Tech Info for NextCloud

Tech home page - Applications List - End-user NextCloud

This Page

Ths page still under construction - the info for XRNL Tech team members about NextCloud.



User Management, Access control

See information for the XRNL NC instance

External resources


  • NextCloud consists of a core system which includes some Apps as standard, plus others which can be added in by the System Admin.
  • Apps Overview This is a Settings page on our instance of NextCloud which provides info on the status of all Apps in use. It shows which Apps installed are on our instance, indicates their version, whether they are Enabled or Disabled, and if there is an upgrade available.
  • List of the most important Apps used by XRNL NextCloud in the table below, along with links to where they are configured locally, and additional info.

App NameSorted ascending Purpose Local
Config
Appstore
Entry
Releases
NextCloud (or OO)
Help Forum
Github
Group Folders Allows Admin to create folders whose permissions are set up using only Groups of users GF
Releases
GF
Releases
GF GF
OnlyOffice (connector) Allows users to edit common file types within their web browser.
See also info here on OnlyOffice website
OOC OOC
Releases
OOC OOC
Password Policy Allows the configuration of a password policy, including minimum length, character types which must be included. PP Not included in NC App store PP PP
README.md Displays info text in NC folders (for instance at NC root level) Readme Readme
Releases
Readme Readme
Registration Allows users to self-register their own accounts which are immediately made member of Group "AAA_RecentlyAdded". The "User Instructions" which the users will see in the Self-regn process are configurable, and include XRNL specific rules. Reg Reg
Releases
Reg Reg
Text Text Editor. See Blog post:- NC introduduces collaborative rich text editor
See also wiki page with more detailed info on various Text editors in NextCloud
No local config settings Not inclued in NC App Store. Not a topic in NC Help Forums Text
TOTP Time-based One Time Password Provider (2FA using Google authenticator or similar) TOTP TOTP
Releases
TOTP TOTP
Two Factor Admin Two Factor Authentication Admin Allows easy viewing, override of 2FA 2FA Admin 2FA Admin
Releases
2FA Admin 2FA Admin


Permissions Scheme for NextCloud

This the permissions (access control) scheme established for XRNL in May 2020. This has come out of extensive discussions with customers, technical experts and such - and is intended to give a reasonable compromise between:-
  • "far too much flexibility, chaos"
  • and "too restricted, unusable for most situations".

The scheme is based on a four level folder structure, created and controlled via Group Folders App. The notes below apply to most team areas (eg Circles, Local Groups, Actions, National Projects and Communities). There are two special setups where a modified scheme is in place. These special setups are:-

Detail of standard permissions scheme
  • These folders can ONLY be created or have their permissions set and adjusted within the "Group Folders" app in the web interface by a NextCloud admin. Once a folder has been created it CANNOT be renamed.
  • First three levels provide navigation only, are readable to all users; they contain no files - only Folders.
  • The third level folder is the team Home - all content is in folders below this point. Folder has _Home suffix
  • At level Four are the Folders which can be used to add in content.
    • Two folders provided as standard with particular permissions set.
      • _Sharing suffix folder (and below) is for content shared outside the Group. All those who have an account on NextCloud have read access. Teams can also share selectively with whole world, either individual files, or a particular folder and its contents; such sharing is enabled via a special link which you could be placed in an email, in a Mattermost post & co.
      • _Internal suffix folder (and below) is an area for the related Group only to create and update content. No-one else has access, not possible to share anything from this area.
    • Deletion of content - members of the related Group can Delete items from the _Internal and _Sharing areas. Backups are taken. Teams will need to take care to give RW access to those who will not inadvertently cause damage

Level Folder Naming Permissions
Read Write Delete Share
ONE CloudXRNL Everyone none none none
TWO organisation grouping, examples:-
•Circles
•LocalGroups
•Communities
•NationalProjects
•Events
Everyone none none none
THREE name of Circle, LG, Community etc
plus Suffix _Home, examples:-
•Finance_Home
•Utrecht_Home
•XR Jongeren_Home
Everyone none none none
FOUR name of Circle etc
with Suffix _Sharing, example:-
•Finance_Sharing
Everyone team RW Group
eg Finance_RW
Finance_RW Finance_RW
name of Circle etc
with Suffix _Internal, example:-
•Finance_Internal
none team RW Group
eg Finance_RW
Finance_RW none
Topic revision: r16 - 15 May 2021, JohnITDH
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding XR nl? Send feedback