Couchdrop's access management gives you precise control over user permissions. Access levels can be set granularly at the user, group, and organization level.
How access is structured
Users are limited to the access provided to them and never see the underlying storage platforms. When creating a user, you can specify a specific folder to act as their root folder, and they will be unable to see or access any files/folders outside of this boundary.
Couchdrop combines role-based access control (RBAC) with optional folder permissions and network ACLs.
User roles
Couchdrop has four pre-defined roles that can be specified when creating users in the Admin panel.
Owner — This role has full access to all settings, including billing and advanced security configuration. One owner is allowed per account and defaults to the original account creator.
Administrator — Administrators have access to the admin panel and user management, with some restrictions on billing and security settings.
Team Member — Team Members can create and manage external users, shared links, inboxes, and file transfers, but cannot access the admin panel.
External User — This is the default role for SFTP, FTP, and web access, typically used for users outside of the organization. External users cannot manage other users and have no administrative capabilities.
Users created in the main interface default to External user. For users who only need a limited access period, you can set an account expiry date to automatically revoke access at a specified time.
What users can access
Every user has a root directory that they cannot navigate above, and the true path of that directory is hidden from them. Multiple users can share the same root with different permission levels.
System-wide permissions can be set when creating or updating a user:
Read/Write — The user can view, download, and upload files.
Read only — The user can view and download files, but cannot upload or modify files/folders.
Write only — The user can upload files without being able to see or download other content.
User permissions for specific folders
For more granular control, folder-level permissions let you override the primary user settings on specific subfolders. For example, a user with read/write access can be restricted to read only on a particular subfolder or be granted access to a folder that sits outside their normal path entirely, without exposing the parent directory.
A user or group can be given any combination of the following of these permissions:
- List Contents
- Get Properties
- Upload
- Download
- Delete
- Share
- Create Inbox
- Set Notifications
- Set Permissions
Feature and protocol restrictions
Along with direct file and folder access controls, Couchdrop also allows admins to restrict access to features, protocols, and specific IP addresses.
Protocol restrictions — Control which transfer methods each user can access (SCP/SFTP, FTP/FTPs).
Network access controls — Network access control lists (ACLs) restrict connections to trusted IP addresses at the user, group, or account level. Network ACLs support individual IPs and CIDR ranges.
Feature restrictions — Restrict usage of the web interface and upload portals.