Roles and authorizations in OpenCloud: Secure access for teams, projects and guests

Shares here, Spaces there - and then there are admins, users and user light? Sounds like a lot at first, but don't worry: OpenCloud makes it easy. In this article, we unravel the roles and rights management and show you how to control access so that everything stays exactly where it belongs - secure, flexible and well-organized.

User roles in OpenCloud: Flexible rights for every situation

In OpenCloud, there are not just the usual admins and standard users - roles are tailored precisely to the use case. Especially in conjunction with Spaces, this makes all the difference.

OpenCloud admins manage user accounts and groups, block or delete accounts, set quotas and can even customize the system logo. But content in Spaces? That remains taboo - unless they have the appropriate authorization (zero knowledge principle).

Then there are the Space admins. They regulate who is allowed into the space, what rights the members have and how much storage space is available. They can also create new Spaces to organize teams or projects directly. The role is therefore ideal for project or department managers who need to take on administrative tasks - without needing admin rights for the entire cloud.

Normal users have their own personal storage area and work in Spaces - depending on the rights that the Space admin gives them. A special concept in OpenCloud is User Light: a clever solution for external employees such as freelancers or partners who do not need a fixed account. This works particularly well in schools - for example, when teachers want to share content with parents without having to add it to the school's identity management system. The User Light function is not yet included in the standard solution, but is planned for future versions.

Administration takes place via the admin settings: There, admins can customize roles directly via a drop-down menu and respond quickly to new requirements.

However, in addition to the general user roles, there is a very special level: roles within Spaces. How do they differ from the global user roles? Let's take a look at exactly that.

Access rights in OpenCloud Spaces: How to control who can do what

In OpenCloud, three roles regulate what members can do within a Space. Those with view-only access can view and download documents, images and PDFs, but cannot make changes or add new files. The edit role extends these rights: members can upload, edit and delete files and even restore older versions from the file history.

The Can manage role offers even more control: anyone with these rights can not only edit files, but also add or remove new members and adjust their roles. This means that Space administrators are responsible for who gets access and what permissions apply in the Space - without the admins having to intervene.

But what about individual files or folders? There are roles for sharing - and we'll take a look at them now.

Sharing roles in OpenCloud: How to control access to your files

In OpenCloud, you can not only share entire Spaces, but also individual files or folders.

Specific sharing roles are available for this purpose, which precisely regulate access:

• Can view (secure): With this role, users can only view documents, images and PDFs. Thanks to the integration of Collabora, the files are watermarked to prevent unauthorized copying. Downloading or editing is not possible.
• Can view: This role allows files and folders to be viewed and downloaded. However, changes or the addition of new content are not permitted.
• Can upload: In addition to viewing and downloading, users with this role can also upload new files and folders to the shared area. However, they cannot edit or delete existing content.
• Can edit: This most comprehensive sharing role makes it possible to view, download, upload and edit files and folders, create new content and delete existing content.

With secure view and watermark, you can share documents without them being able to be downloaded or copied - ideal if you want to keep content protected. However, this function is only available if Collabora Online is integrated in OpenCloud, as Collabora places the watermarks directly in the document. You can find out exactly how this works in the Collabora documentation.

The sharing roles are practical if you want to quickly share a file or folder. For long-term, clear collaboration, however, we recommend working with Spaces. This allows teams to maintain an overview, access rights can be managed flexibly and important files always remain in the right place - without scattered shares in personal folders.

Roles and shares in OpenCloud: full control, simple administration

With the flexible roles in OpenCloud, you always retain control over who can access which content - whether in Spaces, via shares or with external users. Instead of complicated permissions, OpenCloud offers a clear, intuitive structure that adapts perfectly to the needs of companies, schools and other organizations.

Would you like to use OpenCloud in your IT environment or do you have questions about the best solution for your team? Contact our sales team - we'll be happy to help!