Simple folder access use case - Cannot make it work

Hi all

Installed pydio cells for evaluation and I cannot make a simple file permission use case work, I must be misunderstanding the concepts.

Logged as admin, I have created a File System workspace, two groups (A and B) and two users (user X and user Y), user X is in group A and user Y is in group B.
Both users have read access to the workspace.

I have created two folders in the workspace and I cannot find or understand how you would allow access to one folder to group A and deny it to group B and vice-versa for the other folder.
File permission dialog on the folders only allow to change the access mask (rwx) but not the owner or group itself.

How do you make this simple use case work in pydio ?

Thank you

Hi,
the enterprise edition offers the micromanagement feature for folders inside workspaces,
for your case, with the home edition you would have to create 2 different workspaces.

here’s how it looks like in the enterprise edition

Thank you for the information

Hello,

Sorry for dropping in the conversation a little bit late (hope you won’t consider this necrobumping :wink:), but I only started using Pydio Cells this week, though I’ve been using Pydio since it was still called “Ajaxplorer” about 10 years ago (damn, are we getting old or what? :open_mouth:).

First I’d like to congratulate the Pydio team for bringing the community such a wonderful tool and continuing to bring innovations such as those available in “cells”, thank you!

Although I can very well understand that the Pydio developers need to push the paid “Enterprise Edition”, I am quite surprised to discover that the granular access control of “Read/Write/Deny” permissions on workspaces’ sub-directories is not available in the “Home Edition”. As, IMHO, it is one of the most basic requirement one can expect from a file-sharing system such as Pydio.
For instance, a family using Pydio Cells “Home Edition” would more than likely have only one main datasource containing a few sub-directories that would get different accesses. Be it as simple as one accessible by the adults and another accessible by the children…

Now, as @zayn stated, it would be possible to achieve this by splitting a root datasource’s subfolders into many datasources but then it appears to be so cumbersome…

One could probably also achieve something close to setting ACLs on sub-directories by creating individual cells, but then again, it appears to me that this is not the intended use of cells.

I might be wrong of course and, as I said, I’m only starting to explore “Cells”.

So I’d like to ask if it would be conceivable to have, for example, the possibility to control ACLs maybe only up to one sublevel in the Home Edition?
As this would avoid the unnecessary management complexity of having numerous datasources, while still limiting the possibilities that might be required in an “Enterprise” deployment scenario.

Asking this brings me to another question: is there a place devoted to Pydio Cells “feature requests”? As this is typically something that would find its place there.

Finally, can I draw the Pydio team’s attention to the fact that, although most limitations seems to be well specified in the documentation, this particular one is not indicated. To the contrary, on the Roles and Inheritance page of the documentation, the Access Control Lists paragraph is stating:

… In the various users/roles/groups editors, one can grant permissions on Workspaces or on workspaces subfolders in two ways: statically using simple Read/Write values, or dynamically using Security Policies (Enterprise Edition).

And further down, under Static Accesses:

… When editing ACLs, we recommend sticking to the Workspace level of granularity, to make your security model more maintainable. In some cases, you may require to directly assign rights at a folder level. For that you can use the “+” button next to the workspace name to list the workspace children and assign rights accordingly.

Which clearly let the reader think that this feature is available in the Home Edition of Pydio Cells!.. As one, like the OP and myself, would probably expect :wink:

The last point I’d like to make regarding the documentation, and more broadly about the available information about Pydio Cells, is that I was unable to find information regarding the effective pricing of the “Enterprise Edition”, except for contacting the Pydio’s sales team. This, IMHO once again, does not motivate potential “deployers” to consider using Pydio Cells ED when planning solutions for their clients.
Being an IT consultant, I regularly have to quickly elaborate potential solutions for my clients’ requests and give them a rough cost estimate. In my situation, having to contact a sales rep before I can even roughly evaluate a solution’s cost is most of the time a show stopper that will drive me to look at other options for which I can get an immediate idea of the involved costs.

Let me finish by thanking once again the Pydio’s team for all the fine work they are doing, I sincerely hope that the few remarks I made here above might be taken into consideration and will possibly help in some way.

Best to you all.

Hey @tacticz
In one word: this folder-level ACL feature split between home and enterprise was actually exactly the same since years in the Pydio PHP version. So we did not change that. And clearly in the old version, messing with ACLs at the folder level was utterly dangerous, so we only wanted people to use this in a controlled environment (namely customers speaking to us :slight_smile: ). That’s the why. Now for moving back the feature to the Home edition, we have to discuss that.
About the Docs, indeed we may have to update them accordingly.
Finally about the pricing, we’ve removed pricing as of now because some people would assess the usage of Pydio depending on its pricing (from ‘it’s too expensive for my usage’ to ‘they are serving only SMBs as it’s not expensive enough’ - no joke). But we are thinking about that as well.
Finally for the Features Request, it’s still best to open new thread in forum, and to let the team invite you to open a Github issue if it’s not already there.
Best!
Charles

Hey @charles

Thanks for taking the time to answer!

Once again, IMHO, this would be a great move, even with the restriction to only one sublevel for the Home Edition as said before.

I think I read somewhere that the documentation could be edited by the community (via GitHub). I’d be happy to give a hand with that if it would be of any help to the team since I also noticed some (minor) language errors along the way :wink:

I get your point. And it is true that the perceived value of a solution is essential in the customer’s decision making process. Nevertheless I’m still convinced that a thoughtfully designed product strategy could lead to a publicly advertised pricing scheme that wouldn’t hurt your sales.
Then again I’m far from a marketing expert and certainly wouldn’t consider myself as the best advisor on those matters but, for example, one thing that still surprises me is that, to my knowledge, Pydio isn’t currently offering its services through a SaaS platform (or am I wrong?).

Anyway, I guess I’ll now and then have a look at your pricing page just to know whether you decided to keep your current policy since I guess we better not divert this thread into discussing those matters…

Best to you all.

Update: Right after posting this I had a look at your pricing page and found out that you are now advertising about it, great :+1:

Hey @tacticz.

If you are willing to help double check and enhance the documentation, we will be more than happy to accept your contribution.

You just need to have a look and sign the contribution agreement here: https://pydio.com/en/community/contribute/contributor-license-agreement-cla

And then add pull request on the main branch of the corresponding github repo here:

We integrate them on our website on a regular basis.

Thanks again for the feedback.

Regards,

Bruno

Hi @tacticz,
I’ve spent a fair amount of time looking for somewhere that offers PYDIO as a SaaS option.
I don’t suppose you’ve had any luck finding one since you wrote this email?
Many thanks
Lloyd