Problem

For some external users, you want this select group to be able only to download files. You don''t want them to have the ability to change anything on the server or within the application. For these users, the Read-Only user will work perfect to implement restrictions. We do this through creating a User Class, then adding restrictions to the User Class, then assigning accounts to this user class.

Setting up the user class and restrictions

1. Within the admin screen, navigate to the Access tab.

2. On the left panel, select User Classes. You'll notice at the top of the screen that there is a "New User Class'' button. This will be used to create your new user class:

Class Name: <create one>

User Type: Everyone, choose *

User Group: pick a number to use for the class (say 20000)

Click the save button (disk icon) to save it.

Once saved, click Enable under Action in the newly defined class.

3. On the left pane, select Restrictions.

We will be adding the following restrictions: Delete a File, Rename a File, Overwrite a file, Make a Directory, Remove a Directory, Change File Mode, and Change UMask. You only need to use what you'd like to prevent. To add a new restriction, click New Entry, then select the operation, whether or not it is allowed, the newly created user class name, and * as the default path for each user. Then click the Save button, and repeat for each of the other restrictions.

4. Click on the Upload tab at the top of the screen, then New Entry, and populate with the following:

Upload Directory: *
Allowed: No
UserClass: <newly created user class>

Click the Save icon.

5. Click on the Download tab at the top of the screen, then New Entry. We want this user class to be able to download files, so we'll allow this:

Download directory: *
Allowed: Yes
User Class: <newly created user class>

Click the Save icon.

To add existing users to this new user class:

1. Navigate within the admin panel to the Accounts tab

2. Select the user to add to this new User Class, click the Account Name, Edit Account Settings

3. Change the GID to the newly created value (such as 20000) defined in the new User Class, and click Save.

This user is now part of the ReadOnly access restricted group.

To create new users and add them to the ReadOnly access restricted group:

1. Navigate within the admin panel to the Accounts tab.

2. Click New Account, populate the required user account fields using the newly created GID (such as 20000) defined in the new User Class.

3. Click Save.

This user is now added to the newly created user class.