Collaboration is a key driver of growth in today’s fast-moving business landscape. Your online file server must come equipped with multiple layers of scrutiny and security to ensure that employees can accomplish their work goals without compromising sensitive data or content.
Folder permissions, and subsequently file permissions, must be flexible enough to enhance collaboration with business associates, suppliers, vendors and customers outside the company network.
Users in Egnyte fall into three broad categories – Administrator, Power User and Standard User.
Administrators are the highest level in the hierarchy of user levels and have folder and file access throughout the entire Egnyte account. Nobody can prevent them from accessing specific folders. They can create power users, standard users and groups (for permission assignments). Administrators control license and subscription settings, create root-level folders, etc.
All employees within an organization are usually assigned this user level. They can access all the Apps like Mobile Apps, Web UI, Desktop App, etc. Power Users can assign permissions to standard users, create folders, and perform specific Admin tasks allowed by Administrators.
You can give your company’s vendors, business partners, and customers access to specific shared folders as Standard Users. Unlike plain sharing, which only offers preview and download access, standard users can edit the content of the folder they have received permission for. They do not have access to other Apps and cannot share any folders or links themselves.
Permission levels fall into four broad categories - Viewer, Editor, Full, and Owner.
Viewers have only read access to the contents of a folder. They can download files and make local copies.
In addition to Viewer privileges, Editors can edit files and upload new content. They can create Upload Links and sub-folders within the main folder they have access to.
In addition to Editor privileges, individuals with Full permission can rename and move files and folders. They can also delete files, specific versions of files, folders, and more.
Owners have complete authority over folder permission management. They decide how folders are shared across parties.
Let’s explore how to manage permissions at the folder level.
By default, folders inherit all of the permissions of their parent folder. However, you can follow the steps below to override this setting to protect sensitive content that only a restricted user base can access.
On your folder, click on the Share–Manage Folder Permissions menu. You will see a list of all users who have access to it already. Enter the group or user name to share with a colleague or a group of colleagues. Set the permission you would like for them and Add it. An invitation will go out to them to access the content.
Let’s say you want a vendor or customer to have file access to edit certain information. Proceed the same way as before and enter their email address. The system will identify them as non-account users and add them as Standard Users.
They will now receive a link through which they can access the folder’s contents and all sub-folders that have inherited the parent folder’s permissions.
Granular folder permissions provide the freedom to control content access at the most basic possible level while adhering to your existing file structure and permission hierarchy. However, this means that someone can have access to a parent folder and may be denied access at a sub-folder level. How do such conflicts get resolved without creating a security hassle?
File permissions are not assigned. All files in a folder have the same permissions as assigned at the folder level.
When dealing with such conflicts, user permissions always trump group permissions. Assume a folder has provided Full access for the entire Finance team. However, it has explicit Editor access for Jack, one of the Finance team members. When Jack accesses the folder, he will have Editor access.
If a user is part of multiple groups with access to a folder, they get assigned the highest-level permission from among all groups. For example, if Jack has Full access to a folder as part of the Finance group and Editor access as part of the Payroll group, he will have Full access to all folders shared with all his groups.
Permissions at a sub-folder level for a user or group will override permissions from the parent. So, if Jack has Full access to the Finance folder and Viewer access to the Payroll folder, which is a sub-folder of Finance, he will have Viewer permissions to Payroll.
Excluding a single user from a group is not possible. If a group has permission to a folder, all group users can access it. The only option here is to specifically assign lower access levels to individual users from the group.
These can be only set through the Permissions API. It denies the specified groups or users any access to the folder. However, if the user with NONE folder permissions belongs to a group with permission to the folder, the permission will be overridden.
For enterprises with an existing on-premises file share system, migrating permissions to the online server is a crucial step while moving to the cloud. The Migration toolkit directly integrates with Active Directory (AD), Single Sign On (SSO), and other similar authentication systems to automate permission settings.
First, users must extract the folder permissions from the source. Next, they should map them to Egnyte and finally, apply the permissions to the folder on the online server.
The Permissions Browser gives you access to a high-level view of your permissions hierarchy. It helps you monitor sensitive content with the following features:
Navigate to a folder of interest using the hierarchy tree. You will see a list of all users that have access to this folder and their permission levels. You can check whether the permission was handed to them explicitly or if they inherited it by being part of a group. Folders with sensitive content are highlighted so that you can pay special attention to their file access policies.
The feature effectively allows administrators to view the content hierarchy as seen by a specific user. You can type the name of a user or a group and get a detailed listing of the folders they can access and the permission levels.
Administrators and Power Users with reporting roles can access two Permissions Reports in the form of a spreadsheet. It shows all the folders and sub-folders with permissions at each level.
Accessible from Report Center -> Permission Reports -> Folder Permission Report. You can view more details about the process on the Egnyte Helpdesk page.
It allows you to run the report for a particular folder or folder and all of its sub-folders.
The report can also display folder permissions for each user in a group based on your request.
Accessible from Report Center -> Permission Reports -> User and Group Permissions Report. You can view more details about the process on the Egnyte Helpdesk page.
Type in all the users and groups you would like to include in the report.
Once you complete the list, click the Generate Report button.
A: No, administrators, by design, have owner access to all folders. You cannot modify their permissions at all. If such a need may arise, assign people as Power Users and assign them admin-specific rights in their role administration.
A: The default setting allows users with Full access to delete and move folders. However, Owners and Administrators can choose to grant permission to delete or move a folder. Enable the Fixed folder setting, where only an administrator or an owner can move or delete a folder to prevent accidents.
A: All power users, which includes all employees of an organization, have a private folder set up under the root or Shared folder. This folder has their user name assigned to it. It is only accessible to the employee and the group of Administrators. You cannot modify permissions on private folders.
A: There are two options here.
The Folder Permissions Report allows you to see a list of all the users, including those in groups, with access to a folder and its sub-folders. The report also includes their individual permissions. Administrators and Power Users with reporting authority can run the report.
Alternatively, a folder Owner can open the Manage Folder Permissions window and view the permissions for that folder alone. They cannot access the sub-folder permissions.
A: We provide both options to allow users maximum flexibility while setting up file permissions. However, we advise users to put highly sensitive content in a folder with inheritance turned off. Let’s better understand why:
Case 1: Users A and B are allowed Editor permissions to folder Finance. Let’s say, you create a folder Budget as a sub-folder under Finance. You explicitly remove User B from having access to this folder.
Case 2: Users A and B are allowed Editor permissions to folder Finance. Assume you create a folder Budget as a sub-folder under Finance. You create this folder by turning off inheritance and adding User A as the only user with permission to the folder.
Now, User C is added by an owner to the Finance folder with Editor permissions. As per Case 1, User C now has Editor permission in the Budget folder as well. However, as per Case 2, User C does not have permission to the Budget folder.