|
|
|
|
|
To enable any user's top-level ("user-home") folder to be shared is discouraged!
|
|
Enable users to selectively share subfolders instead.
(Best practice)
|
|
|
|
Apply sharing authority at the individual folder level (not at "user-home" or policy scope).Enabling sharing authority at the lowest level in a folder tree is encouraged and it reinforces the principle of least privilege (PoLP) to resources. (Best practice)
|
|
Enable the Share
(Best practice)
|
Enabling the Share 
permission attribute on the Home Folder Permissions page will allow regular users to apply customized permission settings and extend folder access to others.
Once you delegate sharing authority, regular users can customize folder permission settings and user access lists. Shared folders do not need to re-use permission settings from the parent folder. (In most cases they won't.)
If you revoke Share 
settings (clear the checkbox) after regular users have enjoyed sharing capabilities, folder permissions will no longer be customizable by them. (However, the folders created before you revoked Share will continue to provide access control to users already shared with.)
Warning! Changes you apply here will affect all home folders on the system. For example, if you remove all permissions, users will NOT be able to upload to, download from, share, or even view their home folder unless you add permissions directly to the folder.
When Secure Folder Sharing is properly licensed and available, MOVEit Transfer sysadmins can also turn on/off Secure Folder Sharing on an org-by-org basis. In this case, only admins of orgs selected by the sysadmin will be able to delegate Secure Folder Sharing authority and range of access control to regular users. See the Secure Folder Sharing topic for details.
The Secure Folder Sharing org profile controls must be enabled and a Secure Folder Sharing license must be in place in order to grant regular MOVEit Transfer users autonomy to share their "user-home" folder (/Home/someusername, for example) and associated subfolders with temp/guest users or other regular users. Removing the license for Secure Folder Sharing is similar to revoking the Share permission. Permissions will no longer be customizable by regular users. Only Administrators will be able to customize or remove existing permissions.
