Create an Admin Hold Policy

An Admin hold only blocks user access, it does not block other policies from expiring. However, if an Admin Hold is in place, any other policies will expire gracefully without completing any move or delete expiry options. 

  • For Admin Holds, a policy expiration date cannot be set
  • The policy can only be removed by an administrator
  • Since the policy does not expire on a specific date, there are no automatic actions on expiration

The following table identifies what actions are blocked for an Admin Hold type of retention policy.

 Policy Type

Reads 

Blocked

Moves

Blocked

Copies

Blocked

Updates

Blocked

Deletes

Blocked

Policy 

Length

Expiration Actions
Admin HoldNO YESNOYES YES
  • Indefinite
  • No Action

Copies cannot be created if there is a retention hold on the destination folder that prevents updates. 

For example:

  1. An administrator looks at the Governance dashboard and sees that a Retention with Deletion policy is about to expire on files that have been kept for 3 years.
  2. The Retention with Deletion policy will delete 200 files when it expires in 2 days.
  3. However, the administrator notices that some of these files have been recently updated.
  4. The Administrator puts an Admin Hold policy in place on the files in the Retention with Deletion policy that is about to expire.
  5. The Administrator can now investigate the files without worrying about users updating them at the same time.
  6. However, it takes the Administrator 3 days to identify which files should not be deleted and which can be deleted.
  7. During this time, the Retention with Deletion policy expires, but because of the Admin Hold, no files are removed.
  8. The Administrator removes the Admin Hold from the files.
  9. The Administrator removes the files that don't need to be saved from FileCloud. 
  10. A new Retention with No Deletion policy is created for the remaining files that need to be saved.


Creating the Policy


To create an Admin Hold Policy:

  1.  Log in to the Admin Portal.
  2. From the left navigation pane, select Retention.
  3. On the Manage Retention Policies screen, click the Add Policy button.



PropertyDescription
Policy NameA string of characters, letters, and numbers that provide a title for the policy
 Policy Type Select Admin Hold
Description
  • Required
  • A string of characters, letters, and numbers that provide details about why the policy is necessary
  • This description is displayed in the User Portal when the cursor hovers over the Policy Name in the Details tab
Hide Policy from Users
  • Prevents policy details from being shown and leaked. 
  • Selecting this option removes the display of applied policies and their expiration dates from the Details tab in the User Portal.
  • Selecting this option also blocks the API call to the backend to find out which policies are applied. This is how data leaks are prevented.
  • Although the policy name and expiration date are not shown, the restrictions are still enforced. For example, if the policy you are hiding from users prevents them from deleting the file, although the policy information is not shown, the user will not be able to delete the file.

(warning) Administrators need to be aware that users might report issues with the system when a retention policy is blocking their ability to access or delete a file or folder. The user will not be aware of why certain options are greyed out if they don't see the policy restrictions listed. However, if the user is able to select the option and it is restricted by a policy, they will see an error message telling them why when they try to select the option.

Alert on Violation

Displays an alert in the Admin portal on the Governance dashboard. 

(warning) Administrators need to be aware that not all violations are logged here. The reason for this is that all permissions for a file are collected in one file- including user permissions and sharing permissions. In some cases, a sharing permission that was set first might stop a file from being deleted before a retention policy that was added later. The reason why the file cannot be deleted, or which set of permissions or policy is stopping the deletion, is not FileCloud's main priority. FileCloud's main concern is protecting the file and finding out if it cannot be deleted. This is why you might not always see a violation in the Dashboard, but the file will always be protected. If a user is constantly trying to delete a file that is protected by a retention policy then the chances of seeing the violation in the Governance Dashboard increase.

Send email alert

Notifies all provided recipients that there are only 7 days until the policy expires.

(info)  The same information is available on the Governance dashboard. The Governance Dashboard list each file individually, and displays the date and time when a policy will expire so the Admin knows and can take action if any is needed.

 AlertsA list of email addresses separated by a comma who will receive the email notification that there are only 7 days until the policy expires.

The Path and the Metadata tabs allow you to define the conditions that specify how the policy will be applied in the system.

Add a Path

Add Path allows you to define a folder that a policy will apply to AS WELL AS all the files and sub-folders it contains

What you CAN do in the Path fieldWhat you CANNOT do in the Path field
  • Paths work for managed storage  ONLY
  • Since managed storage includes Team Folders, you CAN add a path to a Team Folder
  • A Path takes the form of: /username/sub-folder
  • You can add more than 1 path
  • You can set BOTH a path and specify metadata
  • You CANNOT add a path to network folders
  • You CANNOT add a path to external folders
  • You CANNOT add a path to shared folders
  • You CANNOT add a path to protected folders, such as /boot, /root, and /var in LINUX
  • You CANNOT edit a path. If you make a mistake, you must first remove the path and click Add to specify the correct path
  • The full path must exist before the policy will be enforced

When creating the policy the full path doesn't have to exist, however.

At a minimum: 

  • The first component of the path has to already exist /username/
  • This means that the username or team folder has to already exist before you can save the policy
  • You CANNOT specify a path that does not exist

This will prevent you from saving the policy


Configure Metadata

Data that provides additional information about files and folders is called Metadata.

  • To specify files and folders that this policy should apply to, you can use metadata sets, attributes, and tags.
  • You can use metadata to apply a policy to all files that meet the metadata conditions even if they are not in the same folder.

You can select metadata from the following existing attributes or sets:

  • Default sets = provided with FileCloud and applies to every folder and cannot be modified 
  • Built-In sets = provided with FileCloud and includes the Document Life Cycle and Image metadata sets
  • Custom attributes and sets = created by administrators in the Admin Portal 

For more information about metadata, see Managing Metadata.


An administrative hold is designed to help an administrator block access to files and folders so that they can determine what should happen next.

  • For Admin Holds, a policy expiration date cannot be set
  • The policy can only be removed by an administrator
  • Since the policy does not expire on a specific date, there are no automatic actions on expiration