The Content & Sharing tab in Enterprise Settings allows you to enable or disable various permission types that are available to managed user when collaborating and sharing files.
Shared Links
You can customize settings for everyone's shared links and defaults by navigating to Admin Console > Enterprise Settings > Content & Sharing tab. More information on customizing shared link settings.
Collaboration Restrictions
- Default collaboration role: Use this setting to modify across your entire organization the default access level to files people share. The standard default access level is Editor. To change this default to the more secure setting of Viewer, click the down arrow and select Viewer.
- Restrict invites: Enables you to set who can invite collaborators. If this option is enabled then only folder Owners and Co-owners and Admins (including Co-admins and Group Admins) are able to invite collaborators to a given folder.
- Enable invite links: Enabling this function permits people to use invite links to collaborate.
- Enable group invites: Enabling this option makes it possible for users to invite groups to collaborate in folders.
- Restrict Ownership Transfer: Check this box to prevent people from transferring ownership of a file or folder to external collaborators. Also prevents people from moving a file or folder owned by your enterprise to a folder owned by an external account. Admins and co-admins of the account, however, retain the ability to transfer content ownership.
- External collaboration:
- Enable external collaboration: This enables people within your organization to collaborate with other Box users outside your company.
- Limit collaboration to allowlisted domains: Box Governance enables you to restrict collaboration to an approved set of domains, or a allowlist. Access this feature via either the normal Box UI or the Box API. To enable allowlisted domains:
- Under Enterprise Settings > Content & Sharing > Collaborating on Content > External Collaboration, click Limit collaboration to allowlisted domains.
- Click Manage Allowlist. The Collaboration Allowlist window opens.
- Enter each domain specifically. Your people can collaborate only with people from one of the domains you specify.
- If you invite someone to collaborate who is not from one of the specified domains, the system displays this message: “Invitations could not be sent to the following people because collaboration is restricted to your enterprise's collaboration allowlist: ”
Important
If a folder is accessible to a set of collaborators outside your enterprise, clicking Limit collaboration to users within Enterprise for does not block that folder to those external collaborators, though the folder is blocked to new external collaborators.
When you create your allowlist, you can also can exert finer control and limit collaboration to one direction, inbound or outbound, as defined from the perspective of someone inside your enterprise.
- Inbound collaboration – Your people are INVITING SOMEONE FROM OUTSIDE IN TO your enterprise to collaborate on content that resides inside your organization.
- To allow only inbound collaboration, prepend each domain with a plus sign (+)
- Outbound collaboration – People from outside your enterprise are INVITING SOMEONE FROM INSIDE your enterprise OUT to collaborate on content that resides outside your organization.
- To allow only outbound collaboration, prepend each domain with a minus sign (-)
- To enable collaboration with any domain, use an asterisk (*)
- Typically you'll use an asterisk to enable unidirectional collaboration -- for example to allow only your users to be invited to other content and not allow any external users to be invited to your content.
Here are some examples:
Domains Allowlisted |
Expected Behavior |
abc.com |
Box users within your company can invite people only from Company ABC and can only be invited to folders from Company ABC. Note The allowlist is literal, and only works on single domains. In this example, "x.abc.com" is not allowlisted. You would need to add it separately. Do not use spaces. |
+abc.com |
Your company's users can invite only people from Company ABC to their folders. Do not use spaces. |
-abc.com |
Only people in Company ABC can invite Box users from your company to join their folders as well. No one else can invite your company's users to their folders. Do not use spaces. |
+* |
Your company’s users can invite anyone from any domain to collaborate on content within your enterprise, but no one outside of your company can invite your company’s users to collaborate externally. Do not use spaces. |
-* +abc.com |
Anyone from any domain can invite your people to collaborate on content externally, but your people can invite only users from company abc.com to collaborate on content that resides within your enterprise. Do not use spaces. |
Other points:
- Users not subject to allowlist: You can allow certain users special privileges to collaborate with domains outside of the allowlisted domains. To grant this privilege, below Users not subject to allowlist, enter the names or email addresses of your selected users in the box.
- External Collaborator Invitations: Enables you to restrict external collaborators from inviting other external collaborators into content owned by your enterprise and to prevent them from increasing other external collaborators' permission levels.
- must be
Content Creation
- Restrict content creation: Prevents all non-admin managed users from creating, deleting, and moving folders in their "All Files and Folders" section. Check this box if you would like to create the folder structure for the entire account and then invite users into this structure. Note: If Restrict content creation is enabled, admins can transfer ownership of folders to managed users, but managed users cannot transfer ownership to others.
- Restrict tag creation: Enables you to control who can create tags for files in your account. Check this box to limit tag creation either to Folder owners/co-owners and admins/co-admins, or to Admins and co-admins only.
- Email Uploads: Enables you to allow people to upload file attachments to a specific Box folder via email.
Folder Level Metadata and Cascade
In this section, you enable your account holders to cascade metadata templates in folders and resolve conflicting metadata templates.
You can:
- Disable for all managed users
- Enable for all managed users
- Enable for selected users based on a allowlist
- Enable for selected users based on a denylist
Auto Expiration Settings
You can set shared links across your enterprise to expire a certain number of days after they have been created. After that period the link stops working. Setting default expiration periods helps keep data secure. For example, if a link to sensitive information is expired, you don't have to track it or worry about it if months later it is inadvertently shared with someone not entitled to access it. The setting is not retroactive; it applies only to links created after you establish or modify the expiration period.
You can set an expiration period on links to files, to folders, or to both.
You can also set one time period (or no time period at all) for all shared links, and a shorter time period that applies only to public links. In this way you can:
- avoid a broad auto-expiration policy that forces people in your company to re-set links shared internally (or to specific external collaborators), which can impede collaboration, while preserving the ability to expire links that could be shared with anyone outside the four walls of your enterprise.
- reduce the risk that results from relying on individual vigilance for manually adding auto-expiration policies for certain types of links at creation.
In addition, you can quickly review risk exposure by generating a report that lists all public shared links and their auto-expiration date (if any). (Do this by navigating to Admin Console > Reports > Shared Links.)
Finally, you can configure whether and when the system should notify people when links they've shared, or that have been shared with them, are about to expire.
To set default expiration dates for shared links for your enterprise:
- Open the Admin Console.
- Navigate to Enterprise Settings > Content & Sharing tab.
- When the Content & Sharing page displays, scroll down to the Auto-Expiration section.
- To expire all shared links, check Disable all shared links after a specified time of link creation.
- Type in the number of days for which you want shared links to be valid.
- To expire only public shared links, check Disable public shared links after a specified time of link creation.
- Type in the number of days for which you want shared links to be valid.
Links with expiration periods display throughout the Box UI with a small red clock icon (). Hover over the clock icon for details about the expiration policy.
You cannot set an expiration period for all shared links that is shorter than the expiration period for public shared links. (The system won't let you proceed.) You can set an expiration period for all shared links that is longer than that for public shared links. However, the period for public shared links still applies. In other words, if you set all links to expire in 60 days, and public links to expire in 30 days, public links will still expire after 30 days.
The expiration periods you set are not retroactive; all pre-existing links still behave according to their pre-existing expiry settings, including if no expiry has been set at all. For example, prior links with no expiration date do not expire even after you set a 30-day expiration policy. Likewise, links set to expire one week after you set a period of 30 days still expire in one week. Or, if you change your an expiration period from 60 days to 30, new links created from that time forward expire in 30 days, while pre-existing links continue to expire 60 days after they were created.
- Select whether to apply your expiration policy to links to file, folders, or both. To do this, click the Apply these settings to down arrow and select the item you want.
- This setting is unavailable if you do not set at least one link expiration policy
- To notify content owners by email that links to the files they own are about to expire, check Notify item owners a specified time before expiration.
- In the box below, type the number of days in advance you want content owners to be notified of impending expired links.
- Box sends link expiration emails regardless of whether the expiration is dictated here via an enterprise-wide policy, or by each individual link creator. Also, if an individual modifies a link expiration period, Box automatically adjusts the notification period to keep it consistent with the link's revised date of expiration.
- These settings are unavailable if you do not set at least one link expiration policy.
- To enable people to set or modify expiration periods on links they create, check Allow item owners and editors to modify the expiration date.
- By checking this box, you enable people throughout your organization to easily and quickly set their own expiration periods whenever they create their own links.
- If you do not set any auto-expiration period, Box automatically enables this setting AND applies it to all existing links. That means item owners and editors have full freedom to create, modify, or end expiration periods on a per-link basis.
If you set an expiration period only on public shared links, AND you do not allow people to modify their links' expiration periods, Box displays a warning that this is not recommended. It means from this point forward no one in your organization can:
- set an expiration period for any new link they create
- modify the expiration period for any of their previously-existing links
You can save and implement this particular configuration, but we do not recommend it because it hampers the ability of your people to collaborate.
To maximize both security and collaboration, set an expiration period as a default, but allow people to disable, extend, or shorten their links' lives.
Invited collaborators expiration settings
You can set invited collaborators to be removed from shared folders or files automatically after a certain number of days.
You must enable this setting via your Admin Console, in Enterprise Settings, for people to be able to set collaboration auto-expiration. If you do not enable this setting, no creation or modification of collaboration expirations are allowed.
To set enable and set expiration dates for invited collaborators:
- Open the Admin Console.
- Navigate to Enterprise Settings > Content & Sharing tab.
- When the Content & Sharing page displays, scroll down to the Auto-Expiration section and find Invited collaborators expiration settings.
- Check Automatically remove invited collaborators.
- Type in the number of days for the expiration period.
- To allow folder owners to extend the expiration date beyond the default period you have specified, check Allow folder owners to extend the expiration date.
- To have email notifications sent to users warning them of expiration, check Notify affected users:
- Type in the number of days before the expiration to configure when they will be notified.
Note
Box sends email notifications to the owner and any co-owners of the corresponding folder. Box only notifies co-owners who are directly collaborating on items with a pending expiration. Box does not notify co-owners who are collaborating via inherited permissions.
- Type in the number of days before the expiration to configure when they will be notified.
- Click Apply these settings to: and, from the dropdown menu that displays, click an option to specify whether the setting applies only to All Collaborators or only to External Collaborators.
- Click Save.
After you enable this setting, by default all subsequent collaborations created follow the enterprise setting. The creator of individual collaborations then is able to extend the expiration date beyond the default value.
Enabling auto-expiration of collaborators for your enterprise is not retroactive. Adding a collaboration expiration date applies only to collaborators added after you enable this setting. This also means you can update collaborator expiration time only if the collaboration was created after this setting was enabled.
Trash
You can also customize your enterprise's trash settings to best fit your company's requirements.
When you're done, click Save.