Sharing accounts with other users and groups

[soudis]

Great plugin, really awesome job!

I got one thing on my wishlist, which is to be able to share an account with other users or groups.

Usecase: My nextcloud consists of around 10 teams having around 20 members each. Every team is a project having a shared e-mail account and there is a shared e-mail account for all teams. When a new member joins a team, he/she needs to be able to access the shared e-mail accounts. Sending him or her the credentials is dangerous and if he/she leaves the team the credentials need to be changed. Therefore it would be great to have the opportunity to create an account and share it with other users or user groups. Then they can access the e-mail account as long as they are part of the group, if they leave I just unshare the account and do not have to change the credentials.

From what I can see it could be done by:

• create oc_mail_shares table
• create sharing section in account settings page
• add join to oc_mail_shares table in MailAccountMapper.php

Unfortunately I'm not yet fit enough to do it, but if someone from the core team could advise if that approach is feasibel, I could give it a try

---

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[ChristophWurst]

cc @nextcloud/mail

[jancborchardt]

This seems to be a very specific case. But yeah, @soudis if you are down to contribute and maintain the feature it could be done, I guess?

[bpcurse]

Another thank you for this great piece of work!

The proposed feature would be very helpful for co-working and distinguishing to other software solutions - at least I didn't find any open source software supporting this - and I'm quite sure the scenario is not uncommon. We too have multiple groups using different co-working email accounts.

If this feature is ever to be realized it would be great to be able to share an email account to selected groups / users optionally as "read-only". E.g. as in "groupfolders" app admin settings. The user can view the account, but mails are not marked as "read" and they cannot be deleted (and sent).

Account credentials: The shared e-mail accounts login data could also be set globally in admin settings alike "external storage". Although this requires the user who creates it to be part of admin group.

[moonwolf-github]

Shouldn't it be done with mail lists?

[bpcurse]

@moonwolf-github Yes and No.
Mailing lists can forward the mail to all other users but mailing lists cannot grant the users access to the folder structure and the actual situation / changes inside it (read yes/no, marked as favorite, moved, deleted, junk, and so on) and mailing lists are not integrated in Nextcloud.

[bpcurse]

I just found the wonderful "default account" feature mail is already supporting. It almost seems to me you are hiding this great feature from the world ;)

@jancborchardt @soudis If the "default account" feature from #28 could be extended to also support a single (or multiple) non-dynamic default account per group and/or per user this would be a really powerful tool.
Don't know if this is what soudis was looking for but for our setup it would be really perfect (maybe with a read only option?).

[soudis]

@bpcurse Thanks for the hint, I was not aware that that's there. It definitely goes into the right direction. However the users would still have to enter the password. The main reason why I want this is, that it's difficult to have the password delivered to 20 people everytime it is changed, which has to be done everytime someone leaves the group.

But I'll look into it, maybe this feature can be easily extended to support my requirements.

Also to prevent misunderstandings: What I proposed was no mailing list, but a shared e-mailaddress per LDAP group. I live in a selforganized house project and we got 1 contact email for outside requests for the whole house which has to be accessed by all tennants from time to time

[bpcurse]

@soudis I think we have a similar use case. Have a look at my last comment here #745

[paviro]

I would also be interested in a feature like this for my non profit organization. It would allow us to give people access to certain mailboxes but also revoke them when needed.

[wdfee]

@paviro: I think it's generally better to use IMAP accounts for shared email accounts, or even better mailing lists where all emails sent to that email address are redistributed to the subscribers and everyone continues to use their own email address.

[paviro]

@wdfee thanks for the infos! A Mailinglist won't work in our case I think but I look into IMAP accounts again.

[johanpeters]

Hello, any news on this topic?..
from my point of view 2 situations..

1. end user gets options to share inbox folder(s) for specific users with rights (read, send as,etc)
2. manager of the nexcloud has a option to give rights to users on specific mailboxes (non personal).

if option 1 is available.. the manager can create user accounts for non personal mailboxes. log in as that user.. and define rights on that mailbox..

[dehnhardt]

@johanpeters: As @wdfee has already said, this can be done at the IMAP sharing level with access control lists (ACL) if the IMAP server supports it.
If you set the ACLs with another mail client, you can already see the shared folders in NC-Mail.
Sharing mail folders using a non-standard method doesn't make sense to me because it would violate IMAP authorization.
Of course it would be great if editing ACLs was also available in NC-Mail.

[DrRSatzteil]

May I suggest a slightly different approach for mail sharing?

I use Spark (https://sparkmailapp.com/) to read my mails on the phone and I kind of hate myself doing it because I'm usually somewhat concerned about privacy... Anyway, apart from the excellent Google Inbox-Style features the main reason why I still stick to Spark is the possibility to create organisations and share mails within these organisations. In Spark you can share single mails with members of your organisation and even delegate the answering of mails to your team members. Everything is integrated smoothly in your regular inbox so you don't even need to know that this is not done via regular email. These features are (as far as I know) pretty unique on the market of mobile mail apps and thus there are not many alternatives yet. Unfortunately this of course requires you to setup an account with readdle, give them your credentials and allow them to read your mails... (°O°)/ So actually I'd absolutely love to see a nextcloud mail version of these features (maybe share within a group or a circle or any user of your instance or even on a federated cloud) and I guess it could be possible to use this feature for the original purpose of this issue as well: If you would allow to set a default behaviour for new mails they could be shared with all your team members. But in turn it would give you even more control about what you share if you share individually.

[kagithd]

@johanpeters: As @wdfee has already said, this can be done at the IMAP sharing level with access control lists (ACL) if the IMAP server supports it.
If you set the ACLs with another mail client, you can already see the shared folders in NC-Mail.
Sharing mail folders using a non-standard method doesn't make sense to me because it would violate IMAP authorization.
Of course it would be great if editing ACLs was also available in NC-Mail.

It Would be Amazing if we had features like the IMAP-ACLs in NC like horde does.

[SvenKoeck]

Hi, I'd love to have that feature, too. Any progress yet?
best regards
Sven

[tommerty]

Would also love a feature like this! Even if I created a user and was able to share their inbox with other uesrs or groups would be a big win in terms of handling emails that come into support@ inboxes and such!

[xbluemonkx]

Hi,
there is a app called "groupfolders" this allows an admin to create shared folders and provide usergroups access to those folders.
I wish there was an app called "groupmail" where an admin can add multiple mail accounts and grand access to that mail account to specific user groups.

[Thatoo]

Hi, there is a app called "groupfolders" this allows an admin to create shared folders and provide usergroups access to those folders. I wish there was an app called "groupmail" where an admin can add multiple mail accounts and grand access to that mail account to specific user groups.

that would be awesome!
In groupware, we can provide emails to users on a pattern based and that is cool. We could easily set an email account for all users if only there were a password field to fill in available.

Do you think it's a possible option @ChristophWurst ? This way we could easily have a shared email account between all users (the best would be to be able to restrict by groupes obviously).

[Thatoo]

Groupes or circles...