How to restrict sub-admins from assigning users to unauthorized paths or groups? #2029

philipp121 · 2025-07-24T18:32:23Z

philipp121
Jul 24, 2025

I'm currently evaluating SFTPGo and exploring whether it can support a self-service model for internal teams.
The setup I’m testing includes:

A dedicated Role with associated permissions
A Group representing a team
A User and a Sub-Admin, both assigned to that Role

The challenge:
I want to isolate teams from each other, but currently I can't find a way to prevent the following:

A Sub-Admin from assigning a home directory or virtual folder path that reaches into another team's space.
For example:

Team A's data: /srv/sftpgo/data/group1
Team B's data: /srv/sftpgo/data/group2
Sub-Admins from group1 should not be able to set paths like /srv/sftpgo/data or /srv/sftpgo/data/group2.

A Sub-Admin from assigning groups to users that they should not have access to.

My main question:
Is SFTPGo designed to support this kind of shared, multi-tenant setup with strict isolation between teams, or is it better to deploy a separate SFTPGo instance per team/project to achieve proper isolation?

Thanks in advance for any clarification or recommendations!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

How to restrict sub-admins from assigning users to unauthorized paths or groups? #2029

Uh oh!

{{title}}

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

Uh oh!

How to restrict sub-admins from assigning users to unauthorized paths or groups? #2029

Uh oh!

philipp121 Jul 24, 2025

Replies: 0 comments

philipp121
Jul 24, 2025