Break waterfall permissions
Allow for restricted permissions within a shared folder (so permissions are not inherited from the parent folder)

We understand the request, but unfortunately this is not on the near-term roadmap.
-
Anonymous commented
Seriously Box, you need to join the new age of security. Even Google Drive allows you to break the waterfall. Please, let me continue to use Box as it is so superior to any other platform, with is one glaring exception.
-
Anonymous commented
Wish it were available. Have folder structure shared across firm but want to give certain folders/files access to certain people and can't. so frustrating.
-
Anonymous commented
This is such a shame and needed feature. How on earth can we manage confidential folders without breaking inheritance.
-
Anonymous commented
how is breaking inheritance still not implemented?
-
Daniel Farquhar commented
Just terrible
-
Anonymous commented
This would be very helpful
-
Anonymous commented
I agree with all of the comments below. This would be very useful for what I need to do!
-
Anonymous commented
Agree with all comments below, the understanding was that individual folders would follow parent folder permissions but that folders lower down could have individual permissions. This is quite a fundamental issue with a company wide folder structure.
-
SMLR commented
We have a single file that needs to be locked to be prevented from download due to being proprietary. But it belongs in the patient folder, not elsewhere. To store it elsewhere is illogical, but if we store it in the file that has anything higher than Viewer permission, a person can unlock it and they have access. It is a little tricky when you have hundreds of files that you WANT your collaborators to have full access to, but one single file you wish they could view, but not download or edit, so you can't keep it in that folder, you have to put it in a folder higher up, which is not convenient (or causes hindreds of folders to appear to collaborators instead of single folders).
-
Sean Loche commented
This is a key feature our company needs. When we purchased Box, we were told that you can share sub folders with specific people and not others. While you can do this, it ultimately becomes useless as in each individual's root folder structure, they will only see that sub folder and end up having hundreds of folders in their account.
-
Anonymous commented
as commented below, we are using BOX for our project filing and if external collaborators have access to the Shared folder in multiple project files, we then have to add the project number and title to every shared folder so they know what it is for, thereby extending the file path and causing problems on Box Drive.
It would be a lot easier if we could add collaborators to the parent folder and restrict access to relevant folders within, so they could see the file structure. -
Anonymous commented
Dan Herman is spot on, products adapt to users needs! To me it's intuitively obvious this is a needed function.
Why, since Kelly Halamek suggested it 3 years ago and Jack Hirsch stated the " We understand and fully acknowledge the massive business value of this functionality." almost a year ago, is it still not available?
-
Anonymous commented
I'm sorry to say our company is looking at transitioning off Box because of the lack of this basic function. Frankly, the answers given in discussions to the effect of "you should understand our model and adapt your thinking to it" are both naive and insulting. The first rule of UX design is you should understand your user's thinking and adapt to it, not the other way around! Listen to your users Box, it's Product Design 101.
-
Anonymous commented
Just being able to break inheritance is essential
-
Anonymous commented
This feature would be a massive benefit for my organization and many other. Waterfall permissions are disruptive to general company file structure if we are wanting to provide a unified file map for users.
Would love to see this one come to fruition. Thanks!
-
Mariane Caringal commented
We have a project folder hierarchy. In lower level there are folders that is allowed to be shared externally. But we cannot enable our users to share link and invite collaborators because the folder setting at the root folder is being inherited down the lower level. If we unchecked the collaboration setting and share links at root folder, individual sub-folders has to be edited. There is also a loophole that even you restrict the folder settings on each individual sub-folders, if a user share link of the root the whole project folders and file can be downloaded by anyone with shared links.
Our users need to contact Admins and co-admins just add collaborators and shared links.
-
Anonymous commented
Hey Guys,
There hasn't been a box admin comment in how long on this? This is something that really needs to be worked into your product. Why not have a choice from the creation of a folder to have it be "waterfall" or "not waterfall" bc as many previous users have demonstrated, the workarounds for this create huge inefficiencies.
Come on, Box! Get on it! Please! -
Anonymous commented
I agree completely. We came from a regular Windows server environment where I could allow or deny access to files and folders at any point in the structure. That is what we need and what works best.
A current example of how the waterfall permission structure is hurting is with the new Box Drive custom location. If I add someone as a collaborator on a file down in the file structure where they have no access to the parent tree & folders, I cannot hyperlink in Outlook to files through Box Drive and have it work. I am still forced to use the URLs to bypass the waterfall structure and the work-arounds that had to be done to get permissions correct. Hyperlinks work perfect only for files/folders where all parties have the exact same file structure, i.e. permission for the entire file structure chain.
-
Matt Stofka commented
Breaking waterfall permissions could definitely be beneficial in some use cases but I agree with others that it could get really complicated, too.
I suppose I'd be happy with a folder setting that can be enabled by owners/co-owners to "Hide this folder and it's child content from External Collaborators" OR "....from non-Owners/Co-Owners."
This would effectively keep the folder structure the owner wants but everything in that branch of the tree would be invisible to external users or Editors and below, respectively. I suppose you could even allow the co-owner to select the permission levels from which to hide that part of the folder tree, i.e., instead of Editors and below, they could select the Viewer/Uploaders and below, Viewers and below, etc.
Enabling this would put a label on the folder and child content in both the web UI and Drive to indicate to the co-owner that this private setting was enabled.
You could also do this at the file level using the right-click context menu in Drive or the ellipses button in the web with a "Hide" or "Make Private" option, or via Classifications similar to setting a Confidential/Internal/Public label. It's important to have a visual label on the file indicating that it's hidden and it shouldn't be super easy to toggle on-and-off; there should at least be a message such as "Are you sure you want to disable this private setting? All of this content will now be visible to all collaborators!"
This hybrid approach still uses waterfall logic in order to hide everything in that branch of the folder tree so it wouldn't address the valid concern by Mark E regarding folder naming conventions in a Shared folder. I'm thinking that folder-level metadata with cascade could be used to apply a Client Name or Project name value to the parent folder (using Mark's example) and have that value show up in a metadata column next to all of the child folder/file names to provide the context for those similarly named shared folders. If you can ultimately take advantage of metadata attributes in Box Drive, too, then that client/project name could be shown in Drive as well.
I might read this back later and find some flaws in the approach I just offered, but hopefully there's something worthwhile in here. :-)
-
Anonymous commented
Just curious on the status of this? My use case is below.
Our business provides product development services. We work with external consultants, contractors and other remote workers. Plus, we collaborate with our clients.
We have a template folder structure for each client and project. .. e.g. Client Name/Project 1/ Project Phase/"various project folders".
The "Project 1" folder includes financial, legal and other information that is for internal use only along with multiple Phase folders (these Phases describe groupings of steps in the development process). The Project Phase folder houses all the Phase specific information such as reporting, engineering, client supplied info, client communications... etc.With waterfall permissions I can't allow collaborators to have permission to see the client folder, one specific project folder, one specific Phase folder and only the folders that I want them to see under the Phase folder. Right now I have to create a SHARED folder within the Phase folder and only share that folder with collaborators. However, I must name the folder "SHARED-Client Name-Project Name-Phase" in order for the external collaborator to understand what the folder means on their BOX account. Otherwise, they would see 5 folders named "SHARED" not know which Shared folder pertains to which project.
All of that is to say that allowing specific users access to specific folders without regard to the parent folder, would be very helpful!
I understand it can get complicated to manage but managing workarounds is also very complicated too.
One suggestion to make it easier when assigning permissions would be to allow an indented visual list of folders under a user with the subsequent permission level shown next to the folder. That visual tool would make adding and adjusting permissions for a user much faster. I can also envision the same thing for reviewing permissions of a folder where the main folder is at the top and all the sub-folders (indented) are below and the users/groups and their permissions are shown next to each folder. A visual tool like this would be great!
Finally, folder templates with permission templates would be really great too. That way I can setup a template for Client and Project Folders with all the proper group permissions setup ahead of time. Then I would only need to add a few specific people instead of setting up all the permissions each time. Again, making this a visual easy to use tool would make the user experience great!