Hubs permission model should be more granular
Currently in the Box Hubs Beta, all collaborators invited into a Hub receive the "Viewer" permission on files and folders linked in the Hub. This does not allow for Hub content to be view-only and block downloading of content. Alternative methods of managing this such as rolling out classification policies would not be scalable as Hubs usage grows. It would be great if Hubs collaboration could be more granular and there was an ability to invite users or groups into a Hub with other permissions such as "Previewer" so they are more restricted on what they can do after accessing content.
we are gathering feedback on other roles that we may want to support with Hubs.
-
Bruce Taylor commented
A more granular permission model for hubs enhances security and functionality. Consider implementing role-based access control (RBAC) for simplified management, or attribute-based access control (ABAC) for rules based on user and resource attributes. Contextual permissions can adjust access based on factors like time or location. Fine-grained control allows permissions at the individual resource level, while custom permission sets enable tailored access. Include audit logs for monitoring changes and access attempts. Temporary access options can facilitate short-term collaborations. Regular reviews and easy revocation processes ensure permissions remain appropriate. This model fosters adaptability and secure collaboration.
-
Use Case: Private Equity Firm plans to use Hubs to share best practices content with their Portfolio Companies. However, they do not want the portfolio companies to be able to download this content because it's very sensitive.