Is it possible to grant access to file for a user the moment he tries to access it?
Here's the condition:
User1 and User2 works for the same company.
User1 uploads a file to a document library that is used by multiple
different companies.
User2 tries to download the file that User1 uploaded.
Check if User2 is working for the same company as the user who
uploaded the file.
If yes, grant access.
The reason why I want to do this is because the document library is being used by different companies. The requirement is only users under the same company can access a file uploaded by that company.
Thanks,
You have to arrange the files in the Shared document library in different folders/Document sets.Create SharePoint groups for each company and assign folder level permission, such that users of each company will have permission to respective folders.This way user1 will upload document to his company folder and user 2 since belonging to same company will have access to it.
Alternatively you can also write event handler and make item level permission if you do not want to go for folder level permission.(NOT RECOMMENDED)
You can use folders to achieve this by creating a folder for each company and assigning permissions for user 1 and user 2 to their company folders.
OR
Create a column called company. Users that upload a file to the group can select what company this file belongs to. Based on that column, you can grant the permission to the correct company group. This can be done using workflow, event receiver or an app solution like this: http://truapps.portalfront.com/tru-permission-automation-for-sharepoint.html
Related
Here is my requirement:
I want to create a folder called "My Documents".
This folder will share with multiple members, they have access to add, edit and view documents.
But the condition is that they can see their documents themselves and the document should not show to other members.
For example: Suppose user1 and user2 both have access to the folder "My Documents." If user1 creates doc1 only he can see the doc1 user2 can not see the user1's document. I mean Folder "My Documents" will be shared but space should be private.
In general SharePoint lists have item level permission and Document libraries don't have such facility available through UI but you can achieve this using PowerShell.
please follow : https://www.sharepointdiary.com/2014/03/set-item-level-permission-options-in-document-library.html
Note - The settings enabled through PowerShell applies to all documents inside the library not for any specific folder. And the settings are not applicable for Site owners and administrators.
This is not possible using the setup you have done so far. When you grant access to folder, all the files within that folder can be accessed by all users who have permissions on folder.
So, in general you have to grant unique permissions at file level instead of folder level so that other users will not have access to files.
Beware of the SharePoint limitations related to unique permissions in library. It is recommended to design library to have as few unique permissions as possible and remain below 5,000 in total.
Source: Unique security scopes per list or library
Granting unique permissions on multiple files/folder will be problematic to manage in future.
My recommendation:
If you are creating site/library structure from scratch, create separate document libraries (preferred) or folders for different set of users (maybe based on SharePoint/M365 groups than individual users).
my scenario: I have created a folder inside my Google Drive with the name called folder-root and shared that folder with my colleagues. My company is using G-Suite for business. Now my other team members have started uploading files and folder inside my folder.
Now I want to take ownership of all files and folder created/uploaded inside my folder to me.
e.g. the hierarchy is
folder-root --I am the owner
folder-1 -- Bob is the owner
file-1 -- Bob is the owner
folder-2 -- Alice is the owner
file-2 -- Alice is the owner
file-3 -- marry is the owner
Since all the files and folders are created inside my Drive folder so I want to take ownership of all files/folders created inside my folder.
How can do that , I have tried using Google API's v3, and I am getting an error: Bad Request. User message: "Sorry, you do not have permission to share."
this message is coming when I use file id of bob, Alice or marry with my email address
Code is in node.js
function transferOwnerShip(auth) {
const drive = google.drive({version: 'v3', auth});
drive.permissions.create({
fileId: '1_o-rhbFinu1_LZYniFNo1gV0Epv5mYU5',
transferOwnership: 'true',
resource: {
role: 'owner',
type: 'user',
emailAddress: 'my-name#company.com'
}
});
}
To transfer the ownership of file (including Google Drive folders which in the REST Google Drive API are referred as files) the code should be executed with the permissions of the file owner. This could be done using OAuth instead of using Node.js (or other platform / programming language use Google Apps Script which handles the OAuth for your with some restrictions.
If you can't get that the file owners do the ownership transfer you will need a Google Service Account with domain-wide delegation of authority to impersonate them. This requires that a G Suite admin gives this privilege to the service account.
Another option is that the G Suite admin transfer the ownership of all the files of those user to another user. If you aren't that user, they should transfer the ownership of the files to you.
You could validate the above directly with G Suite Support if you are a G Suite admin.
Another option is to copy the files that you don't own, then remove the files owned by others from your folders. In order to prevent that this happens again, change from edit to view on the sharing settings of your folders. This could be done manually or by using the Google Drive API.
Resources
Transfer Drive files to a new owner (broad article for G Suite admins)
Transfer ownership of a file (no programming)
Related
Transfer ownership of a file to another user in Google Apps Script
How can I force all files in a folder to be owned by the folder owner in Google Drive?
Take ownership of other users Drive-files using Google Apps Script
Google Drive: How do I transfer ownership using the Python SDK?
I was just generally curious how Google tracks the users given permission to access a document and differentiates between those and other users. Any info is greatly appreciated!
Google Drive files and folders have read and write permission levels similar to most file systems:
assigned to the individual author/owner of the file
assigned to the domain the author/owner belongs to (typically the organization registered to use G Suite)
assigned to the group associated with your user account on a per file basis
assigned to the whole world
When individual users are granted access to the files (or folders), they are assigned a role and added to a group that has permission to view or edit the specific file.
If a user is accessing Google drive via an organization's G Suite account, there may be restrictions in place at the organization level that determine what type of sharing is available. Refer to G Suite file sharing
The Google drive Rest API documentation enumerates some of these specifics. See "Role" and "Type" properties on the API page
I have created two groups in SharePoint Online
The following groups are:
Finance Group
HR Group
Added two users under Finance Group, they are like following:
a. John
b. Joe
Also added two users under HR Group, they are like following:
a. Margaret
b. Janet
Admin has created created a folder called Photos, I want the folder to be disabled for a Group/user(i.e the photos folder should not shown for a Group I chose (e.g Finance Group) or for a User (e.g John))
Is there a way in SharePoint Online to restrict read access for a User/Group?
Your best way to do this would be to use target audiences for your subfolder.
Within your library settings, go to audience targeting settings and enable audience targeting.
Navigate to your subfolder, open the subfolder, and edit the page, it will then appear similarly to a webpart.
Within the edit webpart dialog on the right, navigate to advanced and the last field is audience targeting.
You may need to make a new permissions group if using a group of people or simply select an individual person.
That's it.
I want to give permissions for subfolders in Owncloud.
Example:
a user can edit and read all the files in a synchronized folder except some specific subfolders.
Im working with desktop client and web interface. Version: OwnCloud 8.0.3 (stable)
As far as I know a user has access to all his/her folders and files, plus any files that are shared with him/her by other users. You cannot restrict access to user's files if they are in that user's account.
My assumption is that you are an administrator and can create accounts, etc. A workaround might be the following, but it is a workaround and not the solution you've asked for:
If there are some files that you'd like more than one user, or only specific users to be able to view; you can share them using the web interface.
You could create a master user who has access to all files and then share with the other users from the master account.
If anyone knows any different to this please suggest an edit to my answer and I'll put it in.