Introduction to Permission Groups - Controlling Access to Folders
Just as User Settings Templates control access to EFT resources such as bandwidth allowances and connectivity privileges, the Permission Groups control access to folders and the files within. Permission Groups set user virtual file system (VFS) permissions to folders. EFT creates the following default Groups for every Site: Administrator, All Users, and Guests. You can create new Groups and/or modify the settings for the default Groups. Consider your security and access needs, configure Groups according to those needs, then add users to the Groups based on the permissions that you want to allow. The Groups node appears in the left pane under the Site node on the Server tab. (You cannot move Groups between Sites.)
To specify user permissions
-
Create a Group (on the Server tab)
-
Add users to the Group (on the Server tab)
-
Add the Group to the Permissions pane (on the VFS tab)
-
Set the Group's VFS permissions (on the VFS tab)
To view Group permissions
-
In the administration interface, connect to EFT, then click the VFS tab.
-
In the left pane, click a folder. The default Groups appear in the Permissions pane. Groups that you have defined on the Site do not appear in the Permissions pane until you add them.
The default All Users and Guests Groups have minimal permissions; the Administrators Group has every permission. The letters and their organization in the Permissions column (UDADRSCDLHO) represent the permissions that are enabled:
U = Upload
D = Delete
R = Rename
S = Show this folder in parent list (show the folder selected in the left pane)
C = Create Folder
D = Delete Folder
L = Show files and folders in list
H = Show hidden (Show files and folders in list must be selected)
O = Show read only (Show files and folders in list must be selected)
If the permission is not enabled, two dashes appear instead of the letter. The default Groups have the following permissions, but you can edit them to suit your needs:
-
Administrators = UDADRSCDLHO; every permission
-
All Users = -- -- -- -- -- S -- -- L -- -- ; Show folder in the parent list and Show files and folders in list
-
Guests = -- D -- -- -- S -- -- L -- -- ; Download, Show folder in the parent list, and Show files and folders in list
Groups can provide the permissions implied by their name (that is, the Upload file Permission allows users in the Group to upload files; the Delete folder permission allows users in the Group to delete files).
Users' permissions are inherited from the Groups to which they belong. For example, if user jsmith is a member of the Accounting, All Users, and HR Groups, their permissions are combined. The Inherit check box is not available when the root folder (for example, MySite - Root Folder) is selected.
For detailed descriptions of the permissions, refer to How VFS Permissions Work.
Lost Users in Permission Group
If a Site is stopped (disabled) when the EFT server service is restarted, and then the Site is started (turned on), and users are removed from all administrator-added Permission Groups. (Default Permission Groups, Administrators, All Users, and Guests, are unaffected.)
A Site's Permission Group membership is a part of the user database. To display the group's membership, EFT must synchronize with the authentication manager. Sites that are stopped are not synchronized. (EFT should not pull users from the authentication manager if the Site is disabled.)
Workaround: Synchronize the Site's user database manually after turning on the Site, or wait until the "auto-refresh" timer has fired.
Related Topics