Go
These forums are read-only and considered to be an archive. Please use the new Community for future interaction and posts.

Same User in different groups have clash in access

Dear Alacayir
I have a User A, his name is available in 2 groups Group 1 and Group 2.  Group 1 has delete access and Group 2 don't have delete access to the root folder R.  When the User A log-in, the user is unable to delete any files and that option is greyed out.  If I remove the User A from Group 2, which don't have delete access then the User A is able to delete it.  Due to internal mapping I need the user to be available in both the groups.
Your advice is much appreciated.

Cheers
Rama
Rama 11/11/2009 1:25 AM
Same problem here... testing BEFORE buying....

I have set some root folders, one for each sub company here (CompanyA-Root, CompanyB-Root...)
I want one user (CompanyA-Admin) to be able to manage its subfolders and allowed users (group CompanyA-Clients).

> so i grant CompanyA-Admin the rights to create delete upload ect... on its CompanyA-Root
> As if i want CompanyAdmin to manage its users, i have to set him as group manager for the group CompanyA-Clients,
but as those CompanyA-Clients users have no right to create upload...; my admin loose his was to upload files and manage folders...
funny no??

any help welcome
Luc 12/18/2009 2:06 AM
Deny permissions always take precedence, please build up your group and permission structure according to this fact.
Cem Alacayir 1/15/2010 5:05 PM
OK, what would you advise taht i setup for rights & groups then ?

company A : admins (manage users & rights), users (allowed updload/delete files in all folders), clients (upload in "IN" folder only)

CompanyA Root
|-- subfolder IN (anybody are allowed to upload)
|-- subfolder OUT (only admins& users allowed to upload, clients readonly)

thanks
Luc 2/2/2010 5:58 AM
I assume you have one group for each company which includes admin,users and clients of that company. First add group "CompanyA" to "CompanyA Root" root folder with full permissions. This will allow the group admin (CompanyA-Admin) to access the root folder with full access and control every permission (ie. check/uncheck every permission) on the root folder properties.

The group admin (or you, super admin) now should add every client user to the root folder "CompanyA Root" at the root level with every permission denied except the Traverse permission. I mean these members should start with minimal permissions at the root level.

Then on subfolder level, you can start to give allow permissions to the required users by adding them to the subfolders (overriding root folder inheritance).
For instance you can add client users with Upload permission in "IN" subfolder and Download permission in "Out" subfolder.
Company admin and regular users already have full access to the folders due to the group permissions.
Cem Alacayir 4/19/2010 11:50 AM