We spent time thinking through a number of approaches:
- each user could have private and public files (like the "shared folder" concept)
- Pros - easy to mix private and public
- Cons - Requires the user to organize their work in a specific way
- different computers could encrypt files differently so that even the administrator could not access a user's files
- Pros - One user can be completely private from the administrator
- Cons - A user can be completely private from the administrator, accessing files remotely becomes difficult
- there could be an "administrator" class and a "limited" class of users with administrator class being able to do everything and limited users only being able to see their files
- Pros - This is familiar model. In a high-trust environment everyone can have administrator rights. In a privacy-conscious environment there can be one administrator and a series of limited users. For total privacy, each user should have their own account.
- Cons - There's no way, other than separate accounts, for a limited user to protect their data from the administrator.
- It is simple to understand
- It covers several key situations well:
- a small business owner and a number of staff
- a family where someone takes care of the computer(s) and other family members are users
- a small business with an IT person