> For the complete documentation index, see [llms.txt](https://docs.primeur.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.primeur.com/data-mover-1.20/virtual-file-systems/provide-virtual-file-systems-access-through-groups.md).

# Provide virtual file systems access through Groups

To simplify **access to multiple Actors’ VFSs**, administrators can assign users to a group and associate that group with the VFSs. When users belonging to the group log in, they can view all assigned VFSs in a single, unified interface, saving time and reducing navigation effort. 

Any updates made to the VFSs or their folders are immediately visible to all users in the group, ensuring that the displayed content is always up to date.

When a new user is added to a group that is already associated with Actors’ VFSs, the user automatically gains access to all those VFSs. Conversely, if a user should no longer have access, removing the user from the group immediately revokes their visibility - no additional configuration is required.

#### Example scenario

Three users - Eddie, Sam, and Buzz - need access to specific VFSs belonging to two different Actors: **ESA** and **NASA**.

<figure><img src="/files/ix8IKCOJDzfdbC1OSwZx" alt="" width="563"><figcaption></figcaption></figure>

By creating a group that includes the three users and using the **Provide VFS access through assigned Groups** option, administrators can associate the required VFSs with the group.&#x20;

When Eddie, Sam, and Buzz log in to the system, they are presented with a **unified VFS structure** containing **top‑level folders named after the Actors** (ESA and NASA). All VFS subfolders are displayed **in alphabetical order** under each Actor name.&#x20;

<figure><img src="/files/zD6Ag4vCwHnBaq7s4YP4" alt="" width="375"><figcaption></figcaption></figure>

## Scenario configuration overview

The scenario is created through the following high‑level steps:

1. **Create the Users and the Group**
2. **Associate the Group with Actors and VFSs**
3. **Configure a Company Connection Contract**

### Create the Users and the Group

Create the internal users and the internal group:

1. Go to **Setup** → **Internal Users**. No specific permissions are required.&#x20;
   * Example: **Eddie**, **Sam**, and **Buzz**.
2. Go to **Setup** → **Internal Group**. No specific permissions are required.&#x20;
   * Example: **Crew**.
3. Add internal users created in 1 to the internal group created in 2.&#x20;
   * Example: add users **Eddie**, **Sam**, and **Buzz** to the internal group **Crew**.

<figure><img src="/files/ex8WsjlwAmLDv8xS60F4" alt="" width="563"><figcaption></figcaption></figure>

### Associate the Group with Actors and VFSs

1. Go to the **Actors** page and edit the Actors whose VFSs the users need to access.&#x20;

{% hint style="info" %}
If you need to create a new Actor, click the **New** button and follow the steps on the [Create an actor](/data-mover-1.20/actors/create-an-actor.md) page.&#x20;
{% endhint %}

2. In the **Group** drop-down list, enter the group name (for example **Crew**) and associate it with the Actor.&#x20;

<figure><img src="/files/hwO0tTmg4FIjO6uHjYkB" alt="" width="289"><figcaption></figcaption></figure>

3. In the **Actor detail** page, go to the VFS tab and click the 3-dot menu and **Edit** to open the VFS.

{% hint style="info" %}
If you need to create a new VFS, click the **New** button and follow the steps on the [Create a virtual file system](/data-mover-1.20/virtual-file-systems/create-a-virtual-file-system.md) page. &#x20;
{% endhint %}

4. In the upper-right corner click the pencil icon and in the **Assign to Group** section, click the **Add** button.

<figure><img src="/files/zRN7LdC1X6rkVVlSP8Tk" alt="" width="563"><figcaption></figcaption></figure>

5. In the **Select group** window, choose the **Crew** group from the list and click **Confirm**.

{% hint style="info" %}
Note that only one group can be assigned to a VFS.
{% endhint %}

<figure><img src="/files/7iKHUvcUwUVGlnySWdKS" alt="" width="437"><figcaption></figcaption></figure>

6. Click **Save** to close the VFS window. &#x20;

Repeat these steps **for each VFS** that the users in the group must access.&#x20;

### Configure a Company Connection Contract

1. Go to **Company** and click the **Connection contracts** tab to create the connection to the server.&#x20;
2. Click the **New** button and assign a Name to the **Connection contract**.&#x20;
3. Click the **Select** button and select the server.&#x20;

{% hint style="info" %}
Once a server is assigned to a Connection contract - and therefore linked to an Actor - it is removed from the **Select server** window. This is because each server can be associated with **only one** Connection Contract.
{% endhint %}

4. In the **VFS and Users/Groups** section, click the **Add** button.&#x20;
5. In the **New User/Group Association** window: &#x20;

   * In the **Access through** menu, select the **Provide VFS access through assigned groups** option.

   <figure><img src="/files/IGnnH4eSZ9fCfxoWfLP3" alt="" width="407"><figcaption></figcaption></figure>

   * In the **Groups** tab, enter the name of the internal group and click **Add**.

   <figure><img src="/files/VR902YfK4Kl9EUh3werN" alt="" width="544"><figcaption></figcaption></figure>

As an alternative, in the **Users/Groups** section, **Users** tab, enter the name of the internal users (one at a time) and click **Add**.

<figure><img src="/files/YQSQw7RiY3XcQ8lepv6r" alt="" width="556"><figcaption></figcaption></figure>

6. Click **Save** to confirm.&#x20;

Once the users are assigned to that group, when they log into the system, they are presented with a unified VFS structure containing **top‑level folders named after the Actors** (ESA and NASA). All VFS subfolders are displayed **in alphabetical order** under each Actor name.&#x20;

<figure><img src="/files/fU43wpaajsC0SyT15BRV" alt="" width="164"><figcaption></figcaption></figure>

With this configuration, the **Crew** group (which includes the users **Eddie**, **Sam**, and **Buzz**) is associated with both the **ESA** and **NASA** Actors. As a result, all members of the **Crew** group will see the top-level folders representing the two Actors and will be able to access all VFSs associated with the **Crew** group.

{% hint style="info" %}
**Note:** When using this feature with **PR4** and **PR5/S**, the Actor names must match the corresponding **Queue Manager** names. This constraint exists because the first level of the navigation displays the names of the actors from which the group-associated VFSs are inherited. If the names do not match, the feature cannot correctly identify and expose the expected VFSs.
{% endhint %}

## Refine access to VFS and/or folders

### Associate the VFS with a group

To further restrict access, you can **associate a VFS with a group that is different from the group assigned to the Actor**. The group assigned to a VFS determines whether a user can access that specific VFS.

For example:

* The **NASA** and **ESA** Actors are both associated with the **Crew** group.
* All VFSs belonging to **NASA** are associated with the **Crew** group.
* Two VFSs belonging to **ESA** are associated with the **Crew** group.
* One VFS belonging to **ESA** is associated with a different group named **ESA-Group**.

In the scenario described above:

* **Sam** belongs to both the **Crew** group and the **ESA-Group**, so he can access both Actors and all of their VFSs.
* **Eddie** and **Buzz** belong only to the **Crew** group. They can access both **ESA** and **NASA**, all VFSs of **NASA**, and only the two **ESA** VFSs that are associated with the **Crew** group. The VFS folders associated with **ESA-Group** are not accessible to them.

<figure><img src="/files/eTyixIcVffSrP800EJp3" alt="" width="563"><figcaption></figcaption></figure>

To achieve this configuration:

1. Go to **Setup** → **Internal Groups** and create a group named **ESA-Group**.
2. Add **Sam** to **ESA-Group**.
3. Go to **Actors** → **ESA** → **VFS** and edit the VFS that should be accessible only to members of **ESA-Group**.
4. In the **Assign to Group** section, associate the VFS with **ESA-Group**.
5. Repeat the same procedure for any additional VFSs that should be restricted to **ESA-Group** members.

This approach lets you use the **Crew** group to control the visibility of the Actors while using more specific groups, such as **ESA-Group**, to control access to individual Virtual File Systems.

### Manage ACLs

ACLs **control permissions within a Virtual File System and virtual path**. ACLs are evaluated on individual virtual paths and can restrict or allow operations such as listing, creating, deleting, downloading, renaming, or uploading.

{% hint style="warning" %}
**Important**\
ACL management **must be enabled when the VFS is created**. It cannot be enabled later on an existing VFS.
{% endhint %}

When ACL management is enabled, ACLs apply at the **folder level**. They do **not** control access to the VFS itself. All users who belong to a group associated with the VFS can access the VFS and see its root and folder structure, but they can only access the folders for which they have been explicitly granted permissions through ACLs.

For more information, see the [Configure ACLs](/data-mover-1.20/virtual-file-systems/configure-a-virtual-file-system/configure-acls.md) page.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.primeur.com/data-mover-1.20/virtual-file-systems/provide-virtual-file-systems-access-through-groups.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.