Set Permissions on Folders in the User Dashboard
- Your admin must give you the ability to set folder-level permissions. (If you are an admin, see Enabling Users to Set Folder-Level Permissions.)
- Folder-level permissions can be used to set more detailed permissions on folder shares.
- They do not give a user or group any permissions until the folder is shared with them.
- They can only be set on the folders in My Files (your private store) .
They are useful if you share a folder with a group and then want to add more restrictions for specific users.
- If you have the ability to set folder permissions, when you select a folder and click the Security tab in the right panel, a Manage Security button appears at the bottom.
Permission Dependencies
If a permission can only be enabled if a second permission is enabled also, when you check the first permission, the second is automatically enabled.
Likewise, when you disable the second permission, the first is also disabled.
For example, write permission can only be enabled if read permission is enabled also, so if you enable write permission, read permission is automatically enabled. But if you disable read permission, write permission is also disabled.
The following table shows which permissions require others to be enabled.
Permission | Other permissions that must be enabled |
---|---|
Read | none |
Write | Read |
Share | Read, Write, Delete |
Delete | none |
Manage | Read, Write, Share, Delete |
Setting folder-level permissions:
To show you how to set up folder-level permissions and how they work with share permissions, we will use the example of a Customers Folder that you have shared with the Marketing group and given all permissions:
The Customers folder has a Customer Accounts subfolder with financial information.
You only want to give the user Aliya in the Marketing group Read, Write, and Share access to the Customer Accounts subfolder. You use folder-level permissions to remove the Marketing group's access and to set up her access.
You can do this because when a user or group has both share and folder-level permissions to a folder, the more restrictive permissions apply.
To set up the folder-level permissions:
- In the User Portal, in My Files, open the Customer folder and check the Customer Accounts folder.
- In the right panel, click the Security tab.
Click the Manage Security button.
The Manage Folder Level Security dialog box opens.
Notice that Inherit Folder Level Security is checked by default. This indicates that users and groups that have permissions in the Customer Accounts folder's parent folder will have the same permissions in the Customer Accounts folder.
If you scroll down you can see the inherited permissions. In our example, there are none, but if there were inherited permissions you could uncheck Inherit Folder Level Security to have them not apply.You can override inherited permissions by re-adding the user or group for the subfolder and assigning new permissions.
- To remove the group's permissions for the folder, click the Groups tab, and then click the Add Group button.
The Add Group dialog box opens. - Select Marketing and click Add.
The Marketing group is added. All permissions are checked. - To remove the group's permissions to the Customer Accounts folder, uncheck all of the permissions.
Now that you have removed the Marketing group's permissions to the subfolder, you want to add back permissions for Aliya.
You can do this because when both a group and a user in the group have folder-level permissions to a folder, the user's permissions take precedence. - Click the User tab, and click Add User.
- Enter Aliya's email address or account name in the search box, and click Add.
Aliya is added to the Users list. By default she is given all access to the folder. - Since you only want to give Aliya read, write, and share permissions to the Customer Accounts folder, uncheck Delete and Manage.
- Click OK.
The Security tab in the right panel keeps a tally of the number of users and groups you have given folder-level permissions to and whether or not permissions are inherited:
It is possible to check the combined permissions a user has for a folder. Share permissions the user is given to the folder are considered in this calculation, because folder-permissions work together with share permissions (and the more restrictive applies). In addition, this enables you to work out a user's permissions if they are in one or more groups that have folder-level permission to the folder.
To check existing folder permissions:
- Select the folder and click the Security tab in the right-panel, then click the Manage Security button.
The Manage Folder Level Security dialog box opens with the Security tab selected. - Click the Check Access tab.
- Enter the email of the user whose access you want to check.
Here, we'll check the access of the user and folder in the example above. - Click Check user access.
The dialog box lists the user's permissions. The example below shows permissions for the user Aliya, who is in the Marketing group.- The Folder Permissions row shows that has read, write, and share folder-level permissions. Although her group, Marketing, has no folder-level permissions to the folder, she has been given read, write, and share permissions individually, and those permissions supersede her group permissions.
- In the share of the folder, Aliya was given read, write, share, and delete permissions, which is shown in the Share permissions row.
- Since the more restrictive of folder-level or share permissions apply, the Effective permissions row shows that ultimately, she does not have delete permission because she does not have it at the folder-level.
Now let's look at the effective permissions for Jared, another user in the Marketing group, Jared. - Unlike Aliya, Jared does not have individual folder-level permissions to the Customer Accounts folder, so the permissions in his group, Marketing, apply, and the Folder permissions row shows that he has no permissions for accessing the folder.
- On the share of the folder, his group is given read, write, share, and delete permissions, so the Share permissions row shows those permissions.
- The combined permissions, which appear in the Effective permissions row, show that Jared has no access to the folder, because when there are both folder-level and share permissions, the most restrictive apply.