[Solved] Workspace permission inheritance

In my setup I have some users who have access to ‘Personal Files’ and some users who have access to all files. These users are split into two groups: Users and Admins.

So I have created an ‘All Files’ workspace which is the parent folder of the ‘Personal Files’ workspace on the file system. I give Users rw on Personal Files, and Admins rw on ‘All Files’ (the default permissions is none for both workspaces), and this works. But if I set deny for Users on ‘All Files’ then they also cannot write to their Personal Files. So it seems that permissions inherit across datasources, even for separate workspaces, with deny taking precedence, I can see why their might be reasons for this but it was unexpected and didn’t seem quite right.

One other thing, is that the Admins don’t have access to Personal Files, but Cells constantly recreates their user folder, filling up the ‘All Files’ workspace with folders from the admins usernames. Is there any way to stop these from being created?

Hello @AJDurant ,

Basically deny should never be used on parent nodes, because this node is above the other nodes and the deny will always win, the better choice would be to put nothing.

For this one it depends if you want to have your admin users to have their own personal-files,
if not, then you could put a deny to personal-file on the Admins group.

Here’s a couple of screenshots for a setup that should meet your requirements:

  • All files (only admins can see) displays the Users personal-files
  • No personal-file for Admins

You only need to edit those your Admins and Users group,

If you have more questions me or the team will be glad to answer them.

This makes sense, and works. My confusion came because I didn’t know of this before trying it out.

This works, putting deny on personal-files prevents them from being re-created.

Thank you @zayn that’s been really helpful.