Detailed Explanation of UTBox Sharing Permissions

 

Sharing Permissions

UTBox offers different levels of access when sharing a folder with someone.

Detailed explanations of the permissions you can assign to a person when you invite them to a folder are below:

Co-owner

This permission will give a person full access to change all settings on the folder. They will basically have the same settings as you have in terms of being able to modify the folder settings. This includes the following:

  • The ability to grant new people access to the folder and its sub-folders.
  • Remove people's access to the folder and all sub-folders.
  • Enable/disable the ability for ANY person with access to the folder to invite ANY person without your knowledge.
  • Create direct web links to folders or files in the folder. They could also configure these web links such that they DO NOT require a password to access the linked folder/file.

Only give this permission to someone you trust and is fully aware of the data security requirements of the files contained in the folder. Typically this permission is given to individuals that are delegated the day-to-day management of a folder.

Editor

This permission is what is typically given to people you want to freely collaborate with. They will be able to create new folders, upload files, download files, edit files, and delete files in the folder and sub-folders.

Caution

By default this permission level will also be able to grant additional people (even people not affiliated with UT) access to your UTBox folder without needing to go through you. The additional people they add to the folder could they themselves add more people and so on. If you do not want Editors to be able to grant additional people access to your folder you should enable the Box folder setting: Invitation Restrictions | Only Owners and Co-owners can send collaborator invites. This will allow you to have better control over who has the ability to grant access to your folder by restricting that ability to only the Co-owner permission level. Click here for instructions on how to do this.

Update to Collaborator Invites

August 2016. The Information Security Office made changes to UTBox that restrict initiating collaborator invites to the respective UTBox folder owner or co-owner(s). This is to prevent an external collaborator you might invite from being able to invite other external collaborators without your knowledge.

Viewer Uploader

This permission allows a person to not only upload files to the folder but they can also view, edit, and directly download ALL files in the folder and sub-folders. The only thing they cannot do is delete files. They could still open up a file and edit its contents by deleting everything in it. This would effectively delete the file. The person can also create a web link to any item in the folder. However, they are limited to only creating a web link that is only accessible to the other people who have access to the folder.

Preview Uploader

This permission allows a person to upload files to the folder and sub-folders AND they can click on any file in the folder or sub-folders and preview its contents inside of their web browser. They cannot directly edit or download the file. Technically a person could save a picture of the file contents to their computer by taking a screenshot of their web browser while the file contents are being displayed in it.

Preview Only Works on Certain File Types

Box supports previewing many different file types such as Microsoft Office documents and Adobe PDFs however there are some file types it does not support. If a person with this permission level clicks on a file that is not supported by the Box previewing function then they will get an error message and not be able to view the file. Click here for a list of file types currently supported by the Box preview function.


Viewer

A Viewer has full read access to a folder and its sub-folders. Once invited to a folder, they will be able to preview, download, make comments, and generate shared links.  They will not be able to add tags, invite new collaborators, edit shared links, upload, edit or delete items in the folder.

Previewer

A Previewer has limited read access. They will only be able to preview the items in the folder or its sub-folders using the integrated content viewer in their web browser. They will not be able to share, upload, edit, or delete any content. See the note in the "Preview Uploader" permission description to read about the limitations of the in-browser preview function.

Uploader

This permission allows a person to ONLY upload items to the folder or its sub-folders. They cannot view, edit or delete files – not even files they upload to the folder. However, the person can still see all the file and folder names in the folder – they just can’t open them up. Care must be taken with a folder containing images. A person with this permission can still see the small auto-generated thumbnail images next to image files in the folder. If it is not permissible for the individual to view any of these images, then they should not be given access to any folders containing these image files.

 

Sharing Permission Matrix

Below is a matrix showing what Box functions each permission level can do. The matrix assumes the default security settings are configured on folders.

If the Box folder setting Invitation Restrictions | Only Owners and Co-owners can send collaborator invites is enabled on a folder then Editors will not be able to Invite People to a folder. This setting is disabled by default which is what the matrix above reflects. This setting is useful if you want to maintain tight control over who has access to the data in your Box folder. See the description of the Editor permission above for more information on the implications of leaving this setting at the default of disabled.

 

Example Cases

Example RequirementHow to Implement It

You want to share files with a group of people. It is fine if everyone in the group can read/edit/delete/create files and folders in the shared file space.

Open the folder you want to share with this group of people. You may need to create a new folder specifically for this purpose if you don't want these people to access any of your existing files and folders. Follow the instructions to share a UTBox folder with everyone you need. Grant everyone the Editor permission.

Caution

By default Editors will be able to grant additional people access to the folder without having to go through you. If this is not acceptable then you should open the Box folder settings and enable the following: Invitation Restrictions | Only Owners and Co-owners can send collaborator invites. With this folder setting enabled only Owners and Co-owners will be able to invite additional people to the folder and not Editors. Click here for instructions on how to do this .

You only want a person to be able to securely upload files to you and they don’t need to do anything else.

Option 1: Invite a person to a UTBox folder and give them the permission Uploader. If the person is not a UT Austin employee or student, then they will need to create a free account on Box.com. See the description of the “Uploader” permission to fully understand what the person will have access to.

Option 2: Direct a person to a publicly accessible web page that has a UTBox Upload Widget configured on it. This allows a person to use a web form to upload files directly to a UTBox folder of your choosing. It works like a postal mailbox in that after a person uploads a file using the web form they cannot see where the file goes, view it again, or access any other files in the UTBox folder the file is uploaded to. The advantage to this method is that people don’t need to create a free Box.com account to securely send you files.

You want a person to be able to upload files to a UTBox folder and ONLY be able to edit files they upload. They shouldn’t have access to any other files or folders in UTBox.

To ensure this level of restricted access you should create a new dedicated UTBox folder just for exchanging files with this person. After creating the new dedicated UTBox folder you would invite the person to it with the appropriate permissions.

You want to give a person access to view/edit files in an existing folder in UTBox but you DO NOT want to let them have access to the contents of any sub-folders within that folder.

This is not possible with UTBox. When you invite someone to a folder they will have the permissions you granted to them on that folder and all of its contents including sub-folders. One possible workaround is to take all of the files you wanted to share with this person and move or copy them to a sub-folder. Then you can invite the person to that specific sub-folder without giving them access to any of the other sub-folders and files.

You want to give a person access to a specific file containing Confidential information in UTBox without giving them access to anything else in the folder where the file is located.

Currently the only way to do this is to create a password protected web link to the specific file you want to share.

Set a Strong Password on Links. Communicate the Password Seperately From the Link.

If you are sharing Confidential data using a password protected link you must set a strong password that is not easily guessed. Failure to do so puts the data at risk as well as violate UT policies.

When you communicate the web link password to people DO NOT do so using the same medium that you used to communicate the web link. For example, if you email the web link to someone do not also email them the password. This would be analogous to locking confidential data in a safe and putting a sticky note outside the safe with the combination written on it. You should communicate the password using a different medium such as a phone call.

 

More Information