Remove or deactivate admin access to "common" on onlyoffice

[alan-cugler]

Some lads and I are trying out onlyoffice. We were really interested in the common area for files and folders.

The one issue we cant seem to do anything about, is onlyoffice admins can still access all files in common and cant be restricted from viewing anything. This is a problem as we want some of our guys to be admins to work on developing backups and integrations with the onlyoffice server but they aren't necessarily going to be given access to all documents in common.

So is there a way to take away admin privileges in viewing and accessing files in "common?"

TLDR: admin users shouldnt get to see every file in "common" because they are admin.

[alan-cugler]

To be clear I do not mean the "server admin," obviously thats outside of OnlyOffice control. But I would love a config setting to remove application admin privileges to be absolute for all files in "common."

[Carazyda]

Hello @alan-cugler this is our basic provision for access settings that a full administrator has access to the portal settings, backup and to all data on the portal, except for my documents. After all, he can see all this data in the backup.

Can you elaborate on what the user should have access to and what not? and we will think about how to implement it.

[alan-cugler]

Good Morning, sure happy to elaborate. First off, I agree with the reasonable scope you describe the admin to have. Our desire is a tension between business use case vs technical needs.

Types of Admins

We think there are three types of "admins" along with deescalated users to use OO.

1. Server Admin; they have access to the actual server running OnlyOffice. This would be my DevOps engineers and Linux admins who are adding HA, configuring image backups, and adding Infrastructure as Code to easily update OO along with other tools we are using. I don't expect OO to have any control of that and so out of scope.
2. Configuration Admin; this fellow has admin permissions in OO and is in charge of configuring settings, setting up integrations, configuring data backup. This person isn't the end user of the product and is only doing configuration in congruence with the Server Admins
3. Content Admin; This is the escalated end user. Think "CEO" and he needs to be able to manage what content is available to his employees as needed. So he wants all documents in "FolderCommon" and then default blacklist access. Then over time as business develops he selectively gives access to collaborating employees for particular projects.

So this is what we want in practice. We accept if you are server admin you could find the data anyways. But we would like Configuration Admins to not see content by default in the "FolderCommon." They are deescalated users when it comes to the content, and only have elevated permissions for technical reasons.

Potential Relevant Code

I have done some poking around to see if I could link to (what I perceive to be) relevant code. I found this as my main indicator: https://github.com/ONLYOFFICE/CommunityServer/blob/d7284c7deffa0d6f170027c85bae3f64197381f7/web/studio/ASC.Web.Studio/Products/Files/Controls/Tree/Tree.ascx#L116 and maybe it needs to look like this by default for what we want: https://github.com/ONLYOFFICE/CommunityServer/blob/d7284c7deffa0d6f170027c85bae3f64197381f7/web/studio/ASC.Web.Studio/Products/Files/Controls/Tree/Tree.ascx#L138

Competitor Solutions

Wanting to round this out with what is "common" for other document suites. The easiest one to point to is Google with their google drive features.

• You can give sharing permissions to your file or folder you want to collaborate on. Then users can come work on your file or in your directory. This gets the job done in one off or mono-repo-like projects. However, it has a huge flaw. If the person who has shared access revokes access or their account is locked, your company/team/project cant access those files anymore. Potentially losing months/years of work.

I have personally ran into this issue multiple times, and we are strongly wanting to avoid this issue by leveraging the "FolderCommon" for the majority of our files and using MyDocuments for notes, rough drafts, etc that dont bring value yet in a collaboration setting.

[Carazyda]

We will consider the implementation of such features in future versions(Bug 58323 in our private bugtracker). Thanks for your interest in our product!

[alan-cugler]

Thank you!

One follow up question that was posed to me from your response here: "a full administrator has access to the portal settings, backup and to all data on the portal, except for my documents. After all, he can see all this data in the backup."

Is it not true that an admin with access to the data backup will also be able to see the files that were originally in an individuals "My Documents" folder?

[Carazyda]

Is it not true that an admin with access to the data backup will also be able to see the files that were originally in an individuals "My Documents" folder?

Yes, it is.

I would also like to add that we have the function of transferring the data of blocked/deleted users. All shared documents can be transferred to another user.

[nixjdm]

I would also like something like this. I would think it is often not appropriate for e.g. an entire IT department (presumably all admins in OnlyOffice) to have access to all of the content their bosses or coworkers in different departments are storing on the servers. Perhaps the content is quite sensitive.

Yet, the "Common" directory is the natural home for collaboration and long-term organization of shared content. Sharing exclusively through various "My Documents" shares could very quickly become a big mess.