Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
davemrm Super Contributor.
Super Contributor.
775 views

Filr 4 doesn't respect file system rights on shared folders

scenario:

InternalUser has home directory on OES server (so "My Files" is stored on OES).
InternalUser has full rights to all folders (RWCEMF rights)
InternalUser shares FolderA in "My Files" to ExternalUser@domain.com with Contributor access
admin changes file system rights for InternalUser in FolderA to RF only
InternalUser now has read-only rights to FolderA when logged into Filr
ExternalUser@domain.com can still upload and delete files in FolderA, even though the user who shared the folder to him no longer has such rights

This all worked fine in Filr 3, but it's broken in Filr 4. I had an elaborate system setup to share a specific folder structure with external users, allowing them to upload/delete files in certain directories while restricting most folders to Read-only. Now all the external users can delete files they shouldn't be able to. Going to have to go back to Filr 3 if there's no fix for this.
0 Likes
9 Replies
Knowledge Partner
Knowledge Partner

Re: Filr 4 doesn't respect file system rights on shared folders

On Thu, 18 Apr 2019 17:16:02 GMT, davemrm
<davemrm@no-mx.forums.microfocus.com> wrote:

>
>scenario:
>
>InternalUser has home directory on OES server (so "My Files" is stored
>on OES).
>InternalUser has full rights to all folders (RWCEMF rights)
>InternalUser shares FolderA in "My Files" to ExternalUser@domain.com
>with Contributor access
>admin changes file system rights for InternalUser in FolderA to RF only
>InternalUser now has read-only rights to FolderA when logged into Filr
>ExternalUser@domain.com can still upload and delete files in FolderA,
>even though the user who shared the folder to him no longer has such
>rights
>
>This all worked fine in Filr 3, but it's broken in Filr 4. I had an
>elaborate system setup to share a specific folder structure with
>external users, allowing them to upload/delete files in certain
>directories while restricting most folders to Read-only. Now all the
>external users can delete files they shouldn't be able to. Going to
>have to go back to Filr 3 if there's no fix for this.


So if I understand correctly, you are saying the external users rights
should change based on the internal users rights changing?

I'm trying to find the time to get Filr 4 setup, so I can't test this.
You may have to open an SR to report this.

--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
--
Ken
Knowledge Partner

Create and vote for enhancements!
Idea Exchange sites within this community are now coming online for some of the Collaboration Products!
GroupWise Idea Exchange - https://community.microfocus.com/t5/GroupWise-Idea-Exchange/idb-p/GWideas
SMG Idea Exchange - https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/idb-p/SMG_Ideas
Old method is still available for some products here: https://www.microfocus.com/products/enhancement-request.html
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Filr 4 doesn't respect file system rights on shared folders

Ken,

Am 18.04.2019 um 22:29 schrieb KeN Etter:

> I'm trying to find the time to get Filr 4 setup, so I can't test this.
> You may have to open an SR to report this.
>

Filr 4 download is available in customer center only.

Gotthard

--
Gotthard Anger
Anwenderbetreuung Netzwerkadministration
Landeskirchenamt der EKM
gotthardanger@no-mx.forums.novell.com
http://forums.novell.com/member.php?u=35038
0 Likes
davemrm Super Contributor.
Super Contributor.

Re: Filr 4 doesn't respect file system rights on shared fold

ketter;2498574 wrote:
So if I understand correctly, you are saying the external users rights
should change based on the internal users rights changing?

That is correct; an external user who has access to a directory shared to him by an internal user should have no more access rights than the internal user, even as the rights change. This was a major point of emphasis that Filr respects file system rights.

When I set this up under Filr 3 it was all working fine, and I recently verified it all still worked as expected. However Filr 4 has broken my whole setup. If it had never worked this way, I would've found some other way to do things... but it's an existing setup with several dozen external users, who now can mess with files they're only supposed to be able to download.

(the stupid thing here is that I was in the beta program for Filr 4, but I was so busy with other things last month that I never got a chance to even install it, much less test my usage scenario; though to be fair I didn't expect such a big thing to change)
0 Likes
davemrm Super Contributor.
Super Contributor.

Re: Filr 4 doesn't respect file system rights on shared fold

I think I've figured out a work-around where I can change the sharing rights within Filr without otherwise affecting the existing users. It's going to be a bit tedious to fix, but then the original setup method was a little tedious too. At least I don't have to switch back to the Filr 3 VM... there are new users I've setup since going to Filr 4, so that would've been a hassle to redo not to mention off-putting to the users who'd lose their access then get emails telling them to register again.

When I get a chance I'll open an SR and see if I can get Micro Focus to make it work like it used to.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Filr 4 doesn't respect file system rights on shared folders

On Sat, 20 Apr 2019 11:17:09 GMT, Gotthard Anger
<gotthardanger@no-mx.forums.novell.com> wrote:

>Ken,
>
>Am 18.04.2019 um 22:29 schrieb KeN Etter:
>
>> I'm trying to find the time to get Filr 4 setup, so I can't test this.
>> You may have to open an SR to report this.
>>

>Filr 4 download is available in customer center only.


Thanks, but I am aware of that. I have the downloads, just not the
time to use them.

--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
--
Ken
Knowledge Partner

Create and vote for enhancements!
Idea Exchange sites within this community are now coming online for some of the Collaboration Products!
GroupWise Idea Exchange - https://community.microfocus.com/t5/GroupWise-Idea-Exchange/idb-p/GWideas
SMG Idea Exchange - https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/idb-p/SMG_Ideas
Old method is still available for some products here: https://www.microfocus.com/products/enhancement-request.html
0 Likes
Knowledge Partner
Knowledge Partner

Re: Filr 4 doesn't respect file system rights on shared folders

On Mon, 22 Apr 2019 15:24:02 GMT, davemrm
<davemrm@no-mx.forums.microfocus.com> wrote:

>
>ketter;2498574 Wrote:
>> So if I understand correctly, you are saying the external users rights
>> should change based on the internal users rights changing?
>>

>That is correct; an external user who has access to a directory shared
>to him by an internal user should have no more access rights than the
>internal user, even as the rights change. This was a major point of
>emphasis that Filr respects file system rights.
>
>When I set this up under Filr 3 it was all working fine, and I recently
>verified it all still worked as expected. However Filr 4 has broken my
>whole setup. If it had never worked this way, I would've found some
>other way to do things... but it's an existing setup with several dozen
>external users, who now can mess with files they're only supposed to be
>able to download.
>
>(the stupid thing here is that I was in the beta program for Filr 4, but
>I was so busy with other things last month that I never got a chance to
>even install it, much less test my usage scenario; though to be fair I
>didn't expect such a big thing to change)


You're probably going to need to open an SR and report this.

--
Ken
Knowledge Partner

Create and vote for enhancements!
https://www.microfocus.com/products/enhancement-request.html
--
Ken
Knowledge Partner

Create and vote for enhancements!
Idea Exchange sites within this community are now coming online for some of the Collaboration Products!
GroupWise Idea Exchange - https://community.microfocus.com/t5/GroupWise-Idea-Exchange/idb-p/GWideas
SMG Idea Exchange - https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/idb-p/SMG_Ideas
Old method is still available for some products here: https://www.microfocus.com/products/enhancement-request.html
0 Likes
psahukar Absent Member.
Absent Member.

Re: Filr 4 doesn't respect file system rights on shared fold

Hi Dave,

An external user can not have direct (OES) file system rights. So in case of Filr, if a user does not have direct rights which is the case in "FIlr File Sharing", the Net Folder proxy user identity will be used (for sharing scenario). As the external user in this case has contributor rights, the external user will continue to be able to perform all the file system operations even when the sharer's file system rights are restricted.

Additionally, we have tried the same scenario on both Filr 3 and Filr 4 deployments and saw the same results, which is the external user continues have all the rights (contributor). As part of Filr 4 release, the OES file system rights subsystem has not undergone any such changes.

We need to figure out how it worked in your Filr 3 deployment. Could you please check and see if the external user by any chance got part of the OES server.

Thanks,
Praveen Kumar
0 Likes
davemrm Super Contributor.
Super Contributor.

Re: Filr 4 doesn't respect file system rights on shared fold

psahukar;2498872 wrote:
Hi Dave,

An external user can not have direct (OES) file system rights. So in case of Filr, if a user does not have direct rights which is the case in "FIlr File Sharing", the Net Folder proxy user identity will be used (for sharing scenario). As the external user in this case has contributor rights, the external user will continue to be able to perform all the file system operations even when the sharer's file system rights are restricted.

Additionally, we have tried the same scenario on both Filr 3 and Filr 4 deployments and saw the same results, which is the external user continues have all the rights (contributor). As part of Filr 4 release, the OES file system rights subsystem has not undergone any such changes.

We need to figure out how it worked in your Filr 3 deployment. Could you please check and see if the external user by any chance got part of the OES server.

Thanks,
Praveen Kumar


When I first set this system up, I tested multiple times with a test user and directories, and confirmed it worked the way I described. What happened after restricting the rights of the internal user is that Filr still thought the external user had contributor rights to the directory (i.e. buttons/menus to upload, delete, etc. still showed), but any attempt to actually upload or delete a file would fail with a file system error. I recall that a deleted file would disappear from the Filr screen, but upon refreshing the screen the file would re-appear.

I can try bringing up my Filr 3 server again and re-doing my tests. I'll have to find an off-hours time to do it. It's entirely possible this broke at some point before Filr 4, it might have been a year or two ago the last time I actually proved it all worked, so going back to my Filr 3.4.3 appliance may prove nothing if whatever it was changed back at Filr 3.1 or 3.2.

Either way though, it sounds like you didn't and don't intend for this to work the way I had it working and it only ever worked by accident.
0 Likes
davemrm Super Contributor.
Super Contributor.

Re: Filr 4 doesn't respect file system rights on shared fold

I should mention that the reason I did things this way rather than just sharing multiple folders to the external users with different rights is that when you share multiple folders to a new user, Filr sends multiple registration emails to the user EVEN IF YOU TELL IT NOT TO by changing the notify option when sharing the additional folders. During my testing I found this extremely off-putting, so I wanted to find a way to have a single directory shared out with a single share and single registration email, but then have different rights for the external user in one or more of the sub-directories. When I first tried it I really thought it wouldn't work that way, but it did. So I proceeded to setup a number of external users (customers who access engineering drawings of what we build for them) using that method.

If Filr would send just ONE registration email to a new user, I would never have gone down this path. (and yes I tested this last week on Filr 4, it still sends two registration emails if I share two folders, even if I set the notify option on the second share to None)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.