Managing access rights and roles in Nextcloud: flexible security settings

NextСloud cloud storage is a secure, modern service for storing data. The open architecture of the platform allows you to organize effective remote work, conduct negotiations and joint projects, and hold meetings. This is possible thanks to the access restriction function and advanced security settings.

Advantages of the role-based management model

The peculiarity of this model is that access to internal systems and corporate resources can only be provided through the definition of roles. Opening or closing access to the user is sometimes necessary so that his responsibilities and functionality are clear.

Role-based management has a number of important advantages:

  • building a clear hierarchy with a set of rights;
  • quickly allocate equal rights to a large number of employees;
  • quick group change of parameters if necessary;
  • support for the principle of separation of powers.

How to set up access control

Nextcloud cloud storage provides users with the ability to limit personal access to specific files or folders, users or groups. User rights in the service are managed through the “File access control” application, which is located in the user menu, “Files” section. To install it, you need to click the “Download and enable” button. At the end of the installation process, the administrator account will be able to manage rights.

It is necessary to consider the structure of files to which access will be limited, as well as user groups. The structure looks like this:

Folder1File1
Photo1
Folder2File2
Photo2

To set the delimitation, you will need to group the files by setting tags. This is done in the “Actions” – “Tags” tab.

Setting up users is done in the same way, by creating new users. This structure will look like this:

Group1User1
User2
Group2User3
User4

The next step is to create folder access for specific users or groups. To do this, in the folder settings you need to select the “Details” – “Sharing” tab, and then enter a group or individual user.

The administrator can set filters when connecting rights:

  • by file type;
  • by document name;
  • by user membership in groups.

In the example, a restriction is set for users included in the group “Group1” to all files that have tags “Tag2”:

 

The Nextcloud service allows you to restrict access to certain documents from the storage for groups of users. This way, you can create a clear file structure in which only the administrator has the right to change employee access. Using a modern role-based access control model helps save time and money when designing and using automation systems.