print friendly version

How to...

Share files and folder permissions in Box

1. File permissions

If you own a file or folder in Box, you have control of who can access that file or folder.  ITS does not set these permissions for you.

Permission levels on Box follow a ‘waterfall’ design in which individuals only have access to the folder they are invited into and any subfolders beneath it.

If you want to give access to somebody else, you can do this by sharing it with them. Unless you put an expiry date on their access, they will always be able to access this folder.

This access is shared by any folders or files within that folder. If you set up a folder and share it with a colleague, then you add a new file or folder within that parent folder, your colleague will be able to access this new file or folder

To understand how to check and change permissions using the Box, please see the Box website

2. Sharing and GDPR

If the content of your files is covered by GDPR legislation (if they contain any personally identifiable information), then you should only share these files with individuals or organisations that you know will respect the intended purpose for the data and follow GDPR best practice.

If you share a file outside of the University, you should have written assurance from the individual or organisation that they will process and store the file in a way that complies with GDPR guidance. For additional guidance about GDPR issues, please see the Data Protection web page.

3. Best practice for saving and sharing in the cloud

Best practice revolves around the kind of data you’re storing and sharing.

When you upload something into Box, we consider that to be secure. When you share data with an outside organisation, you are losing some control and therefore you must consider things like:

  • Is there any personally identifiable information in the files you’re sharing. If yes, your data is covered by GDPR and you are responsible for ensuring it remains secure and only used for the intended, stated purpose. If you share it, you must have clear assurances about how the data will be stored and used and be clear that this is acceptable under GDPR legislation.
  • Are there any issues of intellectual property or similar?
  • Could any of the information being shared be maliciously mis-used against the University or any of its staff or students?
  • When you create the sharing link, do you want to make the file view-only or editable for the recipient? This gives you more control than simply sending a file. You can decide whether the recipient is able to download the file for their own use or just view it online.
  • How long do you want to enable a sharing link for? In Box you can set a link to expire on a certain date.

4. Sharing settings

You should become familiar with the settings and options for file sharing in the cloud storage platform(s) you use.

To ensure that you can comply with best practice and GDPR requirements, you must know:

  • How to share a file or folder from the either with a sharing link or by giving somebody access to a file or folder
  • How to share a file or folder from Windows Explorer (Windows) or Finder (Mac)
  • How to share a file or folder from within a Microsoft Office application
  • How to check who has access to a file or folder
  • How to fine-tune the sharing settings for a file or folder, giving people the appropriate level of access
  • In Box, how to create a sharing link that expires on a certain date

Learn about Box sharing settings on the Box website

created on 2020-03-19 by Dawn Stewart
last updated on 2020-03-19 by Dawn Stewart