Users/teams visibility

Resources policies

Pydio Cells provides an additional layer of collaboration for the end-users: resources like teams, users, but also links and cells, are protected with flexible security rules defining ownership, read and write accesses.

These policies are using the same approach as security policies, with a "Deny By Default" behaviour and a possible set of rules that can be applied to any resources, with users, roles or groups as "Subjects".

Concretely, this means that when a user creates a shared user in her Address Book, she can defines how this new object will be "seen" by other people, and eventually let other people edit this object as well.

Rules Examples

Users resources are protected by these rules. For example, when the Administrator creates a user, the defaults rules are applied :

Resource Subject Action Effect Comment
User.Uuid profile:admin write allow user is always editable by admins
User.Uuid profile:standard read allow user is visible in address books of other users
User.Uuid user:User.Uuid write allow user must be able to edit himself

Where as when a user A creates a shared user B, by default B is not visible to others, thus the rules would be

Resource Subject Action Effect Comment
User.B profile:admin write allow user is always editable by admins
User.B profile:admin read allow user is always visible to admins
User.B user:User.Uuid read allow user must be able to read his own properties
User.B user:User.Uuid write allow user must be able to edit himself
User.B user:User.A read allow user B is only visible in user A address book

If User A wishes to share this user with all users of a team XX that she previously created, she could add the following rule to the list

Resource Subject Action Effect Comment
User.B role:TeamXRoleId read allow let users with role TeamXRoleId see this user B

Again, this behaviour can be applied in a similar manner to Teams, Cells and Links. We may expand this to Roles and Groups in a near future.

User Interface

Of course, these rules are not "written" manually by end-users, but we provide an interface for that. Users can find the "Visibility" panel at various places in the interface, for handling exactly that.

Users and Teams

Visibility can be set up by end-users via their Address Book.

For users :

For teams :

Links

Managing links visibility will allow the users to let the link they create appear on the files, when inside a workspace shared with other users.

Cells

As Cells are ways to share data with other users, you can notice that when you select users for sharing, then by default the Visibility rules will grant "Read" access to this Cell to these users. Warning, this "Read" access is just about being able to read the "metadata" of this Cell, and is not to be mixed up with the Read/Write permissions that define the actual content of the cell.

Back to top