Groups
Groups are an ideal way of categorizing users to simplify and streamline permission assignment. Rather than assigning permissions to one user at a time, you can use groups to conveniently assign the same permissions to many users at once.
For example, imagine creating a Group called HR to house the Users in the Human Resources department. You could then create a Folder called HR and assign the HR Group Read/Write Permissions to that folder.
Now as individuals join and leave the HR department, there is no need to worry about modifying each user's individual permissions - just add and remove users from the HR Group and the users' corresponding permissions will update accordingly.
Only Site administrators can create groups. Type "Manage Groups" in the search bar at the top of each page, then click on the matching result. Click the New Group button to create the group.
You may give a group a unique Group name relevant to its purpose (e.g. a department or organization name), and optionally enter a Note for your reference. You may then click the drop-down box under Group members to add individual users to the group (you can always edit the group to add or remove users later). When finished, click the Create group button.
Site administrators can manage the permissions and members of a group at any time. To access the list of groups, type "Manage Groups" in the search bar at the top of each page, then click on the matching result. To make changes to a group select the Edit button in the rightmost column of the group list.
To delete a group, click the Delete button in the rightmost column of the group list. The group will immediately be deleted, and its members will lose any permissions they had previously inherited from the group.
Files.com includes the Group Admin feature on Enterprise plans, providing administrators with the added flexibility of delegating user creation within a group to select non-administrators known as "Group Admins".
To better understand the structure of your groups and the members in those groups, Files.com provides a Group Matrix display. The Group Matrix shows all the members on your system and their associated groups.
To access the Group Matrix, type "Groups Matrix" in the search bar at the top of each page, and then click on the matching result.
You can filter the Group Matrix to show only select groups. Select the Columns box, and filter the specific group or groups to show in your Group Matrix.
To ensure consistency in how your site applies folder permissions to users, site administrators can manage all folder permissions via groups, and not to individual users.
With this feature enabled, you can ensure that a group permission framework is followed, and no one - whether accidentally or purposely - grants users individual permissions.
To access the setting, type "Manage all folder permissions via groups" in the search bar at the top of each page, and then click on the matching result. This setting requires the Power or Premier plan.
Enabling this setting will not remove folder permissions previously granted to individual users.
Protocol access such as SFTP, FTP, WebDAV, Web, Desktop Access, and API access can be managed at the group level. Managing protocol access at the group level ensures proper assignment, management, and auditing of protocol permissions for your internal and external users, especially when managing a large number of users using groups.
When the setting Protocol access can be managed at group only setting is enabled, users with existing protocol access can have theirs removed, but any new users will have their protocol access set by their associated groups.
All existing and new groups have permissions set to 'Disallowed' for all protocols by default. Before switching to the setting Protocol access can be managed at group only, ensure that protocol access is enabled for the appropriate groups. Once this setting is saved, users must belong to a group with access to connect.
Site administrators are always allowed to access Web, Desktop Access, and API regardless of the permissions set at the group or user level.
Whitelisting of specific IP addresses or IP ranges can be managed via groups. This allows you to specify the IP addresses that group members are permitted to connect from to your Files.com site. This feature is particularly useful when using separate groups for internal and external users or when organizing groups based on user's geographical locations.
Only connections made from the listed IP addresses or ranges will be permitted; all other connections will be denied. You can utilize this list to restrict connectivity to specific network locations, such as allowing connections only from your VPN or office locations.
Note that IP whitelisting restrictions can also be applied at the site level or for individual users.
Customers can use Groups in Files.com to implement RBAC with Files.com. If you determine the permissions and map them to the necessary roles in your organization and users, Groups can be created to reflect the roles and the associated permissions.
Additionally, if you are using an external identity/SSO solution (IdP) to manage the LDAP or ActiveDirectory of your users, Files.com can also integrate to many IdPs where the Groups will be synchronized between Files.com and the external IdP solution. Please refer to the SSO documentation for further information.
Additional Content in This Section:
Get Instant Access to Files.com
The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.
Start My Free Trial