Set Permissions on Folders in the User Dashboard

  • Your admin must give you the ability to set folder-level permissions. (If you are an admin, see Enabling Users to Set Folder-Level Permissions.)
  • Folder-level permissions can be used to set more detailed permissions on folder shares. 
  • They do not give a user or group any permissions until the folder is shared with them. 
  • They can only be set on the folders in My Files (your private store) .
  • They are useful if you share a folder with a group and then want to add more restrictions for specific users. 

  • If you have the ability to set folder permissions, when you select a folder and click the Security tab in the right panel, a Manage Security button appears at the bottom.

    Example 1:

    An example of share permissions versus folder-level permissions:

    You share a folder of account records with a group that contains two account managers and an account holder. You give the group all permissions in the share.

    • You want the account managers to be able to make any changes to the folder, but you only want the account holder to be able to read and download its contents, so you add folder-level permissions and only give the account holder read and download permissions.
    • The managers can continue to perform all actions on the contents of the folder.

    Example 2:

    An example of share permissions combined with folder-level permissions that would not work:

    You share the same folder of account records from Example 1 with the same group that contains two account managers and an account holder. You give the group read and download permissions in the share.

    • You want the account managers to be able to make any changes to the folder, so, mistakenly, you add folder-level permissions give the account managers all permissions.
    • The managers can still only perform read and download actions on the contents of the folders.

      The most restrictive permissions from the share permissions and the folder-level permissions take precedence.

When a folder contains more folders inside it, the top folder is the parent and the subfolders are children.

When you are applying folder-level permissions, if you leave the Inherit Folder-Level Security option checked, a parent's permissions are applied to its subfolders.

In general, a subfolder can be in one of the following states:

  • The child, or subfolder has all of the same permissions as its parent folder
  • The child, or subfolder has all of the same permissions as its parent folder, plus additional permissions
  • The child, or subfolder has all of the same permissions as its parent, and no additional permissions
  • The child, or subfolder's permissions are not connected in any way to the parent folder and the subfolder retains a separate set of permissions

When setting folder-level permissions in FileCloud, you have the following options:

OptionDescription
(tick)  Inherit PermissionsPermissions set in this folder are initially exactly the same as the top level folder's permissions

(error)  Don't Inherit Permissions

Permissions set in this folder don't inherit from any top level folder's permissions and are specific to only this folder


Note: Permissions cannot be inherited from top-level Team Folders.

When you set folder-level permissions, you can select one or more of the following options:

ReadWriteDeleteShareManage
  • Allows downloading
  • Allows previewing
  • Allows uploading and modifying 
  • Allows creating files and folders 
  • Allows renaming 

Allows deleting

Allows sharing

Allows managing folder-level permissions


Permission Dependencies

If a permission can only be enabled if a second permission is enabled also, when you check the first permission, the second is automatically enabled.
Likewise, when you disable the second permission, the first is also disabled.

For example, write permission can only be enabled if read permission is enabled also, so if you enable write permission, read permission is automatically enabled. But if you disable read permission, write permission is also disabled.

The following table shows which permissions require others to be enabled.

PermissionOther permissions that must be enabled
Readnone
WriteRead
ShareRead, Write, Delete
Deletenone
ManageRead, Write, Share, Delete

Setting folder-level permissions:

To show you how to set up folder-level permissions and how they work with share permissions, we will use the example of a Customers Folder that you have shared with the Marketing group and given all permissions:

 


The Customers folder has a Customer Accounts subfolder with financial information.
 

You only want to give the user Aliya in the Marketing group Read, Write, and Share access to the Customer Accounts subfolder. You use folder-level permissions to remove the Marketing group's access and to set up her access.
You can do this because when a user or group has both share and folder-level permissions to a folder, the more restrictive permissions apply.

To set up the folder-level permissions:

  1. In the User Portal, in My Files, open the Customer folder and check the Customer Accounts folder.
  2. In the right panel, click the Security tab.
  3. Click the Manage Security button.


    The Manage Folder Level Security dialog box opens.
    Notice that Inherit Folder Level Security is checked by default. This indicates that users and groups that have permissions in the Customer Accounts folder's parent folder will have the same permissions in the Customer Accounts folder. 


    If you scroll down you can see the inherited permissions. In our example, there are none, but if there were inherited permissions you could uncheck Inherit Folder Level Security to have them not apply.

    You can override inherited permissions by re-adding the user or group for the subfolder and assigning new permissions. 

  4. To remove the group's permissions for the folder, click the Groups tab, and then click the Add Group button.

    The Add Group dialog box opens.
  5. Select Marketing and click Add.

    The Marketing group is added. All permissions are checked.
  6. To remove the group's permissions to the Customer Accounts folder, uncheck all of the permissions.


    Now that you have removed the Marketing group's permissions to the subfolder, you want to add back permissions for Aliya.
    You can do this because when both a group and a user in the group have folder-level permissions to a folder, the user's permissions take precedence.
  7. Click the User tab, and click Add User.
  8. Enter Aliya's email address or account name in the search box, and click Add

    Aliya is added to the Users list. By default she is given all access to the folder.
  9. Since you only want to give Aliya read, write, and share permissions to the Customer Accounts folder, uncheck Delete and Manage.
  10. Click OK.
    The Security tab in the right panel keeps a tally of the number of users and groups you have given folder-level permissions to and whether or not permissions are inherited:

Check Existing Folder-Level Permissions

It is possible to check the combined permissions a user has for a folder.  Share permissions the user is given to the folder are considered in this calculation, because folder-permissions work together with share permissions (and the more restrictive applies). In addition, this enables you to work out a user's permissions if they are in one or more groups that have folder-level permission to the folder.

To check existing folder permissions:

  1. Select the folder and click the Security tab in the right-panel, then click the Manage Security button.
    The Manage Folder Level Security dialog box opens with the Security tab selected.
  2. Click the Check Access tab.
  3. Enter the email of the user whose access you want to check.
    Here, we'll check the access of the user and folder in the example above.
  4. Click Check user access.


    The dialog box lists the user's permissions. The example below shows permissions for the user Aliya, who is in the Marketing group.
    • The Folder Permissions row shows that has read, write, and share folder-level permissions. Although her group, Marketing, has no folder-level permissions to the folder, she has been given read, write, and share permissions individually, and those permissions supersede her group permissions. 
    • In the share of the folder, Aliya was given read, write, share, and delete permissions, which is shown in the Share permissions row.
    • Since the more restrictive of folder-level or share permissions apply, the Effective permissions row shows that ultimately, she does not have delete permission because she does not have it at the folder-level.


      Now let's look at the effective permissions for Jared, another user in the Marketing group, Jared.
    • Unlike Aliya, Jared does not have individual folder-level permissions to the Customer Accounts folder, so the permissions in his group, Marketing, apply, and the Folder permissions row shows that he has no permissions for accessing the folder.
    • On the share of the folder, his group is given read, write, share, and delete permissions, so the Share permissions row shows those permissions.
    • The combined permissions, which appear in the Effective permissions row, show that Jared has no access to the folder, because when there are both folder-level and share permissions, the most restrictive apply.