels of permissions when "Advanced Permissions" is activated.
Advanced permissions currently cannot allow permissions that are denied in the "normal" permissions.
To get the behaviour you have to allow the permissions to the group in the group settings and then deny them using advanced permissions on the root of the folder. You can then re-allow the permission for any child folder
This workaround has other undesired side effects. admins (configured to have full access in group permissions) that are also in a group that should only have read access (ACL Rule) are denied write in this group folder.
My proposal: When "Advanced Permissions" is activated, The "normal" permissions in the Group Folder settings should be the default ACL.
- Issue: Add Additional Rights in Advanced Permissions.
It should be possible to grant additional permissions to users that are not in a group configured on the group folder.
If a user doesn't have read permissions on a folder there is no way for him to see and of the contents inside of it, and thus adding read permissions back in a subfolder is useless since the user will never be able to reach the subfolder in the first place
This would be a very useful feature to have. I expected, that I can add read permission on a subfolder and the recipient would then see the same path to that subfolder instead of having the subfolder now directly in his home folder.
My use case: Groupfolder for IT-Department, but i'd like to share the Accounting subfolder to another person without giving that person read access for the whole IT-Department groupfolder, but see that its IT-Department/Accounting
Other example:
Groupfolder Photos. Subfolders Switzerland/Youth Switzerland/Children and Germany/Youth, now a photographer should have access to the Youth Photos of Switzerland and Germany, but not to the Children Photos. If I share the Youth folder directly, he will have two "Youth" folders (or a conflict) in his Home-Folder.
Would this be possible to implement?