ownCloud Server 10.2 Release – Power to the Users
ownCloud 10.2 introduces advanced sharing permissions, automatic synchronization in federated clouds and improved rights for users.
We are so excited to bring you ownCloud Server 10.2! You can read the details of the last server release here.
With this release, you can expect the following new features:
- Advanced sharing permissions to increase flexibility and control when sharing data between groups and users.
- Secure View developed with Collabora for advanced file-sharing controls.
- More control for publicly shared links to help you avoid accidental data leakage or unwanted downloads.
- Storage encryption with master key in HSM to maximize security.
- Background job to detect changes in nested federated shares.
- Improved control over accepting federated shares from trusted servers.
- Enhanced privacy and self-service options for ownCloud users.
In this post, we will talk more about these new features in details.
1. Advanced Sharing Permissions
This feature enables app developers to implement individual sharing functions at user and group level. This is useful to enable users to apply more specific security settings to their data.
Advanced Sharing Permissions provides the foundation for mode-based document sharing such as “view-only”, “comments-only” or “enforce change tracking”. There are no limits to the fantasy of app developers, they can invent and implement all sharing permissions they can think of.
This is a very broad feature, and it can be used for a wide variety of use cases. The best example right now is SecureView, a new feature for Collabora Online:
Secure View allows ownCloud users to share sensitive data in such a way that it can only be viewed by the recipient. This is useful to keep an overview who has access to the data, and who doesn’t.
If users share data with someone else, they can choose to forbid editing, downloading, even copy/pasting and printing a shared document.
They can also choose to protect a document with watermarks. If a user opens such a document in Collabora, a watermark displays individual user information, which makes even screenshots or photos traceable.
Secure View is a Collabora Online feature, and works with documents of all common office file formats (docx/xlsx/pptx/pdf). As SecureView is only useful for companies, it is only available with an Enterprise License Key. If you are interested in its possibilities, get in touch with us.
3. Improved Public Links Sharing
With Server 10.2 a new permission for public links on folders becomes available. Users can allow recipients to view, download and upload contents, but not to make any changes (e.g., rename, move, collaborative editing).
The new permission
Download / View / Upload can be regarded as a public file drop to distribute and gather information with a single link while preventing recipients from changing contents.
4. Storage Encryption With Master Key in HSM
ownCloud Server officially supports storage encryption with master keys stored in hardware security modules (HSM). In contrast to the regular master key-based storage encryption which stores the keys on the storage, storage encryption with keys in a HSM allows administrators to completely prevent anyone who has access to the storage from accessing the data stored in ownCloud.
encryption app has been adapted for HSM support and a standalone service (
hsmdaemon) that connects ownCloud Server and the HSM device is available within ownCloud Enterprise Edition.
To get started with storage encryption and HSM, please get in touch with us.
If you want to know more about how ownCloud can protect your data, you can read this whitepaper about Data Protection & Privacy in ownCloud.
When you share data across federated ownCloud instances, deeply nested folders are not automatically discovered for performance reasons.
This leads to issues such as the ownCloud Desktop Client is not able to synchronize newly added or changed content, for example, unless the user navigates down the hierarchy using the web interface, thereby triggering discovery manually. Additionally it is difficult to calculate the size of such folders.
In order to fix these issues while providing stronger administration to control resource usage, a new ‘occ’ command has been introduced which can be executed regularly as a background job to discover federated shares: just make a cron job for the
occ incoming-shares:poll command.
ownCloud Server 10.0.9 introduced the Pending Shares feature. It basically allows users to decide whether or not they want to accept local user shares. Instead of just making the decision for them, it gives more control to the users.
Prior to this change, federated shares always had to be accepted manually, as they can originate from external, potentially untrusted sources. This is a secure feature but not the most convenient for some users.
ownCloud Server 10.2 introduces a global option to automatically accept federated shares originating from trusted servers. This option enables providers of several instances (e.g., an external and an internal instance) to facilitate or automate data exchange between them, not requiring users to accept shares.
This only works for trusted servers, though. For security reasons, federated shares from untrusted servers will never be accepted automatically.
To learn how to configure ownCloud to fit your needs best, take a look into the Configuring Federated Sharing Documentation.
7. Improved Privacy for ownCloud Users
Server 10.2 introduces new options for users that previously were global admin settings.
To give users more control over the sharing options in the scope of their account. Users can now override some global sharing options. They allow users to enable/disable Pending Shares independent of an instance’s global setting.
Users find the two new checkboxes in the ‘Sharing’ settings panel of personal settings. In addition to the option “Allow username autocompletion in share dialog” in the global ‘Sharing’ settings, users can now autonomously decide to opt-out from autocompletion to protect their privacy. When enabled, other users need to enter a user’s full identifier in order to be able to share with them.
In contrast to the Pending Shares options, this option is not a general override but an opt-out, meaning it can only be used when “Allow username autocompletion in share dialog” is enabled. Users find the new checkbox in the ‘Sharing’ settings panel of personal settings.
Get the Improvements Now!
What do you think about these improvements? Share this post on social media or leave a comment below: