12.3 Folder Sharing (Advanced-Edition License Only)

Beginning with Filr 3.0 Advanced Edition, Net Folder sharing includes folder sharing as well as file sharing.

12.3.1 How Filr Determines Roles for Files

Filr assesses a user’s file system rights to a file on the back-end file server to set both

  • The user’s role on the file in the Net Folder

    and

  • The maximum shared-access role that the user can grant to a share recipient for a shared file

12.3.2 Folder Role Determination Is More Complex

For working within Net Folders, the role-setting process for folders is the same as for files—Filr assesses a user’s file system rights to each folder to set the user’s roles within a Net Folder.

As users navigate through the folder structure, their roles on each folder reflect their rights on the back-end file server.

For example, a user might have the Editor role on a folder and the Contributor role on one of its subfolders.

Users might also have file system restrictions on other subfolders that limit their role to only Viewer or even to having No Role at all.

As previously discussed, shared access to Net Folder-based files and folders is through a Net Folder Proxy User that has all rights on the back-end file system. This is why Filr users must assign a shared-access role with each share operation.

Because folder-shared-access roles apply to shared folders and all their subfolders, folder-shared-access roles cannot exceed the minimum shared-access role on any subfolder in the share.

These principles are illustrated in the following graphics.

NOTE:Although these graphics reflect NSS file system trustee assignments, the same basic principles apply to role determination for NTFS file systems and Share Point libraries.

Figure 12-5 Foundational Principle—Net Folder User Roles Reflect File-System Granularity

Letter

Details

The NSS trustee assignments that User A has within the Sales folder provide different levels of access. Access is somewhat restricted in the Sales folder, but User A can do anything with the contents of Folder X unless file and folder attributes don’t allow it.

Filr assigns User A the Editor user role for the Sales Net Folder.

Filr assigns User A the Contributor user role for the X folder. This means that User A can do anything with Folder X and its contents, including renaming or even deleting Folder X, unless file and folder attributes don’t allow it.

Folder Y inherits Folder X’s trustee assignments in NSS, and Filr conforms with the file system by assigning User A the Contributor user role.

Figure 12-6 The Available Shared-access Role Level Will Usually Be as Expected

Letter

Details

The NSS trustee assignments that User A has within the Sales folder provide different levels of access. Access is somewhat restricted in the Sales folder, but User A can do anything with the contents of Folder X unless file and folder attributes don’t allow it.

Filr assigns User A the Editor user role for the Sales Net Folder.

Because the Editor shared-access role is the minimum shared-access role in the Net Folder (letter B), User A can only assign the Editor shared access role when sharing the Net Folder and share recipients could only exercise Editor-level rights in folders X and Y.

Although it is not illustrated, User A has the Contributor role on folders X and Y and could grant that shared-access role when creating a share for either of those folders.

Figure 12-7 Sometimes the Available Shared-Access Role Will Be Lower than Expected.

Letter

Details

User B’s trustee assignments within the Sales folder allow for editing, but in folder X, they are limited to only viewing the folder’s contents.

The trustee assignments to the folders under letter A are reflected in User B’s roles.

The Viewer role assigned to User B for folder X is the lowest role in the Sales Net Folder.

Therefore, the highest-available shared-access role that User B can assign when sharing the Sales Net Folder is the Viewer role.

Figure 12-8 Sometimes Folder Sharing Isn’t Available.

Letter

Details

User C’s trustee assignments are progressively restricted in folders X and Y.

User C has the Editor role within the Sales Net Folder but only the Viewer role in folder X.

From a Filr perspective, User C has no role for folder Y--the lowest role in the Sales Net Folder.

Because the lowest role that User C has in the Sales Net Folder is No Role, and because a shared-access role assignment must be made when sharing a folder, User C cannot share the Sales Net Folder. The same restriction would apply to attempts to share folder X.

12.3.3 Working Around Shared-Role Limitations

When restrictions prevent assigning shared-access roles at a needed level, users can choose to share folders lower in the structure that don’t contain role-restricting subfolders or to share files individually. Even though folder sharing is not available in Figure 12-8, file sharing is unrestricted, except in folder Y.