Allow Explicit Subfolder Sharing Permissions

cancel
Showing results for 
Search instead for 
Did you mean: 

Allow Explicit Subfolder Sharing Permissions

0 Kudos

Allow Explicit Subfolder Sharing Permissions

From : How do I restrict user or group access for shared folders? - LastPass Support (logmeininc.com)

 

  1. In the Action column, click the Edit icon 121Systems_0-1634129405626.png next to your desired user, then choose from the following options:
    • Select Unavailable Items (Opt-out) – Click and drag items from the "Available Items" column into the "Unavailable Items" column to prevent your user or group from accessing those selected items. If a new item is added to the shared folder, it will become immediately available to all members until you move it to the "Unavailable" column to restrict their access to it.
    • Select Available Items (Opt-in) – Check the box to enable the Add Available only (always add new items as Unavailable) option to reverse the columns, then click and drag items from the "Unavailable Items" column to the "Available Items" column to only allow your user or group to access those selected items. If a new item is added to the shared folder, it will immediately be added to the "Unavailable Items" column and your user or group will be unable to access the item until you move it to the "Available Items" column to allow access to it.

 

PROBLEM:

This is an aggressively bad way to manage permissions of shared subfolders. At the moment the permissions for subfolders of a shared folder are set by, and inherited from the root shared folder. This is fantastic as a default behaviour but there is no ability to change the permissions of said Subfolders. The options above are beyond unfriendly to Admins. 

 

As an example:  I have a shared folder,  "Shared-Service" with 4 Subfolders. 2  Subfolders are for customer environment logins, and 2 Subfolders are for Administrative Tools. 

 

Shared-Service (Permissions = IT, Developers, Support)

     Customer Environment 1 (Inherited Permissions IT, Dev, Sup)
          Item 1
          Item 2
          Item 3

     Customer Environment 2 (Inherited Permissions IT, Dev, Sup)
          Item 1
          Item 2
          Item 3

     Admin Items 1 (Inherited Permissions IT, Dev, Sup)
          Item 1
          Item 2
          Item 3

     Admin Items 2 (Inherited Permissions IT, Dev, Sup)
          Item 1
          Item 2
          Item 3

 

Let's say I wanted to remove the permissions for the Support User Group to access the folders Admin Items 1 and remove Support and Developers from Admin Items 2.....because I do want to do this. Using the available 'OpTIoNS' I can either :

 

  • Use the horribly named 'Add Available only (always add new items as Unavailable)' checkbox.

    • Using this means that every time a new item is added to ANY of the subfolders an Admin now needs to go in and manually click and drag items 'Available Items' list for each applicable group. For folders where new items can be added several times a day, this is a living nightmare. Users that need to share logins with their group will have to submit a ticket to IT to have this done, wasting both the User and IT's time.
  • Move the items in Subfolders Admin Items 1 and Admin Items 2 to individual new shared folders in the top level of the LastPass directory.

    • This option is nearly as bad, but in a totally new and fun way.  If I have this issue with several subfolders, and maybe even some of their nested subfolders I will quickly have a metric butt-tonne of shared folders in the top level of the directory. I don't want this. My users don't want this. No one wants this. Babies will cry if I do this.  will cry if I do this.
       
  • Create matching file trees for each group, with only that group having permissions, then duplicate items to the new Per-Group file tree.

    • No. 

 

 

SOLUTION:

Just allow us to manage the permissions on subfolders like you do with the top level shared folders. Enable the same 'Manage Shared Folder' popup window on Shared Subfolders as I would on it's top-level Shared Folder. 

Please