Groups
Groups are an ideal way of categorizing users to simplify and streamline permission assignment. Rather than assigning permissions to one user at a time, you can use groups to conveniently assign the same permissions to many users at once.
For example, imagine creating a Group called HR to house the Users in the Human Resources department. You could then create a Folder called HR and assign the HR Group Read/Write Permissions to that folder.
Now as individuals join and leave the HR department, there is no need to worry about modifying each user's individual permissions - just add and remove users from the HR Group and the users' corresponding permissions will update accordingly.
Adding Groups
Only Site administrators can create groups. Type "Manage Groups" in the search bar at the top of each page, then click on the matching result. Click the New Group button to create the group.
You may give a group a unique Group name relevant to its purpose (e.g. a department or organization name), and optionally enter a Note for your reference. You may then click the drop-down box under Group members to add individual users to the group (you can always edit the group to add or remove users later). When finished, click the Create group button.
Editing Groups
Site administrators can manage the permissions and members of a group at any time. To access the list of groups, type "Manage Groups" in the search bar at the top of each page, then click on the matching result. To make changes to a group select the Edit button in the rightmost column of the group list.
Deleting Groups
To delete a group, click the Delete button in the rightmost column of the group list. The group will immediately be deleted, and its members will lose any permissions they had previously inherited from the group.
Delegating Group Administration
Files.com includes the Group Admin feature on Enterprise plans, providing administrators with the added flexibility of delegating user creation within a group to select non-administrators known as "Group Admins".
Showing the Group Matrix
To better understand the structure of your groups and the members in those groups, Files.com provides a Group Matrix display. The Group Matrix shows all the members on your system and their associated groups.
To access the Group Matrix, type "Groups Matrix" in the search bar at the top of each page, and then click on the matching result.
You can filter the Group Matrix to show only select groups. Select the Columns box, and filter the specific group or groups to show in your Group Matrix.
Manage All Folder Permissions via Groups
To ensure consistency in how your site applies folder permissions to users, site administrators can manage all folder permissions via groups, and not to individual users.
With this feature enabled, you can ensure that a group permission framework is followed, and no one - whether accidentally or purposely - grants users individual permissions.
This setting requires the Power or Premier plan.
Enabling this setting will not remove folder permissions previously granted to individual users.
If this feature is enabled, users will not automatically receive access permissions to folders, including those created automatically. You will need to assign the appropriate permissions to each folder and user separately.
Manage Protocol Access
Protocol access such as SFTP, FTP, WebDAV, Web, Desktop Access, and API access can be managed at the group level. Managing protocol access at the group level ensures proper assignment, management, and auditing of protocol permissions for your internal and external users, especially when managing a large number of users using groups.
When the setting Protocol access can be managed at group only setting is enabled, users with existing protocol access can have theirs removed, but any new users will have their protocol access set by their associated groups.
All existing and new groups have permissions set to 'Disallowed' for all protocols by default. Before switching to the setting Protocol access can be managed at group only, ensure that protocol access is enabled for the appropriate groups. Once this setting is saved, users must belong to a group with access to connect.
Site administrators are always allowed to access Web, Desktop Access, and API regardless of the permissions set at the group or user level.
IP Whitelisting
Whitelisting of specific IP addresses or IP ranges can be managed via groups. This allows you to specify the IP addresses that group members are permitted to connect from to your Files.com site. This feature is particularly useful when using separate groups for internal and external users or when organizing groups based on user's geographical locations.
Only connections made from the listed IP addresses or ranges will be permitted; all other connections will be denied. You can utilize this list to restrict connectivity to specific network locations, such as allowing connections only from your VPN or office locations.
Note that IP whitelisting restrictions can also be applied at the site level or for individual users. If you are also restricting IP addresses per user or via the sitewide IP whitelist, users with addresses that exist in either list will be allowed to log in.
Role-Based Access Control (RBAC) with Files.com
Customers can use Groups in Files.com to implement RBAC with Files.com. If you determine the permissions and map them to the necessary roles in your organization and users, Groups can be created to reflect the roles and the associated permissions.
Additionally, if you are using an external identity/SSO solution (IdP) to manage the LDAP or ActiveDirectory of your users, Files.com can also integrate to many IdPs where the Groups will be synchronized between Files.com and the external IdP solution. Please refer to the SSO documentation for further information.