Search

• Table of Contents
• Introduction
• Release Notes
• What’s New in ownCloud 10.0.4
• Installation
• Upgrading
• Configuration
  • Database Configuration
  • File Sharing and Management
  • How To Install and Configure an LDAP Proxy-Cache Server
  • Mimetypes Management
  • Server Configuration
  • User Management
    • User Management
    • Resetting a Lost Admin Password
    • Resetting a User Password
    • User Authentication with IMAP, SMB, and FTP
    • User Authentication with LDAP
    • User Provisioning API
    • ownCloud Roles
• Maintenance
• Issues and Troubleshooting
• Enterprise Features
• The ownCloud X Appliance
• FAQ

• « User Provisioning API
• Maintenance »

ownCloud Roles

ownCloud supports eight user roles. These are:

• Anonymous
• Guest
• Standard User
• Federated User
• ownCloud Group Administrator
• ownCloud Administrator
• System Administrator
• Auditor

The following information is not an in-depth guide, but more of a high-level overview of each type.

Anonymous

• Is not a regular user.
• Has access to specific content made available via public links. - Can be password-protected (optional, enforced, policy-enforced). - Can have an expiration date (optional, enforced, enforced dependent on password).
• Has no personal space
• Has no file ownership (ownership of uploaded/created files is directed to sharer).
• Has no use of clients.
• Quota is that of the sharer.
• Permissions are those granted by the sharer for specific content, e.g., view-only, edit, and File Drop.
• Can only use file and viewer apps, such as PDF Viewer and Collabora Online.

Guest

• Is a regular user with restricted permissions, identified via e-mail address.
• Has no personal space.
• Has no file ownership (ownership of uploaded/created files is directed to sharer).
• Has access to shared space. The permissions are granted by the sharer.
• Is not bound to the inviting user.
  • Can log in as long as shares are available.
  • Becomes deactivated when no shares are left; this is the shared with guests filter.
  • Reactivated when a share is received.
  • Administrators will be able to automate user cleanup (“disabled for x days”).
• Can use all clients.
• Fully auditable in the enterprise edition.
• Can be promoted to group administrator or administrator, but will still have no personal space.
• Apps are specified by the admin (whitelist).

Note

The Shared with Guests Filter

This filter makes it easy for sharers to view and remove their shares with a guest, which also removes their responsibility for guests. When all of a guest’s shares are removed, the guest is then disabled and can no longer login.

Standard User

• Is a regular user (from LDAP, ownCloud user backend, or another backend).
• Has personal space. Permissions are granted by the administrator.
• Shared space: Permissions as granted by sharer.
• Apps: All enabled, might be restricted by group membership.

Federated User

• Is not an internal user.
• Can trust a federated system.
• Has access to shared space through users on the considered ownCloud system.
• Can share data with the considered system (accept-/rejectable).

ownCloud Group Administrator

• Is a regular user, such as from LDAP, an ownCloud user backend, or another backend.
• Can manage users in their groups, such as adding and removing them, and changing quota of users in the group.
• Can add new users to their groups and can manage guests.
• Can enable and disable users.
• Can impersonate users in their groups.
• Custom group creation may be restricted to group admins.

ownCloud Administrator

• Is a regular user (from LDAP, ownCloud user backend, or another backend).
• Can configure ownCloud features via the UI, such as sharing settings, app-specific configurations, and external storages for users.
• Can manage users, such as adding and removing, enabling and disabling, quota and group management.
• Can restrict app usage to groups, where applicable.
• Configurable access to log files.
• Mounting of external shares and local shares (of external file systems) is disabled by default.

System Administrator

• Is not an ownCloud user.
• Has access to ownCloud code (e.g., config.php and apps folders) and command-line tool (occ).
• Configures and maintains the ownCloud environment (PHP, Webserver, DB, Storage, Redis, Firewall, Cron, and LDAP, etc.).
• Maintains ownCloud, such as updates, backups, and installs extensions.
• Can manage users and groups, such as via occ.
• Has access to the master key when storage encryption is used.
• Storage admin: Encryption at rest, which prevents the storage administrator from having access to data stored in ownCloud.
• DB admin: Calendar/Contacts etc. DB entries not encrypted.

Auditor

• Is not an ownCloud user.
• Conducts usage and compliance audits in enterprise scenarios.
• App logs (especially Auditlog) can be separated from ownCloud log. This separates the Auditor and Sysadmin roles. An audit.log file can be enabled, which the Sysadmin can’t access.
• Best practice: parse separated log to an external analyzing tool.

• « User Provisioning API
• Maintenance »