Content & Sharing settings allow you to enable or disable various permission types that are available to managed user when collaborating and sharing files. This topic contains the following sections:
- Shared Links
- Custom Shared Links
- Collaborating on Content
- Canvas
- Watermarking
- Content Creation
- Hubs
- File Request
- Relay
- Cascading Folder Level Metadata
- Auto-Expiration
- Trash
Shared Links
The Shared Links section is where you configure shared link settings and permissions for content owned by managed users.
- Allow shared links for
-
Defines the content type you allow to be shared. Select from:
- Folders and files (default) - All content in your account use the shared link settings that follow this option.
- Folders only - Folders in your account use the shared link settings that follow. Shared links for files can be created, but the only sharing option for shared links on files is Invited people only, which means files using the shared link are accessible only by invited collaborators in the folder.
- Files only - Files in your account use the shared link settings that follow. Shared links for folders can be created, but the only sharing option for shared links on folders is Invited people only, which means folders using the shared link are accessible only by invited collaborators in the folder.
- Nothing, restrict sharing - Disables shared links for everyone except invited collaborators to the file or folder.
- Definition of company
-
When selecting settings that define "people in your company," defines what "in your company" means. Select from:
- Users with email domain (default) - "In your company" is defined as any user with an email address within your company's domain. (This option shows the domain.)
- Enterprise ID - "In your company" is defined as only managed users in your account.
Admins for enterprises with multiple companies sharing one email domain will have created at least one custom subdomain. But other large enterprises instead may have multiple companies that each with a separate EID. To make links shared with “people in your company” available only on a per-company basis, and not across your entire organization, select Enterprise ID.
Important
If you change your company definition value from Users with Email Domain to Enterprise ID, links previously shared with “people in the company” become inaccessible to people from companies with different EIDs. Similarly, people from one company who used to share with people from other companies no longer can do so.
- People who can access shared links
-
Defines what access options are available for the content types selected above. By default, all options are enabled, meaning that anyone with appropriate permissions can choose, per item, what access permission to grant their content. Select from:
- People with the link, people in your company, and people in this folder (default) - Anyone with the link can access. But people can still set a password or expiration date for these links. There is no login required.
- People in your company and people in this folder only - This is available only if an email domain is added to your account. If you create a link with this setting, everyone in your Box account can see the link, and people within the added email domain who are part of an external Business (or higher) level account can also see the link.
- People in this folder or file only - Only people collaborated into the folder can access its content from a shared link. (An exception is if a parent folder allows different shared link permissions, in which case the parent folder shared link permissions are inherited.
Changing this setting alters what types of new shared links can be created for content owned by your enterprise. Existing shared links are also affected by this setting, meaning that previously created shared links with broader access are lowered to the restrictive setting. For example, if you change this setting from people with the link to something more restrictive, your managed users can no longer create open shared links. Further, any pre-existing open shared links would be changed to people in your company.
If you change this setting from a less restrictive setting to a more restrictive setting and then back again, shared links created before the setting changes retain their type.
- Default access for shared links
-
Defines the default access level of newly-created shared links. If you have limited the access options in an earlier setting, your options here are limited accordingly.
- People with the link (default) - The content is open to people with the link. File viewers do not have to log in.
- People in your company - Anyone with the link who's also in your company, or people invited to this file, can access its content.
- People in this folder - Only people collaborating in this folder can access its content.
- Shared Link Permission
-
Defines the allowed and default permissions for file, folder, and Box Notes shared links. For files, folders, and Box Notes, you define both the maximum permission allowed and the default permission when users share links, and you select from the following values for each:
- Can view, download, and edit
- Can view and download
- Can view and edit
- Can view only
For each part of these options:
- View means that link viewers can only preview the item. Download and edit is disabled. Managed users cannot toggle this setting at the folder and file level.
- Download means that link viewers can download the files, folders, and Box Notes. With this option enabled, managed users can toggle the download setting at the folder and file level.
- Edit means that link viewers can edit the linked file, files in the linked folder, or the Box Note. More specifically, editable file sharing links are shared links that grant editing permissions to files stored in Box for people with those links. Your managed users will be able to select the edit option in the sharing modal for a file within Box if you include edit in the maximum permission allowed.
Custom Shared Links
Custom URLs enable people to customize the URLs for created shared links. This applies to content you want to be readily accessible to large groups of people (externally or internally) using a customized URL that is easy to remember. If you make this link available as people with the link, the linked folder or file is publicly accessible. Custom URLs are appropriate for public-facing materials such as product documentation or marketing materials and are not intended for the secure sharing of sensitive content.
- Allow custom shared link URLs for links with public access
-
Select the check box to enable the custom URL feature for open public sharing. Example of a custom link: https://.box.com/v/custom-public-link
Clear the check box to block the creation of custom URLs in your enterprise. If you disable this option, you break any existing custom URLs with people with the link security. However, if you later re-enable public custom URLs, those same pre-existing links again become valid. This setting does not apply to custom URLs with company and collaborators-only security levels.
The default state is cleared.
- Show your custom domain in shared link URLs
-
Select the check box to enable your custom domain display in shared link URLs.
The default state is selected.
Collaborating on Content
This section is where you select the roles/permissions you want to allow folder owners to choose from when collaborating on items and define other collaboration settings
- Available Roles
-
Determines which roles can be chosen for collaborators. Roles selected here will be available to choose from when setting access privileges for collaborators. Each role provides different access privileges.
The default states are selected for all roles.
- Default collaboration roles
-
Determines the default access level across your entire organization for files people share. Select from:
- Editor (default)
- Viewer (more secure)
Note
Users are allowed to change this setting when they invite collaborators.
- Restrict invites
-
Determines who can invite collaborators. Select this option so only folder Owners and Co-owners and Admins (including Co-admins and Group Admins) can invite collaborators to a given folder.
The default state is cleared.
- Enable invite links
-
Determines whether people can use invite links to collaborate. Invite links grant collaborator access to a folder to people who click the link. If these links are disabled, users will still be able to invite collaborators through email invites sent securely by Box.
Unless accepted, pending collaboration invitations expire after 30 days.
The default state is selected.
- Enable group invites
-
Determines whether users can invite groups to collaborate in folders. Enabling group invites allows collaborators with editor, co-owner, or owner permissions to invite group collaborators and modify their permissions on those items.
The default state is selected.
- Restrict Ownership Transfer
-
Determines whether non-admins can transfer ownership of a file or folder to external collaborators and move a file or folder owned by your enterprise to a folder owned by an external account. Select this option to prevent ownership transfer of a file or folder to external collaborators.
Admin and co-admins of your account will still be able to transfer ownership to external collaborators.
The default state is cleared.
- External collaboration
- Determines whether your users can collaborate with any external collaborators (default) or only external collaborators in allowlisted domains. See Limit collaboration to allowlisted domains for details.
Canvas
Box Canvas is a visual collaboration and whiteboarding tool that enables teams to collaborate visually using sticky notes, shapes, text input, image uploads, and more.
- Configure Canvas
- Defines who can use Box Canvas. Click Edit Configuration and then select:
- Disable for all managed users
- Enable for all managed users (default)
- Enable for select users and groups, and then enter one or more user names, email addresses, or groups
- Enable for everyone except select users and groups, and then enter one or more user names, email addresses, or groups
Watermarking
Watermarking places a semi-transparent overlay of the current viewer's name and time of access across a document's contents to deter unauthorized sharing. When your Box users choose to add a watermark to shared files, you can determine whether the watermarks on all files will be rasterized, or whether watermarks will be vector-based or rasterized, depending on the file type.
- Watermarking
-
Determines how watermarking will be applied to different file types. Select:
-
Vector-based and rasterized watermarking (recommended) - Provides infinite resolution, inclusion in search, clickable links, and a very small sized file overhead, but can and will be used on document-based files only. Rasterized watermarking will be used on all image files.
The "document-based files" on which vector-based watermarks can be applied are also known as files that have PDF support. Those file types are listed in the Supported File Types topic with a Yes in the PDF Support? column.
Note
Watermark types will be applied automatically based on file type when users add watermarks to files or folders.
- Rasterized watermarking only (default) - Provides increased security, but no resolution scaling, no searchability, no clickable links, a moderate file size overhead, and reduced usability. This watermark type can't be removed without damaging the underlying content.
-
Watermarking Differences
The different types of watermarking have differences that may affect your decision about which one to use.
Vector-based | Raster | |
---|---|---|
Resolution |
Infinite; the watermark scales when viewers zoom in or out |
Limited to 2048 x 2048 pixels; the watermark does not scale when zooming |
Text copying | Yes | No |
Text searching | Yes | No |
Links | Clickable | Not clickable |
Modifies underlying content | No | Yes |
Watermarked document size | Smaller | Larger |
Document security | Medium | High |
Watermarking Use Cases
Use the Vector-based and rasterized watermarking option:
- When dealing with large files that need to maintain readability, documents such as blueprints, diagrams, or files containing a lot of small print.
- When dealing with text-based files where text needs to be copied and searched for or when hyperlinks need to be clickable.
- When you have storage or bandwidth concerns with the size of watermarked files being shared.
Use the Rasterized watermarking only option:
- When you want to lock down the watermarked file by not allowing any text to be copied.
- When the content in question is of the highest sensitivity level. Note that while watermarking is a security deterrent, a very motivated and technically adept hacker can remove a vector watermark. Doing this will impact the original formatting of the underlying document. This is slightly different from a Rasterized watermark where you cannot remove the watermark without destroying the underlying content as well.
Content Creation
This section allows you to restrict certain types of content creation. Higher restrictions will provide admins greater control over the content and structure. However, users will be more restricted in creating content, which may impact the amount of collaboration.
- Restrict content creation
-
Determines who can create and delete folders, files, and bookmarks at the root level of your Box instance. Select this option to prevent all non-admin managed users from creating, deleting, and moving folders in their "All Files" section.
Enable this setting to create the folder structure for the entire account and then invite users into this structure.
Note
If Restrict content creation is enabled, admins can transfer ownership of folders to managed users, but managed users cannot transfer ownership to others.
The default state is cleared.
- Restrict tag creation
-
Cleared by default. Determines who can create tags for files in your account. Tags can be used by users to easily label and search for content. Select this option to limit tag creation, and then select who can create tags from:
- Folder owners/co-owners and admins/co-admins (default)
- Admins/co-admins
- Email Uploads
-
Determines whether you to allow people to upload file attachments to a specific Box folder via email.
The default state is cleared.
Hubs
Box Hubs is curation and publication tool that enables teams to create portals from their content in Box. This setting defines who in your organization can view, create, and share Hubs.
- Configure Hubs
- Defines who can use Box Hubs. Click Configure and then select:
- Disable for all Hubs users (default)
- Enable for all Hubs users (recommended)
- Enable for select users and groups, and then enter one or more user names, email addresses, or groups
- Enable for everyone except select users and groups, and then enter one or more user names, email addresses, or groups
File Request
File Request enables users to request files and metadata from anyone via a link
- File request users
-
Defines who can request files. Click Configure Users and then select:
- Disable for all managed users
- Enable for all managed users (recommended) (default)
- Enable for select users and groups, and then enter one or more user names, email addresses, or groups
- Enable for everyone except select users and groups, and then enter one or more user names, email addresses, or groups
Note
- You can enter up to 100 names/email addresses and up to 100 groups. If you want to enable or disable more, you'll have to enable or disable File Request for the entire organization.
- You can only select groups that have Permission Setting set to Admins Only. For details, see Creating and managing groups.
- File request permissions
-
Defines what folder owner roles are allowed to make file requests. Click Configure Permissions and then select:
- Owners/co-owners
- Owners/co-owners and editors (recommended) (default)
- File Request Link Access
-
Defines whether file uploaders are required to sign in with a Box account. When selected, this setting:
- Applies enterprise-wide; individual Box accountholders cannot change it
- Applies retroactively to all currently active file requests in addition to all future file requests
- Disables the option to add an email field to the file request, as that option becomes redundant when you require a Box login before uploading
- Provides an option for people without a Box account to create one before they can submit
The default state is cleared.
Relay
Relay allows users to build workflows to automate tasks and content actions within Box. If enabled, your users will be able to build automated workflows on folders they own or co-own.
- Relay users
-
Defines who can use Relay. Click Edit Configuration and then select:
- Disable for all managed users
- Enable for all managed users (recommended) (default)
- Enable for select users and groups, and then enter one or more user names, email addresses, or groups
- Enable for everyone except select users and groups, and then enter one or more user names, email addresses, or groups
Note
- You can enter up to 100 names/email addresses and up to 100 groups. If you want to enable or disable more, you'll have to enable or disable Relay for the entire organization.
- You can only select groups that have Permission Setting set to Admins Only. For details, see Creating and managing groups.
- Relay permissions
-
Defines who can define and launch workflows from folders the own, co-own, or can edit. Click Edit Configuration and then select:
- Owners/co-owners
- Owners/co-owners and editors (recommended) (default)
Note
If you change the setting to the more restrictive configuration (Owners/co-owners), existing active workflows created by an editor continue to run as expected and continue to display in the Workflows page. If you want to deactivate them, you can do so in your Relay Admin Console view.
- Template publication permissions
-
Defines who can publish workflow templates. Click Edit Configuration and then select:
- Only Relay Admins and Co-admins can publish workflow templates
- Enabled Relay users can publish workflow templates (recommended) (default)
- Enable for select users and groups, and then enter one or more user names, email addresses, or groups
- Enable for everyone except select users and groups, and then enter one or more user names, email addresses, or groups
Note
- You can enter up to 100 names/email addresses and up to 100 groups. If you want to enable or disable more, you'll have to enable or disable template publication for the entire organization.
- You can only select groups that have Permission Setting set to Admins Only. For details, see Creating and managing groups.
Cascading Folder Level Metadata
Cascading Folder Level Metadata enables users to cascade a metadata template and its attribute values to new or existing folder contents. To be granted Cascade permissions via this setting, users must have permission to edit the folder-level metadata.
- Cascading folder level metadata permissions
-
Defines who can can create cascade policies. Click Configure and then select:
- Disable for all managed users (default)
- Enable for all managed users
- Enable for select users, and then enter one or more user names or email addresses
- Enable for everyone except select users, and then enter one or more user names or email addresses
Note
If you enable for select users or all users except selected, you can enter up to 100 managed users' user names or email addresses.
Auto-Expiration
This is where you define default expiration for shared links and invited collaborators.
Shared links expiration settings
- Disable all shared links after a specified time of link creation
-
Determines whether all shared links are disabled after the defined number of days.
Note
If you set shared links to be disabled automatically, the content itself will not be deleted. It will just be unshared.
The default state is selected and the default time period is 60 days.
The limit for auto-expiration is 49710 days.
- Disable public shared links after a specified time of link creation
-
Default is selected with a value of 60 days. Determines whether only publicly shared links are disabled after the defined number of days.
Note
If you set shared links to be disabled automatically, the content itself will not be deleted. It will just be unshared.
The default state is selected and the default time period is 60 days.
The limit for auto-expiration is 49710 days.
- Apply these settings to
-
Determines what content that shared link expiration applies to. Select from:
- Folders and Files
- Folders only (default)
- Files only
Note
This setting is unavailable if you do not set at least one link expiration policy.
- Notify item owners a specified time before expiration
-
Determines if content owners with shared links are notified before the shared links expire.
The default state is cleared. The default time period when selected is 7 days.
- Allow item owners and editors to modify the expiration date
-
Determines whether owners of content can change expiration dates for any shared links they create.
The default state is selected.
Note
If you clear this setting, any existing shared links with expirations will not be modifiable. Box does not recommend this configuration
Invited collaborators expiration settings
- Automatically remove invited collaborators
-
Determines whether collaborators are removed after the defined number of days.
The default state is cleared. When selected, the default time period is 60 days.
- Allow folder owners to extend the expiration date
-
Available only if Automatically remove invited collaborators is selected. Determines if folder owners can extend a collaboration expiration date.
The default state is selected.
- Notify affected users n days before expiration
-
Available only if Automatically remove invited collaborators is selected. Determines if collaborators receive notifications via email before a collaboration expires.
The default state is selected and the default time period is 7 days
Note
Box sends email notifications to the owner and any co-owners of the corresponding folder. Box only notifies co-owners who are directly collaborating on items with a pending expiration. Box does not notify co-owners who are collaborating via inherited permissions.
- Apply these settings to
-
Available only if Automatically remove invited collaborators is selected. Defines the collaborators that these expiration settings apply to. Select from:
- External Collaborators (default)
- All Collaborators
Trash
Enabling trash will provide each of your users their own trash folder. This is recommended so users can retrieve items they may have accidentally deleted.
- Enable Trash
-
Determines whether Trash is used in your organization.
The default state is selected.
- People who can permanently delete content in Trash
-
Available only if Enable Trash is selected. Determines who can permanently delete content once it has been sent to Trash. Select from:
- Everybody (including Automation and Policies) (default) - Anyone in your organization can delete content from Trash that is not otherwise retained by policy.
- Nobody (No user or policy can delete content) - Retention policies with disposition action set to Permanently delete content will not permanently delete content that has reached the end of the retention period.
- Admin Only - Only your organization Admin can delete content from Trash, and only content not otherwise retained by policy.
- Admin and Co-admins Only - Only Admins and Co-admins can delete content from Trash, and only content not otherwise retained by policy.
- Policy Only (No user can delete content) - Only policies can delete content from Trash. Retention policies with disposition action set to Permanently delete content will be allowed to delete content that has reached the end of the retention period. The Items in trash are automatically deleted after Trash policy deletes content based on the time period selected except for items retained by a Governance policy.
- Selected Users - (Available only when you have the Box Governance package.) Enter up to 1000 user names. (Groups are not supported.) If you do not enter any users, it operates the same as if you select Policy Only.
Notes
- Changes to this setting are not retroactive; they will apply only to the content moved to Trash after the setting change is applied. All content already in Trash will be purged according to the setting value that was applied to it when it was sent to Trash.
- Legal Holds and Retention policies take precedence over this Trash setting: Any content under retention or legal hold will not be permanently deleted.
The ability to choose who can permanently delete content in the trash is only available as part of the Box Governance package.
- Items in trash are automatically deleted after
-
This setting is available only if Enable Trash is selected. Determines how long content is in Trash of your managed users' accounts before it is permanently deleted. After the specified time period passes, the items are permanently deleted. If you modify this setting, the new duration does not apply retroactively to items already in the trash. Select from:
- 7 days
- 14 days
- 30 days (default)
- 60 days
- 90 days
- Custom - The ability to choose to choose the Custom option is only available as part of the Box Governance package. The Custom option can range from 7 days to 10 years.
- Never auto-delete items (including by policy)
Retention set by retention policies override this setting for any content managed by those retention policies.