Secure Folder Sharing extends the collaboration capabilities of MOVEit Transfer while delivering in-transit and at-rest data confidentiality and data integrity.
Secure Folder Sharing helps you leverage:
Orgs where folder-level collaboration enables mission and business goals.
Orgs where regular users need greater autonomy and lightweight access to business information.
An option of enabling regular users to branch out requests to temp users that can contribute/access important resources.
Leveraging requests for all levels of information between groups, temp users, and regular users.
Simple access and management of folder access lists within a designated "Secure Folder Sharing" org.
Choose orgs that will enable folder sharing UI controls for org admins (sysadmin post-install task)
Understand the ways you can apply or limit Secure Folder Sharing
The admin controls and Secure Folder Sharing license must be in place before you can grant MOVEit Transfer regular users autonomy to share their folders and subfolders with temp users and other regular users. The following table details the scopes at which you can apply or limit the use of this feature.
Feature Scope
Description
Mechanisms You can Use
System level (sysadmin)
Enables/limits if the feature is available for delegation (at a system-wide scope).
Feature license. (Secure Folder Sharing is a licensed feature.)
Org profile. (All org profiles would need the same setting to provide system-level alignment)
Org level (sysadmin)
Enables/limits if the feature is available (at selected org basis).
Org profile.
User role level (admin)
Configures feature on the user-home folders of regular users.
Home folder policy settings.
Folder-specific scope (admin)
Configures feature on folders. Admins can enable/remove specific sharing permissions for individual users associated with specific folders.
Folder Access settings. (Best practice)
User operation
When you delegate sharing authority to a user as sharer you can limit the operations the sharer can pass on to others.
Operation-specific sharing. Admin delegates fine scope of sharing operation controls (2019 feature). (Best practice)
Choose which folder operations a user as sharer can pass to others
For example, applying operations such as Delete, Upload, List and List Users can be granted to privileged users and content. Whereas, Download only might be appropriate for collaborative environments where content updates are controlled centrally.
Admin Delegating Share Reveals a New Set of Access Controls
Best practices for using this feature
For MOVEit Transfer administrators, here are important things to consider:
It is best practice for your regular users to selectively share using subfolders. Discourage users from sharing their entire home folder.
Customized permission settings do not have to inherit policy settings from the parent folder. (In most cases they won't.)
If you revert Share settings (clear the checkbox) after users have enjoyed sharing capabilities, permissions will no longer be customizable. (However, the folders created before you reverted Share will continue to provide access control to users already shared with.
Enabling the Share permission attribute on the Home Folder Permissions page will enable users to directly share their user-home (~myuser) folder and is therefore discouraged.
For instructions how regular MOVEit Transfer users share folders, see the Share a Folder section of the MOVEit Transfer User Guide or Administrator Guide.
Steps for configuring a Secure Folder Sharing environment in MOVEit Transfer
In order to enable Secure Folder Sharing, you must:
Install. Install MOVEit Transfer with a license that includes Secure Folder Sharing. (Typically this happens at install time.)
Quick start install instructions can be found in the topic titled Quick Install.
After you install, check if Secure Folder Sharing is enabled
To verify if a Secure Folder Sharing license is in place:
Remote desktop to the host where MOVEit Transfer 2018 is running.
Plan/Choose. Choose which Orgs/users will benefit from the increased autonomy and enhanced powers of sharing and collaboration.
Choose Users and Orgs that will share
Before you delegate sharing settings as MOVEit Transfer Org Administrator, carefully consider the needs of your users and the tradeoff of access and sharing to confidentiality of information.
There are three important things to consider:
Customized permission settings do not have to inherit policy settings from the parent folder. (In most cases they won't.)
If you revert Share settings (clear the checkbox) after users have enjoyed sharing capabilities, permissions will no longer be customizable and will revert back to your Org wide policy.
Enabling the Share permission attribute on the Home Folder Permissions page is possible but discouraged because it will enable users to apply customized permission settings and share user-home directly.
Note: It is best practice to enable Secure Folder Sharing first on a MOVEit Transfer Org designated for non-production use, where you can decide which users will benefit from increased autonomy and collaboration. After you understand the capabilities and modes of use, it is optimal to deploy these capabilities to production on an org-by-org basis.
Delegate Authority. Enable users to break inheritance from parent folder permissions and share with other users (for example, on a per-folder basis).
There are two ways admins can delegate sharing authority to regular users:
Folder specific. Applied to a specific folder. (Select any folder in your org from the folder drop-down list and click Permissions and Settings.) (Best practice)
Org wide. Applied through Organization settings (Settings > Security Policies - Folder: Home Folder Permissions).
Folder-Specific Option: Delegate through individual folder permissions
As an admin or file admin, you can delegate (or remove) user folder sharing on a per-folder basis. (You can also use this method to override or complement policy settings made on a per-org basis)
Click Folders. From the folder drop-down list, select a folder to add/remove Share permissions.
Folder view displays.
Click Permissions and Settings button.
Permissions and Settings view displays.
Click the checkboxes to select (add) or clear (remove) permission attributes.
Org-Settings Option: Delegate sharing through home folder permission policy controls
Before you delegate sharing settings as MOVEit Transfer Org Administrator, carefully consider the needs of your users and the tradeoff of information access and to information controls and confidentiality.
There are three important things to consider:
Enabling the Share permission attribute on the Home Folder Permissions page will enable users to apply customized permission settings in the form of user access control lists.
Customized permission settings do not have to inherit policy settings from the parent folder. (In most cases they won't.)
If you revert Share settings (clear the checkbox) after users have enjoyed sharing capabilities, permissions will no longer be customizable and will revert back to your Org wide policy.
Note: It is best practice to enable Secure Folder Sharing first on a MOVEit Transfer Org designated for non-production use where you can decide which users will benefit from increased autonomy and collaboration. After you understand the capabilities and modes of use, it is optimal to deploy these capabilities to production on an org-by-org basis.
As Admin user, sign on to MOVEit Transfer and check home folder policy for your users:
From the Settings page, find the Security Policies panel and click Folder: Home Folder Permissions.
Notice the following new folder permission attributes you can apply as an administrator. (Click the checkbox to apply or clear a permission attribute.)
Share. Delegate folder sharing capabilities to a user. (Users will be able to apply custom permissions settings to their Home folder.)
List User. Enables user to see the full list of other users that the designated folder is shared with.
Choose the sharing permission attributes you want to apply to the regular users in your MOVEit Transfer Org.
Administrator controls for home folder permissions (share-specific permission attributes highlighted)
Finally, choose access permissions that the Home Folder Owner can extend to others. (Only available when you select Share.)
Shared folder users with ListUser privileges can see a full list of folder users from a drop-down list .
Note: It is best practice to enable Secure Folder Sharing first on a MOVEit Transfer Org designated for non-production use, where you can decide which users will benefit from increased autonomy and collaboration. After you understand the capabilities and modes of use, it is optimal to deploy these capabilities to production on an org-by-org basis.