Overview
SMART Migration needs permissions to access and work with Team Folders in Nextcloud. To handle this securely and efficiently, we use a group-based approach that gives administrators full control over the migration process.
The SMARTMigration Group
When a job starts, SMART Migration automatically creates a special Nextcloud group called “SMARTMigration.” This group acts as a bridge between the migration account and the Team Folders. Think of it as a master key that can be granted or revoked as needed.
How Permissions Work
For simplicity and consistency, the SMARTMigration group always receives full “Read, Write, Delete” permissions (permission level 15) when added to a Team Folder. This unified approach ensures Predictable behavior: so the tool always has the permissions it needs for any operation
Benefits for Administrators
This approach provides several advantages:
- Full audit trail: All migration activities are logged under the SMARTMigration group, making it easy to track what was accessed and when
- Simple access control: Administrators can instantly revoke all migration access by simply deleting the SMARTMigration group
- Easy reactivation: If migration needs to resume or continue later, the group is then automatically recreated and permissions reassigned to the relevant Team Folders
Security and Flexibility
This design ensures that the migration account only has access when needed and only to the folders being actively migrated. While the group has full permissions when active, removing the group immediately cuts off all access, maintaining security while providing the flexibility to resume operations whenever necessary.