12.1 Enabling Users to Share

12.1.1 Best Practices for Setting Up Sharing

  • Enable Sharing for the Filr System: You must enable the sharing feature before any sharing can take place on the Filr system.

    As a best practice, enable sharing in an unrestricted way for those users and groups that will be allowed to share.

  • If Needed, Restrict My Files Sharing: Enabling sharing automatically lets all users share files in their My Files area, including in their Home folder and in personal storage.

    You can restrict My Files sharing on a per-user basis if desired.

  • Carefully Restrict Net Folder Sharing: Net Folder sharing must be explicitly allowed for each Net Folder.

    IMPORTANT:Make sure that only those who need to share a Net Folder’s contents are granted sharing rights on that Net Folder.

    For example, Group A is granted rights to share files in Net Folder A. User A (a member of Group A) then shares a file with User B (a member of Group B). Because the file contains sensitive information, User A doesn’t grant User B permission to reshare the file.

    As long as User B doesn’t have rights to share files in Net Folder A, there is no problem.

    However, if Group B also has permission to share Net Folder A’s files, then User B can reshare the file even though User A assumed otherwise.

12.1.2 General Order for Setting Up Sharing

When you set up sharing for your Filr site, complete the necessary steps in the following order:

  1. Set up sharing for the entire Filr site (as described in Enabling Sharing in Filr).

  2. Configure sharing for individual users (as described in Restricting Personal Storage Sharing).

    After you have enabled sharing for the entire Filr system, you can fine-tune share rights throughout the site on the user level.

    For example, if you want only a few groups of users to be allowed to share with external users, you first need to enable sharing to external users at the site level. After you have enabled it at the site level, you can then remove this ability from the users who you do not want to have this ability.

  3. Set up sharing for specific Net Folders (as described in Enabling Sharing for Specific Net Folders).

    Users who are given share rights on a specific Net Folder are able to share files within that Net Folder that they have rights to at least view on the file system.

Enabling Sharing in Filr

After you set up sharing for the entire Filr site, all users by default are granted rights to share files in the My Files area (this includes files in the Home folder and files in personal storage), with the site-wide access rights that you specify. If you want only certain users to be allowed to share files from their My Files area, you must enable sharing for the entire site as described in this section. Then you must restrict sharing privileges at the user level, as described in Restricting Personal Storage Sharing.

  1. Log in to the Filr site as the Filr administrator.

    1. Launch a web browser.

    2. Specify one of the following URLs, depending on whether you are using a secure SSL connection:

      http://Filr_hostname:8080
      https://Filr_hostname:8443

      Replace Filr_hostname with the hostname or fully qualified domain name of the Filr server that you have set up in DNS.

      Depending on how you have configured your Filr system, you might not be required to enter the port number in the URL. If you are using NetIQ Access Manager, the Filr login screen is not used.

  2. Click the admin link in the upper-right corner of the page, then click the Administration Console icon .

  3. Under System, click Share Settings.

    The Share Settings page is displayed.

  4. Select Allow all users to share with groups that have been imported from LDAP to enable users to share with LDAP groups.

    If you select this option, groups that were imported from the LDAP directory are displayed in the Share with field when users are sharing an item. All users in the LDAP group then have access to the item that was shared.

Enabling Users and Groups for Net Folder Sharing

  1. To enable sharing for all internal users on the Filr site, go to the User or Group field, begin typing All Internal Users, then select it when it appears in the drop-down list.

    or

    To enable sharing on a per-user or per-group basis, go to the Select user/group field, begin typing the name of the user or group for whom you want to grant share rights, then select the name when it appears in the drop-down list.

    The Edit Share Rights dialog box is displayed. Select from the following options:

    Re-share items: When users share a file or folder, they can give the users they are sharing with the ability to re-share the file or folder. The user receiving the share can share the file only if that user has been given administrative rights to share the file or folder.

    IMPORTANT:When selecting this option, be aware that if one user's access rights to an item are removed, it does not remove the access rights of the user with whom the item was re-shared.

    For example, suppose User A shares an item with User B and grants re-share rights. User B then shares the item with User C. If User A revokes User B's access rights to the item, User C continues to have access to the shared item.

    Share with Internal users: Allows users to share items with internal users.

    Share with “All Internal Users” group: Allows users to perform a mass share to all internal users by sharing with the All Internal Users group.

    Share with External users: Allows users to share items with users external to the organization.

    Users external to the organization receive an email notification with a link to the shared item, and they can then log in to the Filr site.

    Share with Public: Allows users to make items publicly available. This means that anyone with the correct URL to the shared item can access the shared item without logging in to the Filr site.

    In addition to selecting this option, you also need to enable Guest access to the Filr site if you want to allow users to share items with the public. For information about how to enable Guest access to the Filr site, see

    Share using File Link: Allows users to share a link to a file in Filr. Any user with the link can then access the file. However, the file is not displayed in the Public area, so users must have direct access to the link in order to access the file.

    NOTE:If you select this option, users can share a link of the Filr file even with email addresses that are listed in the Blacklist field.

  2. (Optional) Click the Whitelist / Blacklist tab to configure which email addresses and domains users can share with when sharing externally.

    The following options are available when configuring a whitelist or blacklist for sharing:

    No restrictions: Select this option to disregard any email addresses or domains that might already exist in the Email addresses and Domains fields. Selecting this option means that users can share with any email address.

    Whitelist: Select this option to allow sharing only with email addresses and domains that have been specified in the Email addresses and Domains fields.

    Email addresses: Click Add, specify the email address that you want to add to the whitelist or blacklist, then click OK.

    Blacklist: Select this option to disallow sharing with any email addresses and domains that have been specified in the Email addresses and Domains fields.

    Repeat this process to add multiple email address.

    NOTE:If a user has Share using File Link rights, the user can share links of Filr files even with the blacklisted email addresses.

    Domains: Click Add, specify the domain that you want to add to the whitelist or blacklist (for example, yahoo.com), then click OK.

    Repeat this process to add multiple domains.

    Delete shares that don’t meet the criteria: Select this option to delete all existing shares in the Filr system that do not match the criteria you set.

    For example, if you selected Blacklist and then specified yahoo.com in the Domains field, selecting this option would delete all Filr shares made to Yahoo email addresses.

  3. Click OK.

Restricting Personal Storage Sharing

After you have enabled sharing of files for the entire Filr system (as described in Enabling Sharing in Filr), you can restrict shared-access right granting on an individual-user basis.

You cannot grant individual users more rights than are currently defined for the site-wide setting.

To restrict share rights for specific users:

  1. Log in to the Filr site as the Filr administrator.

    1. Launch a web browser.

    2. Specify one of the following URLs, depending on whether you are using a secure SSL connection:

      http://Filr_hostname:8080
      https://Filr_hostname:8443

      Replace Filr_hostname with the hostname or fully qualified domain name of the Filr server that you have set up in DNS.

      Depending on how you have configured your Filr system, you might not be required to enter the port number in the URL. If you are using NetIQ Access Manager, the Filr login screen is not used.

  2. Click the admin link in the upper-right corner of the page, then click the Administration Console icon .

  3. Under Management, click Users.

  4. Select the users whose sharing rights you want to manage, then click More > Workspace Share Rights.

  5. Select the radio button in the Clear column next to the sharing right that you want to remove from the user or group, then click OK.

    or

    If you have already removed a share right and you want to add it again, select the radio button in the Allow column next to the sharing right that you want to add to the user or group, then click OK.

12.1.3 Enabling Sharing for Specific Net Folders

  1. Ensure that you have configured sharing as described in Enabling Sharing in Filr.

  2. Configure sharing for the Net Folder as described in ).

12.1.4 Restricting Sharing Files by Group of Users

You can restrict a group of users from sharing files to others.

  1. Stop the Filr service.

    rcfilr stop

  2. Add the following two lines to the /opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/classes/config/ssf-ext.properties file:

    Syntax:

    •  enable.sharing.exception=true
    •  enable.sharing.exception.list=<GroupName>

      GroupName is the name of the group that you do not want to have the ability to share the files.

  3. Start the Filr service.

    rcfilr start