Tenant admin can publish its own folder as team folder, to allow users in the tenant to access it. The folder can be a pure cloud folder, or a local folder synced to cloud via server agent, or a local folder/share or a cloud storage attached to Centrestack.
Admin can define the access permissions to the team folder.
1. Team Folder Permission
To publish a folder as team folder, as admin, right click the folder and select 'Publish as team folder'.
Here, Admin can decide which users can access the Team Folder.
2. Subfolder Permission
However, some times admin may want to restrict access to the Team Folder and some sub folders. For example, a user can have full access to the Team Folder, but don't want him to modify anything in a subfolder. Or the admin wants to fine tune the access for some folders and only allow one user to have List/Read/Write and don't allow him to delete anything.
Here, admin can define subfolder permission. To access subfolder permission inside of a Team Folder, click on the 'Folder Permission' tab, or just right click the subfolder in My Files and select 'Edit folder Permission'.
In sub folder permission, admin can assign List, Read, Write, Delete and Share permission to the user.
Once defined the permissions, when the user logs in web portal or clients, it will have access to the team folder, with the permission defined.
Notice: After one user is added in the subfolder permission, only the users explicitly defined in the subfolder permission list can access the subfolder. If another user can access team folder, but not defined in the subfolder permission list, he can't access the sub folder anymore.
Admin can hide folders that user doesn't have read permission. The settings are in the Management Console / Group Policy / Folder and Storage:
- Don't show folder that user doesn't have read permission: When it is checked, under a team folder, if the user doesn't have read permission to a sub folder, the subfolder won't show when the user visits the team folder.
- Don't show Team Folder that the user doesn't have read permission to the underlying folder: If a user doesn't have read permission to the root of a team folder, the team folder won't show when login as the user.
3. File System Permission
Admin can migrate local file share to CentreStack, if the CentreStack server can access the share directly.
During the migration, admin can check 'Always access the storage using logon user identity' flag. Once check, when AD users access the team folder, it will follow the user's own file system permission in the share. Here, the Folder Permission is not defined in CentreStack. It is enforced by the local file system.