Restrict non-admins to only share with admins


I am evaluating seafile for the following use case. Will seafile work for this?

  1. Company signs up for my product (based on seafile).
  2. If possible this will be onlly one instance of seafile for multiple customers.
  3. The customers have clients, who will also use seafile.
  4. Customer admins and clients will both upload documents, but clients should only be able to share files with company admins.
  5. I can see all company admins, share, and customers of my clients.

Is seafile compatible with this?

Let me know if more details are needed or this is completely obvious. I’ve spent a couple days with seafile on yuno host, and can’t see a way. Perhaps with a pro license?

Welcome to the Seafile Forum!

I think Seafile can do all that you want. But: You’ll need Seafile Professional Edition (PE). Seafile CE does not offer multi-tenancy and role-based permissions. Both you’ll need.

Let me disect your requirements:
1.) Company signs up for my product -> you can create a user account or an organization (see 2. below) by API right from your sales platform
2.) One instance for multiple customers -> In Seafile PE, a tenant (called organization in Seafile) is a separate user group wiht an admin of its own and its own system resources in terms of maximum users and storage quota; users within one tenant can see one another, but users from different tenants do NOT see one another
3.) Multiple users per clients -> every tenant can have 1 or many users; the users in a tenant get usually managed by the the tenant admin, but the system admin can also do it (Important: the tenant admin must be a separate user, cannot be the system admin)
4.) Upload for all, sharing only to admin -> this is (a weird requirement and) nothing that Seafile supports out of the box. But there is a workable solution: In Seafile PE, you can define user permissions. I would create a role that prevents normal users from creating libraries of their own. Libraries normal users cannot create, they cannot share. Then the admin must share a library with them to which they have read-write access. They can upload files in this library.
5.) Full transparency for system admin -> sure thing.

All of the above presumes that you work with Seafile’s web interface Seahub. If you integrate Seafile features in a web interface of your own, then you have even more possibilities. But then we are talking a somewhat bigger project.

Let me know if you need more help.

@rdb thanks for the reply.

I figured I would need the Seafile PE for this, and thank you for confirming. Multi-tenancy is a good way to describe what I’m doing. Basically, I’d like to sell access to Seafile for my clients, so they can give access to Seafile to their clients. Then, their clients can share files with them, but their clients should not be able to share files with other clients (#4 in my original post). It sounds like I’ll need to figure this out a bit more. The use case is so that their clients can upload signed documents and perhaps other things. Since the ultimate goal is to have someone be able to plug a credit card into the site, become the admin user, and then start using the site right away for their clients, I see that you were onto the fact that we’d have to program the front-end or use the Seafile frontend. I want to use the Seafile frontend now to go to market quicker. I do want to engage more in this discussion with you, and perhaps you can help with the work or direct me to a resource that could. We would need the user creation, payment gateway integration (hook into that so after payment we setup users, etc), and perhaps some other things we come up with. I really appreciate your thoughts on this, and my apologies for taking a day or so to reply. Let me address the orig. points 1-5 here:

  1. We would create an organization for this, and then allow that user to be an admin of that org (if possible) and create new users.
  2. Perfect, this is the key thing that you’ve answered and I was missing. Thank you.
  3. Nice, again.
  4. I think the solution you mention will work. Basically, we want to put a system up for our clients, who have their own clients (not employees) so that their clients can share files with them and vice versa. I hope this makes more sense. I’m trying here ;p
  5. !!!

Thank you!
Feel free to DM me if poss. if you know someone or can do this work.

Hi again,

thanks for the additional info. This is interesting and helps. Now I also understand why you don’t want the clients to share documents among each other. They are not employees, we are talking separate companies! This was the missing link.

In summary, I think Seafile PE brings to the table all you need. I think you agree based on our discussion so far. There are numerous providers that offer file sharing services based on Seafile. I am most familiar with the German-speaking market. Providers there are, just the ones I know from the top of my head, YourSecureCloud, Witcom, Speicherbox, Metanet, Luckycloud. They all use standard Seafile PE and have customized it to various degrees. You can look how they do it.

The question is: How much extra effort do you want to invest in automation and customization. If you want to hit the market ASAP.

We, my company datamate, can probably help you. Just send us a message with a detailed descripton of what you need and we’ll get back to you.