# Provide virtual file systems access through Groups

To simplify **access to multiple Actors’ VFSs**, administrators can assign users to a group and associate that group with the VFSs. When users belonging to the group log in, they can view all assigned VFSs in a single, unified interface, saving time and reducing navigation effort. 

Any updates made to the VFSs or their folders are immediately visible to all users in the group, ensuring that the displayed content is always up to date.

When a new user is added to a group that is already associated with Actors’ VFSs, the user automatically gains access to all those VFSs. Conversely, if a user should no longer have access, removing the user from the group immediately revokes their visibility - no additional configuration is required.

#### Example scenario

Three users - Eddie, Sam, and Buzz - need access to specific VFSs belonging to two different Actors: **ESA** and **NASA**.

<figure><img src="/files/ix8IKCOJDzfdbC1OSwZx" alt="" width="563"><figcaption></figcaption></figure>

By creating a group that includes the three users and using the **Provide VFS access through assigned Groups** option, administrators can associate the required VFSs with the group.&#x20;

When Eddie, Sam, and Buzz log in to the system, they are presented with a **unified VFS structure** containing **top‑level folders named after the Actors** (ESA and NASA). All VFS subfolders are displayed **in alphabetical order** under each Actor name.&#x20;

<figure><img src="/files/zD6Ag4vCwHnBaq7s4YP4" alt="" width="375"><figcaption></figcaption></figure>

## Scenario configuration overview

The scenario is created through the following high‑level steps:

1. **Create the Users and the Group**
2. **Associate the Group to the Actor and their VFS**
3. **Configure a Connection Contract**

## Create the Users and the Group

Create the internal users and the internal group:

1. Go to **Setup** → **Internal Users**. No specific permissions are required.&#x20;
2. Go to **Setup** → **Internal Group**. No specific permissions are required. &#x20;
3. Add users **Eddie**, **Sam**, and **Buzz** to the group (for example, **Crew**)&#x20;

<figure><img src="/files/ex8WsjlwAmLDv8xS60F4" alt="" width="563"><figcaption></figcaption></figure>

## Associate the Group with Actors and VFSs

1. Go to the **Actors** page and edit the Actors whose VFSs the users need to access.&#x20;

{% hint style="info" %}
If you need to create a new Actor, click the **New** button and follow the steps on the [Create an actor](/data-mover-1.20/actors/create-an-actor.md) page.&#x20;
{% endhint %}

2. In the **Group** drop-down list, enter the group name (Crew) and associate it with the Actor.&#x20;

<figure><img src="/files/Bq7d80EzCJK4L9Ayl7Eu" alt="" width="346"><figcaption></figcaption></figure>

3. In the **Actor detail** page, go to the VFS tab and click the 3-dot menu and **Edit** to open the VFS.

{% hint style="info" %}
If you need to create a new VFS, click the **New** button and follow the steps on the [Create a virtual file system](/data-mover-1.20/virtual-file-systems/create-a-virtual-file-system.md) page. &#x20;
{% endhint %}

4. In the upper-right corner click the pencil icon and in the **Assign to Group** section, click the **Add** button.

<figure><img src="/files/zRN7LdC1X6rkVVlSP8Tk" alt="" width="563"><figcaption></figcaption></figure>

5. In the **Select group** window, choose the **Crew** group from the list and click **Confirm**.

{% hint style="info" %}
Note that only one group can be assigned to a VFS.
{% endhint %}

<figure><img src="/files/7iKHUvcUwUVGlnySWdKS" alt="" width="437"><figcaption></figcaption></figure>

6. Click **Save** to close the VFS window. &#x20;

Repeat these steps for each VFS that the users in the group must access.&#x20;

## Configure the Connection Contract

1. In the **Actor detail** page, click the **Connection contracts** tab to create the connection to the server.&#x20;
2. Click the **New** button and assign a Name to the **Connection contract**.&#x20;
3. Click the **Select** button and select the server.&#x20;

{% hint style="info" %}
Once a server is assigned to a Connection contract - and therefore linked to an Actor - it is removed from the **Select server** window. This is because each server can be associated with **only one** Connection Contract.
{% endhint %}

4. In the **New User/Group Association** window:
   * In the **Access through** menu, select the **Provide VFS access through assigned Groups** option.

<figure><img src="/files/IGnnH4eSZ9fCfxoWfLP3" alt="" width="407"><figcaption></figcaption></figure>

{% hint style="info" %}
When using **Provide VFS access through assigned Groups**, internal users or internal groups **do not need to be added** to the connection contract. Access is inherited automatically through the group–VFS association.
{% endhint %}

Once the users are assigned to that group, when they log into the system, they are presented with a unified VFS structure containing **top‑level folders named after the Actors** (ESA and NASA). All VFS subfolders are displayed **in alphabetical order** under each Actor name.&#x20;

<figure><img src="/files/fU43wpaajsC0SyT15BRV" alt="" width="164"><figcaption></figcaption></figure>

## Folder visibility and ACLs

By default, a user who has access to a VFS can see **all folders** within that VFS.

To restrict folder visibility to individual users, the VFS must be created with **ACL management enabled**.

{% hint style="warning" %}
**Important**\
ACL management **must be enabled at VFS creation time**. It cannot be enabled retroactively on an existing VFS.
{% endhint %}

When ACLs are enabled, visibility restrictions apply **at the folder level only**. ACLs do **not** control access to the VFS itself: all users of the group who can access a VFS will see the VFS root and folders, but only authorized users will access the folders they are explicitly assigned to them.

**Example**\
If only user **Eddie** must be granted access to the Juno folder in the NASA VFS, with ACL management enabled, all users of the group will see the VFS and its folders but only Eddie will be able to access the Juno folder.&#x20;

For more information, see the [Configure ACLs](/data-mover-1.20/virtual-file-systems/configure-a-virtual-file-system/configure-acls.md) page.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.primeur.com/data-mover-1.20/virtual-file-systems/provide-virtual-file-systems-access-through-groups.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.