In the server, the users access to a space associated to a network folder. This access to the space is now secured. The problem is that the folder is actually accessed by the service account of the server and not the active directory account of the user himself right ?
So imagine a user who creates a task that explore the network folders. The task is executed as the account service so it has the right to read all the space folders and their content.
Am I right ? This mightlead to an unsecure situation.
The public folder of a space is intended for browsing and giving access to files and folders using the web file manager of the Server (i.e. tab Files).
At this point it’s not technically possible to restrict file access in spaces within one Server installation because all spaces actually use the same account. If a hard separation is required, a separate Server installation running under a different account would be necessary.
FYI, our solution is to create a morph project that deals with folder creation inside the user workspace and enables the user to launch a task based on this project.