diff --git a/modules/admin_manual/pages/configuration/general_topics/impersonate_users.adoc b/modules/admin_manual/pages/configuration/general_topics/impersonate_users.adoc deleted file mode 100644 index 9685a1dbb..000000000 --- a/modules/admin_manual/pages/configuration/general_topics/impersonate_users.adoc +++ /dev/null @@ -1,154 +0,0 @@ -= Impersonating Users -:toc: right -:page-aliases: issues/impersonate_users.adoc - -:description: To help users debug an issue or to get a better understanding of what they see when they use their ownCloud account, you can impersonate their ownCloud user. - -== Introduction - -{description} The ability to do so is a feature delivered via an ownCloud app called *Impersonate*. - -== Limitations - -* This functionality is available to administrators only. -* Impersonating is not possible when the specific user has never logged in before. - -== Impersonating a User - -When installed, you can then impersonate users; in effect, you will be logged in as a specific user. To do so, go to the Users list, where you will now see a new column available called btn:[Impersonate], as in the screenshot below. - -image::apps/impersonate/picking-a-user-to-impersonate.png[Picking a User to Impersonate, width=350] - -Click the gray head icon next to the user that you want to impersonate. Doing so will log you in as that user, temporarily pausing your current session. You will see a notification at the top of the page that confirms you're now logged in as (or impersonating) that user. - -image::apps/impersonate/impersonating-a-user.png[Impersonating a user, width=350] - -Anything that you see until you log out will be what that user would see. - -== Ending an Impersonation - -When you're ready to stop impersonating the user, log out and you will return to your normal user session. - -== Group Concept for Impersonation - -Impersonate has two layers defining groups for impersonation. It is important to understand, that both the impersonator and the user to be impersonated must have the Impersonate app enabled. This means, if any groups are defined at the two layers, they must have an overlapping member area. - -. The first layer is defined at the level of the app, see xref:define-who-can-use-impersonate[Define Who can Use Impersonate]. This layer can be seen as a general area. If you do not want to have any restrictions, uncheck the checkbox, which means all users are eligible. - -. The second layer is defined at the level where the one who can impersonate and who can be impersonated are configured. See xref:define-who-is-allowed-to-impersonate[Define Who is Allowed to Impersonate]. This layer can be regarded as the detailed area. - -As a rule of thumb, first enable (1) as widely as wanted, then add option (2) as needed. - -NOTE: If an impersonator is granted the right to impersonate but cannot impersonate all or particular users, then the reason is usually that the impersonator is not a member of the respective groups. - -== Define Who can Use Impersonate - -* If you have installed and enabled the Impersonate App, you can define if any groups are granted the right to _use_ impersonation. To do so, go to menu:Your Username[Settings > Admin > Apps]. Members of the groups specified can use the Impersonate app, see xref:define-who-is-allowed-to-impersonate[Define Who is Allowed to Impersonate]. -+ -image:apps/impersonate/impersonate_enable.png[Define who can use Impersonate,width=250] - -** You can also use an occ command to enable the Impersonate app for all users: -+ -[source,bash,subs="attributes+"] ----- -{occ-command-example-prefix-docker} config:app:set \ - impersonate enabled --value 'yes' ----- - -** You can also use an occ command to define groups whose members are granted the right to _use_ impersonation: -+ -[source,bash,subs="attributes+"] ----- -{occ-command-example-prefix-docker} config:app:set \ - impersonate enabled --value '["admin","einstein-g"]' ----- - -== Define Who is Allowed to Impersonate - -As a security measure, the application lets ownCloud administrators restrict the ability to impersonate users to: - -- ownCloud administrators only. -- All group administrators. -- Administrators for specific groups. - -NOTE: By default, when the Impersonate app is installed and no further configuration is taken, only ownCloud administrators will be allowed to impersonate users. - -To configure impersonation, go to the administrator settings panel, which you can find under menu:User Name[Settings > Admin > User Authentication], at section titled: btn:[Impersonate Settings]. - -* Use the following to allow impersonation for ownCloud admins only: -+ -image:apps/impersonate/impersonate_oc_admins_only.png[Impersonate for ownCloud admins only,width=350] - -** You can also use occ commands to do so: -+ --- -[source,bash,subs="attributes+"] ----- -{occ-command-example-prefix-docker} config:app:set \ - impersonate impersonate_all_groupadmins --value false ----- - -[source,bash,subs="attributes+"] ----- -{occ-command-example-prefix-docker} config:app:set \ - impersonate impersonate_include_groups --value false ----- - -[source,bash,subs="attributes+"] ----- -{occ-command-example-prefix-docker} config:app:set \ - impersonate impersonate_include_groups_list --value '[]' ----- --- - -* If you want to allow all group admins to impersonate users within groups which they administer: -+ -image:apps/impersonate/impersonate_group_admins_only.png[Impersonate for all group admins,width=500] - -** You can also use occ commands to do so: -+ --- -[source,bash,subs="attributes+"] ----- -{occ-command-example-prefix-docker} config:app:set \ - impersonate impersonate_all_groupadmins --value true ----- - -[source,bash,subs="attributes+"] ----- -{occ-command-example-prefix-docker} config:app:set \ - impersonate impersonate_include_groups --value false ----- - -[source,bash,subs="attributes+"] ----- -{occ-command-example-prefix-docker} config:app:set \ - impersonate impersonate_include_groups_list --value '[]' ----- --- - -* If you want to limit impersonation to admins of specific groups, first click btn:[Allow group admins of specific groups...]. With the option checked, click into the textbox underneath it. You will see a list of all groups on your ownCloud installation, which will change, based on what you type in the textbox to search for specific groups. Choose one or more groups from the list, and they will be added to the textbox, restricting this functionality to admins of those groups only. -+ -image:apps/impersonate/impersonate_groups_only.png[Impersonate for specific group admins,width=350] - -** You can also use occ commands to do so: -+ --- -[source,bash,subs="attributes+"] ----- -{occ-command-example-prefix-docker} config:app:set \ - impersonate impersonate_all_groupadmins --value false ----- - -[source,bash,subs="attributes+"] ----- -{occ-command-example-prefix-docker} config:app:set \ - impersonate impersonate_include_groups --value true ----- - -[source,bash,subs="attributes+"] ----- -{occ-command-example-prefix-docker} config:app:set \ - impersonate impersonate_include_groups_list --value '["group1", "group2"]' ----- --- diff --git a/modules/admin_manual/pages/configuration/general_topics/index.adoc b/modules/admin_manual/pages/configuration/general_topics/index.adoc index 48ceb99ef..1ea1260c3 100644 --- a/modules/admin_manual/pages/configuration/general_topics/index.adoc +++ b/modules/admin_manual/pages/configuration/general_topics/index.adoc @@ -3,5 +3,4 @@ In this section you will find information about: - xref:configuration/general_topics/code_signing.adoc[Code Signing] -- xref:configuration/general_topics/impersonate_users.adoc[Impersonating Users] - xref:configuration/general_topics/search.adoc[Full Text Search] diff --git a/modules/admin_manual/pages/configuration/server/occ_commands/core_commands/_config_commands.adoc b/modules/admin_manual/pages/configuration/server/occ_commands/core_commands/_config_commands.adoc index d16828473..bfcc16182 100644 --- a/modules/admin_manual/pages/configuration/server/occ_commands/core_commands/_config_commands.adoc +++ b/modules/admin_manual/pages/configuration/server/occ_commands/core_commands/_config_commands.adoc @@ -30,7 +30,6 @@ The following apps, core functions or documents use/refer to `config:app` settin * xref:configuration/user/user_management.adoc#enabling-custom-groups[Custom Groups] * xref:configuration/files/file_sharing_configuration.adoc[File Sharing] * xref:configuration/server/security/hsmdaemon/index.adoc[The HSM (Hardware Security Module) Daemon (hsmdaemon)] -* xref:configuration/general_topics/impersonate_users.adoc[Impersonating Users] * xref:configuration/user/user_auth_ldap.adoc[LDAP Integration] * xref:configuration/server/legal_settings_configuration.adoc[Legal Settings Configuration] * xref:configuration/files/manual_file_locking.adoc[Manual File Locking] diff --git a/modules/admin_manual/pages/enterprise/external_storage/sharepoint-integration_configuration.adoc b/modules/admin_manual/pages/enterprise/external_storage/sharepoint-integration_configuration.adoc deleted file mode 100644 index ecafe7337..000000000 --- a/modules/admin_manual/pages/enterprise/external_storage/sharepoint-integration_configuration.adoc +++ /dev/null @@ -1,117 +0,0 @@ -= Configuring SharePoint Integration -:toc: right - -== Introduction - -Native SharePoint support has been added to the ownCloud Enterprise -edition as a secondary storage location for SharePoint 2007, 2010 and -2013. When this is enabled, users can access and sync all of their -SharePoint content via ownCloud, whether in the desktop sync, mobile or -Web interfaces. Updated files are bi-directionally synced automatically. -SharePoint shares are created by the ownCloud admin, and optionally by -any users who have SharePoint credentials. - -The ownCloud SharePoint plugin uses SharePoint document lists as remote -storage folders. ownCloud respects SharePoint access control lists -(ACLs), so ownCloud sharing is intentionally disabled for SharePoint -mountpoints. This is to preserve SharePoint ACLs and ensure content is -properly accessed as per SharePoint rules. - -The plugin uses the Simple Object Access Protocol (SOAP) and WebDAV for -the uploads and downloads to talk to SharePoint servers. Your ownCloud -server must have the php modules `php-phpseclib` and `php-soap` installed -and the SOAP module enabled with `phpenmod soap`. A webserver restart may be required after adding/changing php modules. - -The supported authentication methods are: - -* Basic Auth -* NTLM (Recommended) - -== Creating a SharePoint Mount - -Enable the SharePoint app, and then enter the `Admin` panel to set up -SharePoint connections in the `SharePoint Drive Configuration` section. - -Enter your SharePoint Listing credentials. These credentials are not -stored in the database, but are used only during plugin setup to list -the Document Libraries available per SharePoint site. - -image:enterprise/external_storage/sharepoint/sharepoint-1.png[Listing and global credentials.] - -`Global credentials` is optional. If you fill in these fields, these -credentials will be used on all SharePoint mounts where you select: -*Use global credentials* as the authentication credentials. - -image:enterprise/external_storage/sharepoint/sharepoint-2.png[Creating a new mountpoint.] - -Enter your ownCloud mountpoint in the `Local Folder Name` column. This -is the name of the folder that each user will see on the ownCloud -filesystem. You may use an existing folder, or enter a name to create a -new mount point - -Select who will have access to this mountpoint, by default *All users*, -or a user or a group. - -Enter your SharePoint server URL, then click the little refresh icon to -the left of the `Document Library` field. If your credentials and URL -are correct you’ll get a dropdown list of available SharePoint -libraries. Select the document library you want to mount. - -image:enterprise/external_storage/sharepoint/sharepoint-3.png[Selecting auth credentials.] - -Select which kind of Authentication credentials you want to use for this -mountpoint. If you select *Custom credentials* you will have to enter -the credentials on this line. Otherwise, the global credentials or -the user’s own credentials will be used. Click Save, and you’re done - -== Enabling Users - -You may allow your users to create their own SharePoint mounts on their -Personal pages, and allow sharing on these mounts. - -image:enterprise/external_storage/sharepoint/sharepoint-4.png[Allow user SharePoint mounts.] - -== Note - -Speed up load times by disabling file previews in `config.php`, because -the previews are generated by downloading the remote files to a temp -file. This means ownCloud will spend a lot of time creating previews for -all of your SharePoint content. To disable file previews, add the -following line to the ownCloud config file found in -`/owncloud/config/config.php`: - -[source,php] ----- -'enable_previews' => false, ----- - -== Troubleshooting - -=== Unsharing - -SharePoint unsharing is handled in the background via Cron. If you -remove the sharing option from a SharePoint mount, it will take a little -time for the share to be removed, until the Cron job runs. - -=== Logging - -Turn on SharePoint app logging by modifying `config/config.php`, setting -`sharepoint.logging.enable` to `true`, as in the example below. - -[source,php] ----- -'sharepoint.logging.enable' => true, ----- - -=== Mount Points - -Global mount points can’t be accessed: You have to fill out your -SharePoint credentials as User on the personal settings page, or in the -popup menu. These credentials are used to mount all global mount points. - -Personal mount points can’t be accessed: You have to fill your -SharePoint credentials as User on the personal settings page in case -your personal mount point doesn’t have its own credentials. - -A user can’t update the credentials: Verify that the correct credentials -are configured, and the correct type, either global or custom. diff --git a/modules/admin_manual/pages/enterprise/file_management/files_lifecycle.adoc b/modules/admin_manual/pages/enterprise/file_management/files_lifecycle.adoc index d301aae12..b8c12b4b0 100644 --- a/modules/admin_manual/pages/enterprise/file_management/files_lifecycle.adoc +++ b/modules/admin_manual/pages/enterprise/file_management/files_lifecycle.adoc @@ -99,7 +99,7 @@ The _soft policy_ is used by default. To switch from the hard policy to the soft The _hard policy_ is designed to enforce strict controls on user data, forcing archiving after the defined time and requiring escalated permissions in order to restore. If the archived data is still needed, users need to get in contact with a privileged manager and request the restoration. -TIP: When the _hard policy_ is in place only administrators (or also group administrators, depending on the configuration) are able to restore files from the archive by impersonating the respective users. The {oc-marketplace-url}/apps/impersonate[Impersonate app] has to be installed and enabled as a prerequisite. Apart from that, system administrators can also use _occ_ commands to restore data from the archive (see section xref:restoring-files[Restoring Files]). +TIP: When the _hard policy_ is in place only administrators (or also group administrators, depending on the configuration) are able to restore files from the archive. System administrators can use _occ_ commands to restore data from the archive (see section xref:restoring-files[Restoring Files]). To put the _hard policy_ in place, use this _occ_ command: diff --git a/modules/admin_manual/pages/installation/apps_supported.adoc b/modules/admin_manual/pages/installation/apps_supported.adoc index f35eedb78..0e8ec09c5 100644 --- a/modules/admin_manual/pages/installation/apps_supported.adoc +++ b/modules/admin_manual/pages/installation/apps_supported.adoc @@ -37,7 +37,6 @@ Cannot be disabled * First Run Wizard * {oc-marketplace-url}/apps/search_elastic[Full Text Search] * xref:configuration/user/guests_app.adoc[Guests] -* {oc-marketplace-url}/apps/impersonate[Impersonate] * {oc-marketplace-url}/apps/announcementcenter[Notifications] * {oc-marketplace-url}/apps/openidconnect[OpenID Connect] * xref:configuration/files/external_storage/webdav.adoc[ownCloud WebDAV Endpoint] + @@ -56,7 +55,6 @@ Handles old and new webdav endpoints * {oc-marketplace-url}/apps/objectstore[Object Storage Support] * {oc-marketplace-url}/apps/password_policy[Password Policy] * {oc-marketplace-url}/apps/ransomware_protection[Ransomware Protection] -* {oc-marketplace-url}/apps/sharepoint[External Storage: SharePoint] * {oc-marketplace-url}/apps/systemtags_management[Collaborative Tags Management] * {oc-marketplace-url}/apps/user_shibboleth[SAML/Shibboleth User Backend] * {oc-marketplace-url}/apps/windows_network_drive[Windows Network Drives (requires External Storage)] diff --git a/modules/admin_manual/pages/maintenance/migrating_to_kiteworks.adoc b/modules/admin_manual/pages/maintenance/migrating_to_kiteworks.adoc index e84a8950e..8694e8175 100644 --- a/modules/admin_manual/pages/maintenance/migrating_to_kiteworks.adoc +++ b/modules/admin_manual/pages/maintenance/migrating_to_kiteworks.adoc @@ -135,8 +135,6 @@ To be prepared for the migration, both sides need to match the prerequisites. Pl The `occ migrate:to-kiteworks:verify` step will point out missing email addresses. These must be rectified before any migration can start. * The ownCloud config setting xref:configuration/server/config_sample_php_parameters.adoc#override-cli-url[overwrite.cli.url] must exist and have a value. This config key is typically added and configured during setup. The `occ migrate:to-kiteworks:verify` step will check for this config setting. The value must match the ownCloud installation. - -* We recommend installing and enabling, if not already present and enabled, the {oc-marketplace-url}/apps/impersonate[Impersonate] app. This app can be used for example to solve file and folder case conflicts that can be reported during the migration process. ==== ==== Installing Required Components diff --git a/modules/admin_manual/partials/nav.adoc b/modules/admin_manual/partials/nav.adoc index be4e4a658..a8368d425 100644 --- a/modules/admin_manual/partials/nav.adoc +++ b/modules/admin_manual/partials/nav.adoc @@ -57,7 +57,6 @@ *** xref:admin_manual:configuration/general_topics/index.adoc[General Topics] **** xref:admin_manual:configuration/general_topics/code_signing.adoc[Code Signing] -**** xref:admin_manual:configuration/general_topics/impersonate_users.adoc[Impersonate Users] **** xref:admin_manual:configuration/general_topics/search.adoc[Full Text Search] *** xref:admin_manual:configuration/server/index.adoc[Server] @@ -136,7 +135,6 @@ **** xref:admin_manual:enterprise/document_classification/classification_and_policy_enforcement.adoc[Classify Documents and Enforce Policies] *** External Storage **** xref:admin_manual:enterprise/external_storage/ldap_home_connector_configuration.adoc[LDAP Home Connector Configuration] -**** xref:admin_manual:enterprise/external_storage/sharepoint-integration_configuration.adoc[Sharepoint integration Configuration] **** xref:admin_manual:enterprise/external_storage/windows-network-drive_configuration.adoc[Windows Network Drive Configuration] *** File Management **** xref:admin_manual:enterprise/file_management/files_tagging.adoc[File Tagging] diff --git a/modules/classic_ui/pages/external_storage/sharepoint_connecting.adoc b/modules/classic_ui/pages/external_storage/sharepoint_connecting.adoc deleted file mode 100644 index 5cf93315f..000000000 --- a/modules/classic_ui/pages/external_storage/sharepoint_connecting.adoc +++ /dev/null @@ -1,61 +0,0 @@ -= Connecting to SharePoint (Enterprise only) -:toc: right -:description: Native SharePoint support has been added to ownCloud Enterprise Subscription as a secondary storage location for SharePoint 2007, 2010 and 2013. To the user, these appear as normal ownCloud mounts, with bi-directional updates in any ownCloud client: desktop, mobile, or Web. - -== Introduction - -{description} - -There is one difference, and that is ownCloud sharing is intentionally -disabled for SharePoint mountpoints in order to preserve SharePoint -access controls, and to ensure that content is properly accessed as per -SharePoint rules. Your ownCloud admin may optionally allow users to mount their own -SharePoint libraries. - -== Accessing SharePoint Folders - -When you first log in to ownCloud, the Web interface shows a gray bar -behind all SharePoint folders. The gray bar disappears when the -mountpoint is verified by the server. If you see a red error bar, you’ll -see either an hourglass that indicates a connection error, or a key to -indicate that authentication is required. - -Your ownCloud admin has the option to configure SharePoint credentials -so that you are authenticated automatically, or you may be required to -enter your credentials. If you have to enter your credentials, click the -btn:[red bar] and you’ll get a login window. You should only have to do this -once, as ownCloud will store your credentials. - -If your SharePoint login ever changes, go to your Personal page to -update it in the `Sharepoint Personal Configuration` section. - -== Personal Page - -You can manage your SharePoint connections in the -`Sharepoint Personal Configuration` section of your ownCloud Personal -page. You’ll see two sections: the `Admin added mount points` section -lists SharePoint mounts controlled by your ownCloud admin. If users have -permissions to mount their own SharePoint libraries you’ll also see a -`Personal mount points` section. - -There are two types of authentication available to you. If you have -multiple SharePoint libraries that use the same authentication, enter -your credentials in `Sharepoint Personal Configuration`. Then follow -these steps to add your libraries: - -* Enter the name of your local mountpoint in the `Local Folder Name` -column. -* Enter your SharePoint server URL. -* Click the little refresh icon to the left of the `Document Library` -field. If your credentials and URL are correct you’ll get a dropdown -list of SharePoint libraries to choose from. -* Select the document library you want to mount. -* Select "Use user credentials". -* Click the btn:[Save] button, and you’re done - -You may elect to use different authentication credentials for some of -your SharePoint libraries. For these, you must first select -`use custom credentials`, and then fill in the mountpoint and -SharePoint site URL. Then ownCloud can authenticate you, and you can -click the btn:[refresh] icon to see your libraries. Then select the library -you want to mount and click the btn:[Save] button. diff --git a/modules/classic_ui/partials/nav.adoc b/modules/classic_ui/partials/nav.adoc index 75337bd87..4a3e82ba4 100644 --- a/modules/classic_ui/partials/nav.adoc +++ b/modules/classic_ui/partials/nav.adoc @@ -28,7 +28,6 @@ *** xref:classic_ui:online_collaboration.adoc[Online Collaboration] *** xref:classic_ui:files/webgui/quota.adoc[Storage Quotas] *** xref:classic_ui:external_storage/external_storage.adoc[External Storage] -*** xref:classic_ui:external_storage/sharepoint_connecting.adoc[Connecting to SharePoint] *** xref:classic_ui:files/desktop_mobile_sync.adoc[Desktop Mobile Sync] ** xref:classic_ui:apps/index.adoc[Apps] *** xref:classic_ui:apps/activity.adoc[Activity]