Summary of Recommendations:
Collaboration Access Levels
- Set default collaborator access level to “Viewer Uploader” unless your collaborators require additional access rights.
- Create distinct, higher-level folders to organize sensitive vs. non-sensitive data.
Shared Link Permissions
- When sharing links, the access level for the shared links should be set at the "Collaborators Only" level to restrict access to a controlled group of individuals you have invited to collaborate on the working folder.
- Deactivate links that no longer require access by other users.
Password Protected Shared Link
- Do not share sensitive files via an “Open” shared link. If that's unavoidable, use a password to secure the link before sharing it with other users.
- When sharing the password protected shared link, send the shared link and the password in out-of-band communication channels to reduce the likelihood of malicious users stealing the credentials. For example, email the link, then send the password in a text message or separate email.
Box has designed its service to allow users to collaborate on content using one of two features: 1) inviting collaborators and 2) sending share links to your content. Although these features enable easy collaboration of folders and files, extra precautions are necessary to ensure that data is shared only with authorized users. The best way to do that is to set the correct permissions to ensure the security and privacy of your data. In the following sections, we will discuss in more detail how to share your content safely through inviting collaborators and sending share links.
This document assumes that users have a basic understanding of collaboration and sharing functionalities provided in Box, which is provided at the Berkeley Box service webpage.
Depending on the sensitivity of your shared files, you should consider the different collaborator access levels and assign them to each collaborator appropriately. See the graphic below for a step-by-step guide to setting Collaborator Access Levels.
To choose from the available access levels when inviting someone to collaborate,
- Click on the text box (where the text "Enter Email addresses here" is) above the "Invite Collaborators" button
- A dropdown menu appears. Click on the “Advanced Options” link
- Enter the email addresses of the people you want to invite to collaborate
- Select from the dropdown menu the appropriate collaboration levels.
- Click "Invite" button to send the invitation
Figure 1 - Advanced options to change collaborator access levels.
Figure 2 - Invite Collaborators pop-up
Collaborator Access Levels
Below is a chart showing the different collaborator access levels and a description of each level:
Figure 3 - Collaborator access levels.
An Uploader is the most limited access that a user can have in a folder and provides limited write access. A user assigned Uploader will see the items in a folder but will not be able to download or view the items. The only action available will be to upload content into the folder. If an Uploader uploads an item with the same name as an existing item in the folder, the file will be updated and the existing version will be moved into the version history.
A Previewer only has limited read access. This permission level allows a user to view the items in the folder using the integrated content viewer or a viewing application from the OpenBox directory such as Scribd. They will have no other access to the files and will not be able to download, edit, or upload into the folder.
This access level is a combination of Previewer and Uploader. A user with this access level will be able to preview files in the folder using the integrated content viewer or a viewing application from the OpenBox directory such as Scribd and will also be able to upload items into the folder. If a Previewer-Uploader uploads an item with the same name as an existing item in the folder, the file will be updated and the existing version will be moved into the version history. They will have no other access to the files and will not be able to download or edit items in the folder.
A Viewer has full read access to a folder. So they will be able to preview any item using the integrated content viewer and will be able to download any item in the folder. A Viewer can generate a shared link for any item in the folder as well as make comments on items. A viewer will not be able to add tags, invite new collaborators, upload, or edit items in the folder.
This access level is a combination of Viewer and Uploader. A Viewer-Uploader has full read access to a folder and limited write access. They will be able to preview any item using the integrated content viewer and will be able to download any item in the folder. They can generate a shared link for any item in the folder as well as make comments on items. A Viewer-Uploader will also be able to upload content into the folder. If a Viewer-Uploader uploads an item with the same name as an existing item in the folder, the file will be updated and the existing version will be moved into the version history. They will not be able to add tags, invite new collaborators, or edit items in the folder.
An Editor has full read/ write access to a folder. They can view and download the contents of the folder, as well as upload new content into the folder. They have permission to delete items, edit items, comment of files, generate a shared link for items in the folder, and create tags. By default an Editor will be able to invite new collaborators to a folder; however, an editor cannot manage users currently existing in the folder. An Editor can also Sync folders to Desktop and Laptop computers.
A Co-Owner has all of the functional read/ write access that an Editor does. This permission level has the added ability to be able to manage users in the folder. A Co-Owner can add new collaborators, change collaborators access, and remove collaborators (they will not be able to manipulate the owner of the folder or transfer ownership to another user).
One additional option to restrict permission to invite collaborators to a folder is under the Folder Properties, Security tab. Checking the box highlighted below will restrict Editors and other co-owners from being able to invite other collaborators.
Figure 4 - Only folder owner can send collaborator invites.
Recommendation: Set default collaborator access level to “Viewer-Uploader” unless your collaborators require additional access rights.
In addition to read and upload privileges, granting your collaborators “Viewer-Uploader” access will allow them to overwrite an existing file with a new version, moving the previous version of the file to version history for review later. On the flip side, “Viewer-Uploader” access level restricts a collaborator from being able to 1)invite other users to collaborate on the folder; and 2)delete files/folders within the collaborated folder. For more details on what a "Viewer-Uploader" collaborator can do, refer to a detailed description of each access level above.
The "Viewer-Uploader" access level helps to avoid the risk of accidental or malicious deletion of data in your collaborated folder, while still providing collaborators with the core collaboration functions such as read and update access. This is especially powerful when combined with defaulting all shared links to "Collaborator Only" access level as described in Recommendation #3.
Please note that when collaborator access level is granted to Joe User at a top level folder, Joe User will have the same access level for all the subfolders under the top level folder. In other words, if you have sensitive data you don’t want to share, but those files fall under a top-level folder where you granted Joe User with viewer or editor collaborator access levels, your sensitive data will now be exposed to Joe User even though you have not explicitly shared your sensitive data with Joe User!
A safer way to manage your sensitive files would be to avoid inviting collaborators to your top-level folder. Instead, invite collaborators to the lower level subfolders, which means access to fewer files and less chance of your collaborators seeing files they should not be able to see.
Removing Collaborator Access
After you invite collaborators to a folder, you can return to see who the collaborators are for a particular file or folder by navigating to it in the Box web interface. If a collaborator no longer needs access, you can also remove his/her access from this menu. To remove the collaborator:
- Click on the Collaborator’s name from the list of collaborators
- Click on the Access Level drop-down menu
- Select “Remove”
Figure 4 - Removing collaborator from folder.
Recommendation: When sharing links, the access level for the shared links should be set at the "Collaborators Only" level to restrict access to a controlled group of individuals you have invited to collaborate on the working folder.
To restrict shared links to "Collaborators Only" access level for a folder and its files, follow the steps below (this assumes that collaborators have already been invited to the folder. See section on Collaborator Access Levels section for more details):
- Navigate to the folder on Box web UI
- Click “Folder Options” drop-down menu -> Folder Properties -> Security
- Check the box for “Restrict shared links to collaborators only”
- Click Okay button to save the setting
Figure 5 - Getting to folder level security properties
Figure 6 - Checkbox to restrict shared link access to collaborators only.
Below is a list of the sharing levels and their descriptions:
Set the link to “open” if you want anyone with the shared link (including Box Lite account users and users with no Box account at all) to have access to the file. To restrict access to the file, you can set an expiration date or even require a password – these restrictions will apply to anyone not already collaborating in the folder.
Want to send out a link without worrying about outsiders viewing the file? Just select the “@Berkeley” option – remember that Berkeley users, if they are not collaborators already, must receive the link from you to have access.
- Collaborators Only:
Select this option if you want to point a collaborator to a specific file or folder without making the link accessible to non-collaborators.
This feature disables the shared link for a file or folder. If a collaborator wants to access the file, they’ll have to log into Box and find it in the appropriate folder.
Some times you want to share files with others only for a specific period time, after which you may want to take away access to that file. Box offers ways for you to deactivate the links you shared by way of setting an expired date on the links (applicable only to "Open" and "@Berkeley" links only) or manually disabling the link. Doing so will reduce the likelihood that files and folder, especially those containing sensitive data, become orphaned and unmanaged after a period of active collaboration.
Figure 7 - Disabling a shared link.
To disable a shared link:
- Find the file or folder for which you want to disable sharing in Box
- Click on the “Share” button to the right of the file name
- Click on the “Access” dropdown menu
- Select “Disabled” access level
- Click “Okay” to confirm you want to disable sharing for that file/folder
To set an expiration date on a shared link:
- Find the file or folder for which you want to set expiration in Box web interface
- Click on the “Share” button to the right of the file name
- Click on the “Access” dropdown menu
- Select an access level ("Open", "@berkeley")
- Click on "Set Expiration"
- Select the desired expiration date in "Unshared On" field
- Click Okay to save your selection
Recommendation: Do not share sensitive files via an “Open” shared link. If that's unavoidable, use a password to secure the link before sharing it with other users.
If a business need requires that a sensitive file be shared with users outside of campus, Box allows end users to password-protect public web links, requiring visitors to enter the set password to access the file or folder. Please consult Box and Google Data Use Agreement on appropriate usage of Box for various restricted data types.
Recommendation: When sharing the password protected shared link, send the shared link and the password in out-of-band communication channels to reduce the likelihood of malicious users stealing the credentials. For example, email the link, then send the password in a text message or separate email.
Also note that a password protected shared link does not offer the same level of protection as file-level encryption, since it only protects the file when accessed through the link. Collaborators may still be able to access the file without entering a password.
Figure 8 - Opening the Shared Link pop up window.
To use this feature,
- Click on the “More Options” dropdown menu next to the file or folder
- Hover over "Share" and select "Get Link to File" or "Get Link to Folder"
- On the pop-up window, open the Access Level menu in the upper right corner
- Click the radio button for “Open” access level
- Click “Set Password”
- Enter the password in the text field. Please consult the campus password policy for detail recommendation on password complexity requirements
- Click Save
- Secure File Sharing: www.youtube.com/watch?v=vFKB4MSbq8I
- Box Collaboration Basics Video: http://success.box.com/videos/collaborators/
- Box Security Tools Video: http://success.box.com/videos/collaboration-tools/
- Box Everyday Collaboration Best Practices: http://success.box.com/best-practices/everyday-collaboration/
UC Berkeley Box Documentation
- UC Berkeley Documentation: (https://kb.wisc.edu/berkeley/search.php?q=box)
- UC Berkeley Box and Google Data Use Agreement
- UC Berkeley Box Sync Guidelines
If you have any questions about how to collaborate on Box, please email firstname.lastname@example.org.