7.3 Net Folders
7.3.1 Net Folder Security
Within each Net Folder, security can be assigned to the following:
-
Internal Users and Groups
This refers to users that are created within Filr and to users that are imported to Filr from LDAP.
-
External Users
This refers to users who are configured via the external share mechanism and are referred to by their email address.
-
Public
The groups and users referred to here can be either Filr-based or derived from the LDAP import process.
7.3.2 Access to a Net Folder
Even though users can be granted access to a Net Folder from the dialogue above, the final arbiter of security is the file system that the Net Folder refers to. The user must also have rights to the back end NSS or NTFS file system before any content is seen through Filr.
7.3.3 Understanding the Implications of Re-sharing
The access granted to a user can also include the ability to re-share content. If re-sharing is allowed, then the re-share right could allow a user to share a file that the user has no existing file system permissions to in the first place.
Sharing access is provided by the Net Folder proxy. If shared content is subsequently modified by a user that is granted shared access to the file, the Net Folder proxy user is logged at the file system level as the last modifier of the file. In this case, even though the host file system shows the Filr Proxy User as the modifier, the person who shared the file might be able to deduce who modified the file, if it wasn’t shared with too many users.
However, if re-sharing is enabled, and the content has been re-shared more than one level, then the originator of the original share has no ability to determine who the file has been re-shared with. The only way to reference this information is by querying the back-end database.