In today’s digital landscape, the need for robust and comprehensive data security solutions is paramount. With the proliferation of cloud storage and file-sharing platforms, ensuring that your sensitive information remains in the right hands is more important than ever.

Nextcloud, a leading open-source file synchronisation and sharing platform, understands this concern and offers a powerful solution in the form of the Files Access Control app. In this blog post, we’ll take an in-depth look at the Nextcloud Files Access Control app and how it empowers users to take control of their data security.

Understanding Nextcloud And Its Features

Before diving into the Files Access Control app, let’s briefly explore what Nextcloud is and what it offers. Nextcloud is a self-hosted and open source cloud storage platform that enables individuals and organisations to securely store, sync, and share their files, documents, photos, and more. Unlike relying solely on third-party cloud providers, Nextcloud allows users to set up their own server instances, giving them greater control over their data and security.

Nextcloud comes with a wide array of features, including file synchronisation, collaboration tools, calendars, contacts, and more. One of its most crucial aspects is the ability to extend its functionality through apps. The Files Access Control app is one such extension that adds an additional layer of security and control over who can access and modify your files.

Introducing The Files Access Control App

The Files Access Control app is a powerful tool that allows Nextcloud users to implement fine-grained access control settings for their files and folders. With this app, you can define specific rules and restrictions to govern who can view, edit, share, or delete your files. This level of control ensures that your sensitive data remains in the right hands and is only accessible to authorised individuals.

How It Works

The administrator can create and manage a set of rule groups. Each of the rule groups consists of one or more rules. If all rules of a group hold true, the group matches the request and access is being denied.

The rules criteria range from IP address, MIME type and request time to group membership, tags, user agent and more. An example would be to deny access to code files owned by the “Developers” group accessed from an IP not on the internal company network or to block uploads of files bigger than 512MB by users in the “Interns 2023” group.

Key Features And Benefits

The Files Access Control app in Nextcloud offers a range of features that provide administrators with granular control over data access:

1. Rule Groups: Administrators can create and manage a set of rule groups. Each group consists of one or more rules.
2. Flexible Rules: The rules criteria range from IP address and access within/outside specific time frame, to user groups, collaborative tags and more.
3. Denied Access: If access to a file has been denied for a user, the user cannot create/upload the file, modify the files, delete the file, download the file, or synchronise the file with clients.
4. Folder Access Control: Administrators can block access to a folder using a collaborative tag.
5. File Upload Control: It’s possible to prevent specific files from being uploaded to Nextcloud.

The benefits of using the Files Access Control app include:

1. Data Protection: By controlling who can access and modify files, administrators can ensure that sensitive data is protected from unauthorised access.
2. Customisation: The ability to create custom rule groups allows administrators to tailor access controls to their specific needs.
3. Ease of Use: The app is easy to install and configure through an intuitive UI, making it accessible even to those with limited technical knowledge.
4. Integration with Nextcloud Workflows: The app seamlessly integrates with Nextcloud workflows, allowing you to automate access control processes and streamline collaboration.

How To Use Files Access Control

Here are the steps on how to use the Files Access Control app in Nextcloud:

1. Install and access the App: While logged into your Nextcloud instance as the administrator, navigate to Apps section and search for Files Access Control and install the app. After installing the app, navigate to Administration settings -> Flow and click on Add new flow under Block access to a file.
2. Create Rule Groups: The administrator can create and manage a set of rule groups, where each of the rule groups consists of one or more rules. Create one or more rules groups as desired for your use case.
3. Set Rules: The rules criteria range from IP address, to user groups, collaborative tags and more. If all rules of a group hold true, the group matches the request and access is being denied. Add rules to your previously created rule groups, as per your needs.

That’s it! Click on Save and the rules should take effect immediately. Refer the examples below to see what kind of rules can be created.

Examples

1. Block access to file if the user is not in the “Developers” group and the file type being accessed is not an image

2. Block access to file if the user is in “Interns 2023” group, uploading a file of size greater than 512MB and is not using the Desktop Client

3. Block access to file if the access time is not between 7AM – 10PM and the request URL is not “https://mysite.com/”

Common Misconfigurations

• When trying to deny access to a group of users, make sure that sharing does not allow them to create a way back in. When users are able to create a public link, they can log themselves out and visit their own public link to access files.
• While access to files in external storage is not possible via Nextcloud, users that have direct access to external storage can change files there directly.

Conclusion

In an era where data breaches and unauthorised access are real concerns, having control over your data is a crucial aspect of digital security. The Nextcloud Files Access Control app empowers users with the tools they need to enforce granular access permissions, ensuring that their sensitive files remain secure and accessible only by authorised individuals. By integrating this app into your Nextcloud instance, you can confidently collaborate, share, and store files while maintaining complete control over who can interact with your data. Embrace the power of the Files Access Control app and take your data security to the next level.