Important
Since October 2020, security features (Classification, Shared Link Restriction policy, and Content Security) in Box Governance are no longer available to new Box Governance customers. These features remain available to existing customers who purchased Box Governance prior to October 2020. Please note, however, that if customers with access to these Box Governance legacy features purchase Box Shield or start a Box Shield Trial, any active Shared Link Restriction policies in Box Governance will be removed. Customers will have the ability to create an access policy with Shared Link Restriction in Box Shield that offers superior functionality to the legacy Shared Link Restriction policy feature in Box Governance.
If you're an admin, Box enables you to create, modify, and delete security classifications for content in your organization's Box deployment. With security classification, you can classify files based on their sensitivity and enforce access policies associated with that sensitivity level. Classification helps you identify sensitive information and encourage smarter behavior when people handle that content.
Creating a classification
After you create a classification, Box enables you to
- display this classification under Details in the right-hand sidebar and next to the file's name in Preview when users select or preview content, and
- display an advisory message describing the classification in further detail when people select or preview content.
To create a new classification:
- In the Admin Console's left sidebar, click Classification.
- In the top-right corner, click Create New.
- Under Name, type the name of your security classification. The classification name must be unique, and can have a maximum of 40 characters.
- Under Definition
- Select a background color for the classification label. The same color can be used for multiple classification labels.
- Type the message you want Box to display when people select or preview content bearing this classification.
- In the top-right corner, click Create.
Modifying a classification
Box also enables you to specify which user roles are permitted to modify classifications. This permission applies to all classifications you define.
Note
External users cannot modify classifications on files or folders.
To select which type of collaborator can modify classifications:
- In the Admin Console's left sidebar, click Classification.
- In the top-right corner, click Settings.
- Select the collaborator type permitted to modify classifications. You can select
- Owner, or
- Owner and Co-owner, or
- Owner, Co-owner, and Editor, or
- Owner, Co-owner, Editor, and Viewer Uploader.
- In the bottom-right corner, click Save.
To modify a classification:
- In the Admin Console's left sidebar, click Classification.
- Click the name of the classification you want to edit.
- Edit the classification's name, description, and color as you wish.
- In the top-right corner, click Save.
When you change a classification label's color, Box updates the color in all labels bearing that classification.
IMPORTANT
Do not edit classification templates via the Metadata API.
Deleting a classification
To delete a classification:
- In the Admin Console's left sidebar, click Classification.
- Click the name of the classification you want to delete.
- In the top-right corner, click Delete.
IMPORTANT
Deleting a classification is permanent. Box removes the classification from all files and folders to which it is applied. This operation can not be undone.
Searching for classified content
Although Box cannot run a report to display all classified content, you can use Box's search functionality to achieve the same result. An administrator or co-administrator with Files and Folders privilege of at least View users's content can search for content bearing a specific classification.
To search for all content bearing a given classification:
- In the top of your Box window, in the Search Files and Folders field click the Search Options icon.
- Select the Metadata tab
- Under Metadata Template, click Select a Template and select Classification.
- Under Classification, click Select Value and select the classification label.
- To launch the search, do one of the following:
- in the top of your Box window, in the Search Files and Folders field click the search icon (magnification glass), or
- on your keyboard press Enter .
FAQ
Who can administrate security classification?
To create and edit classifications, you must be the admin or have co-admin privilege to at least Create and Edit Metadata.
Is the message in Definition required?
Yes, both the Classification Name and the Classification Definition are required.
How can I prevent classified files from being accessed via a less restrictive folder-level shared link?
There are three ways to restrict classified files from being accessed via a folder-level shared link:
- Restrict Shared Links: By restricting shared links to 'Files Only', files in your enterprise follow the designated shared link settings (in compliance with any Security Classification applied at the individual file-level). Shared links for folders can still be enabled, but are accessible only by invited collaborators in the folder.
- Define Shared Link Restriction in Box Shield's Smart Access feature. Note that Shield license is required.
- Integrate with CASB Partner: Integrate with a CASB Partner to further prevent sensitive files from being shared via a folder-level shared link.