Write access only to specific source or scope?

[verybadsoldier]

Hi everyone,

is there a way to configure access control to give a user write/edit access only to a specific folder or scope?

I understand the current access control system so that write (and edit) access is given to a user only globally and it then affects all sources and directories a user can access. So, the sources and scopes are defining if a user has access or not and the type of access is only assigned globally in the user management for a user.

Is this correct or is there a way to give more fine grained delete/edit file permissions? So, you could say "user A has generally only read access but he has write access to source XY".

[gtsteffaniak]

Yeah this would be done via access control, currently it's not too granular to deny/allow based on user/group permissions

I think this will come as an enhancement to the access control system

[Migs3]

Is there still no granular RBAC type control over user/group specific permissions? This seems to be the main lacking feature in almost all of the file browsing apps I've tried thus far.

Basically, my goal is to have groups that grant specific (read only, or Read/Write) access to specific folders. And I would then manage those groups in my oidc provider. (would also be nice to add specific user control as well, even for those that don't use oidc or other providers)

The page here https://filebrowserquantum.com/en/docs/access-control/rules/#example-5-read-only-area
seems to suggest this is possible, but there aren't any actual examples on how to set it up this way.

[gtsteffaniak]

this is going to be a feature soon... several related requests:

#1669
#1919
#435
#1335
#1964

This is planned, but no specific timeline. likely within a couple months.

[Migs3]

I see a little progress was made in that userGroup is now a thing in beta. Does this help in the effort to "make groups great again"? ;p