You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use the 👍 reaction to show support for this feature.
Avoid commenting unless you have relevant information to add; unnecessary comments create noise for subscribers.
Subscribe to receive notifications about status changes and new comments.
Is your feature request related to a problem? Please describe.
In many real-world deployments (especially enterprise and multi-tenant environments), files stored in Nextcloud may contain sensitive or personally identifiable information (PII).
While Nextcloud already provides strong access control and sharing mechanisms, access is currently binary at the file level (read/write/share). This creates a limitation:
Users who need partial access to a file must be granted full visibility
There is no built-in way to restrict or mask sensitive sections of a document
Compliance requirements (e.g., GDPR) often require controlled data exposure rather than full access
This leads to workarounds such as duplicating files, manually redacting content, or restricting access more than necessary, which reduces usability and increases operational overhead.
Describe the solution you'd like
I would like to propose an access-level aware file interaction layer with optional PII masking capabilities, including:
Granular Access Levels
Extend permissions beyond read/write to include: View-only (no raw download), Redacted view, Editable with restricted fields (future extension)
Potential integration with roles or groups
PII Detection & Masking Layer
Automatic or configurable detection of sensitive entities: Names, emails, phone numbers, IDs, financial data, etc.
Masking strategies: Full masking (e.g., *), Partial masking (e.g., e@mail.com), Role-based visibility (e.g., admins see full, others see masked)
On-the-fly Rendering
Masking should be applied dynamically during file preview/rendering
Original file remains unchanged
Works with: Text-based files, PDFs, Office documents
Policy Engine (maybe)
Define rules like: “Users in group X can only view masked versions”, “External shares always enforce masking”
Could integrate with existing sharing and permissions logic
Auditability
Log when masked vs unmasked data is accessed
Helpful for compliance and monitoring
Describe alternatives you've considered
I have tried manual redaction before upload, however it is error-prone and not scalable. Also, maintaining multiple file versions (masked and unmasked) is cumbersome. I couldn't integrate my local solutions. Plus, instead of masking restricting access entirely complicates workflows, not effective at all.
Additional context
This feature would significantly improve document management, privacy-first deployments, multi-role collaboration scenarios, and GDPR compliance-sensitive environments.
If there are existing ongoing efforts in this area, I’d be happy to collaborate or align with them.
Tip
Help move this idea forward
Is your feature request related to a problem? Please describe.
In many real-world deployments (especially enterprise and multi-tenant environments), files stored in Nextcloud may contain sensitive or personally identifiable information (PII).
While Nextcloud already provides strong access control and sharing mechanisms, access is currently binary at the file level (read/write/share). This creates a limitation:
This leads to workarounds such as duplicating files, manually redacting content, or restricting access more than necessary, which reduces usability and increases operational overhead.
Describe the solution you'd like
I would like to propose an access-level aware file interaction layer with optional PII masking capabilities, including:
Describe alternatives you've considered
I have tried manual redaction before upload, however it is error-prone and not scalable. Also, maintaining multiple file versions (masked and unmasked) is cumbersome. I couldn't integrate my local solutions. Plus, instead of masking restricting access entirely complicates workflows, not effective at all.
Additional context
This feature would significantly improve document management, privacy-first deployments, multi-role collaboration scenarios, and GDPR compliance-sensitive environments.
If there are existing ongoing efforts in this area, I’d be happy to collaborate or align with them.