How VFS Permissions Work

When a user logs in to the Web Transfer Client, the files and folders that the user is allowed to access depends on the permissions assigned on the VFS tab of the administration interface. The VFS tab allows you to enable or disable permissions for a group or a user as described below.

The Inherit Permission and Content settings from parent check box causes the selected folder in the tree to inherit the permissions assigned to its parent folder. For example, if you specify that folder Usr is to inherit the permissions assigned to its parent folder, then Usr has the same permissions as the Site root folder. If you clear the check box, a message appears in which you can copy the parent folder's permissions and then edit them as needed or remove all inherited permissions. (Refer to Disabling Inheritance in the VFS for more information about inheritance.)

The Encrypt contents (EFS) check box allows you to right-click a folder in the VFS tree (left pane) and encrypt the contents of the selected folder. Refer to Encrypt Data at Rest for details.

The check boxes in the Permissions area specify whether a user or group is allowed the permission:

  • Upload - Allows users to upload to their folder. By default, the Administrators group and the user folders each have Upload permission. (The All Users and Guest groups do not have this permission by default.)

  • Download - Allows users to download to their folder. By default, the Administrators group, the Guest group, and the user folders have Download permission. (The All Users group does not have this permission by default.)

  • Delete - Allows users to delete files from the folder. By default, only the Administrators group has this permission.

  • Rename - Allows users to rename files. By default, only the Administrators group has this permission.

  • Append - Allows users to add to existing files after resuming an incomplete transfer. By default, only the Administrators group has this permission.

  • Delete folder - Allows users to delete folders.

  • Createfolder - Allows users to create folders.

Contents

The check boxes in the Contents area specify:

  • Show hidden - Allows users to view hidden folders and files.

  • Show read only - Allows users to view read-only folders and files.

  • Show files and folders in list - Allows users to retrieve a directory listing (of files and folders) from the Server. If it is not selected, no files or folders are visible. By default, only the Administrators group has this permission. The Show files and folders in list file permission refers to the user’s ability to retrieve a directory listing from EFT. If this option is enabled, the user is able to see a list of files in the directory. If it is disabled, no files or directories will be visible. (Refer to the example below for more information.)

  • Show this folder in parent list - Allows users to view the folder when the parent directory's listing is retrieved. The Show this folder in parent list permission is a bit more complex in that the permission corresponds to whether the directory is visible when a directory listing is retrieved in the parent directory. The interaction between inheritance and this setting can therefore lead to a bit of confusion. (Refer to the example below for more information.)

Within the VFS system, the Show files and folders in list file permission and the Show this folder in parent list folder permission can confuse users as to the intended operation of the server. Let’s use the following folder structure as an example to explain the purpose of these check boxes.

The default folder User contains user folders for Alex and Jane.

If you select user Alex and disable the Show this folder in parent list permission for user Jane, then when user Jane navigates to the Usr directory and retrieves a directory listing, the folder Alex will NOT appear in her directory listing. To complicate matters, however, Jane still has access to the folder and if someone tells her to manually navigate to that folder, she will still be able to perform actions within the Alex folder (provided she has appropriate permissions). In this scenario, by default, when user Jane retrieves a directory listing from within the folder Alex, she will only see a list of files in the folder; she will not see any subfolders in the folder, because the subfolders, incoming, outgoing, and shared, have all inherited the disabled Show this folder in parent list setting.

  • The Show files and folders in list permission applies to both files and folders in the selected directory.

  • The Show this folder in parent list permission applies to the visibility of the selected folder in its parent directory.

  • Default inheritance rules will cause the subfolders of a Show this folder in parent list-disabled folder to not display.