Open ostasevych opened 1 year ago
"web" is actually through a web browser which is an desktop app. maybe you mean disable the webdav protocol ?
"web" is actually through a web browser which is an desktop app. maybe you mean disable the webdav protocol ?
Ah, plus DAV as well :) The thing is that I would like to disallow users to download their data to their devices locally, what syncing client does.
You can't. Either you disable it for everyone or you prevent it for no one. I mean, in a hypothetical scenario, if you enable it for the web but not for the desktop, technically, some smart guy will still manage to download the file from desktop.
You might be able to finesse something in terms of a usage policy that will deter desktop client and mobile app connections to all but the determined - but not so much as a security mechanism in terms of data control - by restricting based on User agent (https://en.wikipedia.org/wiki/User_agent) on your web server(s)/frontend(s).
I encourage you to take this discussion about to https://help.nextcloud.com, where not only will others benefit from it, but you might uncover some other approaches to targeting your underlying needs.
You might be able to finesse something in terms of a usage policy that will deter desktop client and mobile app connections to all but the determined - but not so much as a security mechanism in terms of data control - by restricting based on User agent (https://en.wikipedia.org/wiki/User_agent) on your web server(s)/frontend(s).
I encourage you to take this discussion about to https://help.nextcloud.com, where not only will others benefit from it, but you might uncover some other approaches to targeting your underlying needs.
Thanks for your comments. I've found several times, that a lot of questions remain unanswered on the forum, that's why posted in GitHub.
I understand that this is a matter of policy, and my suggestion is to let manage user/group policies on accessing to the cloud from the user management interface.
This may get you what you want:
https://docs.nextcloud.com/server/latest/admin_manual/file_workflows/access_control.html
It supports blocking transactions by the Request user agent
which is what I had proposed above, but it hadn't occurred to me that the existing File ACL stuff may already support the agent (I haven't yet used the ACL stuff myself).
This Issue should probably get transferred over to that repo: https://github.com/nextcloud/files_accesscontrol
I faced with the challenge to limit users to have access to the cloud data only via web version. That means to forbid particular users to use apps (desktop or mobile) to download the documents and store them on their devices.
Please, add the possibility to limit access to the data at the per user level, eg: web, desktop app and mobile app with a multi-choice.
This will help admins to manage user access in a more flexible way.