Dynamic Folder ACL based on user name

I am attempting to set up a workspace structure where the parent workspace would contain separate folders for 80+ users (essentially each user gets their own folder). For example, workspace Parent 1 would have 80 subfolders in it like username1, username2, username3, etc.

The special scenario is that user1 should not be able to see the other 79 folders belonging to user2, user3, etc.

I know you can set the workspace permissions manually for subfolder and each user but this would be mean for each of the 80 users I would need to set the permission to deny for 79 folders (way too much clicking).

I have read about creating context-based ACLs and am wondering if this will help automate my permission creation by applying RW privileges to users based on if the folder at the end of the path matches their name.

I am using enterprise pydio 4.3.3

I am running this on a linux EC2.

I have found the security policy documentation but am having a hard time figuring out what to set in the security policy and there are not a lot of examples in the documentation.

If i understand your user story correctly, what you want to achieve is something like a second (and custom) kind of My Files workspace for each user.

This is quite easily achieved with the Template Path.

  • you create a template path in the form
Path = DataSources.anotherspecificdatasource + "/" + User.Name;
  • you create a workspace:
    • that uses the template id that you’ve just created as path
    • That is named to your liking
  • You give access to this workspace to your 80 users.

Et voilà…

Hey bsinour. Thanks for the suggestion. I think this is close but I might be missing some details about the actual deployment of it.

I make a storage space and use that for the workspace. I would have 2 high-level users that would be able to see everything in the workspace. From there the other 80 users would only be able to see a top level folder and their own custom My Files folder essentially.

I would want the folders to have the names of the users so that it is easier for the 2 high-level users to identify each.

I am a bit confused about how template paths work and how we can create some custom folder permissions in the same workspace. Also would I be able to also put the workspace name as a variable in the template folder path?

Simply also create a second workspace with following characteristic:

  • it uses a folder path and points to your DS: e.g. anotherspecificdatasource
  • you give R/W permission to this 2nd workspace only to your power users