Some advice for access controls

[margar123]

Hi group,

I checked the FAQ but did not see this addressed. I "inherited" a FileZilla set up from a previous team leader. The FTP isn't controlled by Active Directory and isn't on a domain. The access controls were set up to basically internal and contractor employees. My questions come related to access control and wanted to ask for some suggestions. Here's the setup:

We have trainers (both inside the company and contractors).

Internal employees will have access to all of curriculum X and curriculum Y (they are taught all the curriculum and can teach)
Contract employees will have access to SOME of curriculum X and SOME of curriculum Y.

I've identified the directories that both will have access to and shared them accordingly.

My struggle is how to hide the curriculum directories (i.e. courses) that the contractors may not be qualified to teach. Ultimately, I'd like not to have so many access controls (i.e. since there's 30 or so classes that a contractor may teach, I don't know if there's a solution with FileZilla). Is there a way to toggle specific directories on/off for a specific user?

Since the access depends on the user, I don't know if this is possible. I.E. Bob Smith can teach A, B, C, D, F and John Jones can teach B, C, D, F and G. Can I toggle specific directories on/off for each or must I assign each user depending on their ability to teach specific classes?

As individual contractors may learn new curriculum, I'd like to be able to add whatever curriculum to their profile (or remove it if they don't pass the recertification to teach) without having a multitude of access groups, if at all possible.

Hoping I made that clear.. if not, please let me know and I'll be happy to try to explain further. Apologies if it is an easy question as I'm familiar with FTP, but newbie on the administrative side of things.

Thx!!

[boco]

First: FileZilla Server does care neither about AD nor domains - in fact, it doesn't integrate with Windows at all.

A shared subdirectory is removed from both view and access if you explicitly share it and remove all access privileges (including Listing). Unfortunately, this has to be done for every directory, there is no "magic switch". Remember, the shared subdirectories are physical resources, not virtual ones.
Depending on use case, it might be easier to only explicitly share the directories that should be accessible, by using an empty physical directory as base, and then mapping the appropriate subdirectories into that base by using Aliases (see our Wiki, bullet point 7 for details).

If you have groups of identical users, FileZilla Server supports Groups, too! Do the sharing work on a Group created in FZ Server, and every member of that Group inherits all the directories and privileges. There's even the special :u token (replaced by the username) that can be used only in Group definitions.