Users / Teams Visibility

Resources policies

Pydio Cells provides an additional layer of collaboration for the end-users: resources like teams, users, but also links and cells, are protected with flexible security rules defining ownership, read and write accesses.

These policies are using the same approach as security policies, with a "Deny By Default" behavior and a possible set of rules that can be applied to any resources, with users, roles or groups as "Subjects".

Concretely, this means that when a user creates a shared user in her Address Book, she can defines how this new object will be "seen" by other people, and optionnaly let other people edit this object as well.

Rules Examples

Users resources are protected by these rules. For instance, when the Administrator creates a user, depending on the profile of the newly created user, one of these default rules is applied:

Resource Subject Action Effect Comment
User.Uuid profile:admin write allow user is always editable by admins
User.Uuid profile:standard read allow user is visible in address books of other users
User.Uuid user:User.Uuid write allow user must be able to edit himself

In comparison, when a user A creates a shared user B, B is not visible to others by default, thus the rules would be:

Resource Subject Action Effect Comment
User.B profile:admin write allow user is always editable by admins
User.B profile:admin read allow user is always visible to admins
User.B user:User.Uuid read allow user must be able to read his own properties
User.B user:User.Uuid write allow user must be able to edit himself
User.B user:User.A read allow user B is only visible in user A address book

If User A wishes to share this user with all users of a team XX that she has previously created, she could add the following rule to the list:

Resource Subject Action Effect Comment
User.B role:TeamXRoleId read allow let users with role TeamXRoleId see this user B

Again, this behavior can be applied in a similar manner to Teams, Cells and Links. We may expand this to Roles and Groups in a near future.

User Interface

Of course, these rules are not "written" manually by end-users, but we provide an interface for that. Users can find the "Visibility" panel at various places in the interface, for handling exactly that.

Users and Teams

Visibility can be set up by end-users via their Address Book.

For users:

For teams:

Links

When a user has shared a file or folder, a "share" icon is displayed in the various lists where the file appears, but by default, only for the user that have created the share can see this icon. The link visibility panel allows the users to also display the icon for some chosen others that have access to this file / folder.

Cells

Cells are ways to share data with other users. When you select users for sharing, you can notice that the default visibility rules grant "Read" access to this Cell for these users. Warning: this "Read" access is just about being able to read the "metadata" of this Cell, and is not to be mixed up with the Read/Write permissions that define the actual content of the cell.

Back to top