Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

Setting File and Folder Permissions

Understanding how file permissions work in Box

Traditional File Server Permissions

Folder and file permissions work a bit differently than the files permissions many people have come to expect on a file server.

File servers generally have permissions applied by an administrator and permissions are set to be fairly open by default, and then narrowed based on group memberships. For example, Organization A (OA) may consist of 6 divisions (1D thru 6D) and each of those divisions may have 3 groups (aG thru cG) . Folders on a file server for that organization would likely consist of an organizational directory, 6 discrete divisional directories under the organizational directory, and 3 discrete group directories under each divisional directory.

Files stored at the top level (OA) can be viewed by anyone in the organization, with more limited permissions set on each level of sub-folders contained within that directory.

Photo File Permissions on Tradtional Servers


Box File Permissions

Box does not support flexible permissions on sub-folders. Folder and file permissions are designed to cascade from the top level folder to sub-folders. As a result, you cannot narrow access to a subset of folders. If for example you have 25 people listed as collaborators for Folder A, you will not be able to limit access to a sub-folder (Folder A1) contained in Folder A, to only 15 of those collaborators.

Photo Permissions on Box Server To get around this, you can invite collaborators to sub-folders that have a limited set of collaborators at the top level and invite additional collaborators only to the sub-folders to which you want them to have access. If for example you have 15 people for whom you want access to an entire folder (Folder A), make them collaborators on that folder. If you want 10 additional people to collaborate on a specific sub-folder (Folder A1) invite those 10 individuals to collaborate on that sub-folder. Collaborators at the top level folder (Folder A) will see a list of collaborators listed under "In This Folder Only" when viewing Folder A1. Conversely, collaborators with access limited to Folder A1 will only see Folder A1 listed in their file listings.

Smart Links

Box also provides a recommendation to use Smart Links Leaving website to limit permissions to certain files.

Consider assigning user roles based on the functional needs of each collaborator

Penn+Box provides a broad range of collaboration permissions. To limit the risk of documents being edited in parallel your collaboration folder should have a limited number of "Editors"since Editors can unlock a file that has been locked by another user. The bulk of your collaborators should be given "Viewer-Uploader" permissions (or less) to provide a robust set of permissions for managing content without administrative permissions. See "What are the different collaboration permissions and what access do they provide?" Leaving website for a complete listing and explanation of permission levels.


Information Systems and Computing
University of Pennsylvania
Comments & Questions

Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania