In ownCloud 4.5, we released a new feature we like to call CRUDS, a granular permission structure for sharing files and folders. In this blog, I wanted to take a minute to explain why this really matters.
Today, if you want to share a file on a lot of online cloud services, it is just shared. The person who you are sharing the file with simply gets the file and can do whatever with it. This is extremely simple, user friendly, and makes a lot of sense for a casual user. The problems start when you need to share a file or folder with people, and that file should not change. How do you restrict the file so it can’t change? Create a PDF? Sure, but why should this be necessary?
At ownCloud, we wanted to go a little deeper. When a file is shared, we wanted the owner of the file to decide what the user or group that the file is shared with can do to the file. To figure this out, we borrowed from the database world the CRUD permissions and added one. The resulting granular permissions structure we call this CRUDS, short for Create, Read, Update, Delete and Share. These define what a user or group that a file is shared with can do to the file.
In ownCloud, it is now possible to share a folder with individuals and groups, and specify the granular permissions for each user or group on the given folder or file. Who cares? Let’s try a use case. I work in marketing, I make a lot of content that I need to share with my team in marketing. Great, my teammates also in marketing can have full permissions on my folder, so I share the file and check “can edit”, granting them create, update privileges on my “marketing” folder. Since I don’t want them deleting my hard work by accident, I don’t give them “delete” privileges.
Now, let’s talk about the sales team – I don’t want them to update anything, but I do want them to get files. In this case, I share with the “sales” group, but I do not check the “can edit” button, they are read only users. ownCloud will then enforce these permissions when the users access the site via a mobile app, web browser, desktop client or other WebDAV app automatically. In this way, I can tailor the permissions of my files and folders to my needs, and ensure that I can work together with my team on my files the way I want to.
While I am on the topic of sharing, I can also set up external share links and share expiration dates on these same files and folders, but this is a different topic. For now, you can see how we provide users the granular control they need over their files, without complex and burdensome menu items and ACLs. Why do we do this? Because, at ownCloud … it is Your Cloud, Your Data, Your Way.