Collaboration: Open or closed?

Edit online

Default collaboration settings tend to be open. Administrators can make collaboration options increasingly strict as required.

Administrators can configure a number of settings that govern users' ability to collaborate with others. These settings include which users can collaborate outside the workspace, with whom, who can invite new users to the app or to a shared inbox, and other settings.

Administrators can configure collaboration settings at the global level for the Files and Packages apps independently. Global app settings are inherited at the workspace level; inherited settings can be overridden and customized for each app in each workspace. Therefore, collaboration permissions can vary from workspace to workspace and from app to app, allowing admins to customize Aspera on Cloud for maximum usability and content security.

In the Files application

Workspace members with access to the Files application can share folders freely with other members of the same workspace. This is a fundamental privilege of workspace membership and cannot be curtailed.

By default, all workspace members can also share with people outside the workspace. However, administrators or workspace managers can control which user types, if any, can share folders outside the workspace, and how.

There are two options for sharing outside the workspace: authenticated and unauthenticated; you can control these capabilities independently.

To configure the Files app globally, go to Applications > Files.

To customize the settings inherited from global app configuration for a given workspace, go to Workspaces > workspaceName > Applications > Files.

For details, see Files App: Using a shared file repository.

Authenticated sharing outside the workspace

In the AoC UI, this is the setting labeled Who can share folders with external users.

The workspace member shares a folder with someone outside the workspace, either with an AoC member of a different workspace, or with a person who is not an AoC member at all. In both cases, the recipient of the share receives an email notification containing a link that allows them to access the shared folder.

  • The AoC user in another workspace gets access to this shared folder through a limited workspace experience. They do not gain access to any content in the workspace except the folder specifically shared with them.
  • For a person outside AoC entirely, the link in the email leads to an account creation flow; the recipient then logs in to access the shared folder through an AoC portal. This user does not have access to other content in the workspace or to any other functions of the app; only to folders that have been specifically shared with them. This means that folders you as administrator have shared with the entire workspace remain hidden and inaccessible to these users.
  • You can control which user types in this workspace have authenticated sharing capability:
    • All members of the workspace (default).
    • Workspace managers only.
    • No one; you can disable this capability for all workspace members.
  • If you enable sharing outside the workspace, you can list specific external users with whom those enabled users can share; configure this at the workspace level (Workspaces > intended workspace > Profile > Collaboration > Who are eligible external users).

Unauthenticated sharing outside the workspace

Unauthenticated sharing uses a public link. In the AoC UI, this is the setting labeled Who can share folder via public links.

  • This recipient does not create an account or log in to AoC. They access the shared folder through an AoC portal.
  • A public link is truly public: the public link recipient can forward the link to another user, who can then use the link to access the shared folder.
  • You can control which user types in this workspace have unauthenticated sharing capability:
    • All members of the workspace (default).
    • Workspace managers only.
    • No one; you can disable this capability for all workspace members.
  • If you enable sharing outside the workspace, you can designate specific external users that are valid recipients; workspace members can share only with those designated outside users. Configure this at the workspace level (Workspaces > intended workspace > Profile > Collaboration > Who are eligible external users).

In the Packages application

Workspace members with access to the Packages application can send packages freely to other members of the same workspace. This is a fundamental privilege of workspace membership and cannot be curtailed.

By default, all workspace members can also send packages to people outside the workspace. However, administrators or workspace managers can control which user types, if any, can send and request packages outside the workspace.

By default, workspace members can also request packages from others in the workspace or from outside users by sending a submission link; however, the administrator can restrict or disable the package request function.

To configure the Packages app globally, go to Applications > Packages.

To customize the settings inherited from global app configuration for a given workspace, go to Workspaces > workspaceName > Applications > Packages.

For details, see Packages app: Send and receive files and folders.

Sending outside the workspace, with or without requiring recipients to log in

In the AoC UI, this is the setting labeled Who can send packages to external users.

The workspace member can send a package to someone outside the workspace, either to an AoC member of a different workspace, or with a person who is not an AoC member at all. In both cases, the package recipient receives an email notification containing a link that allows them to access the package.

  • The AoC user in another workspace accesses the package in a limited workspace experience. They do not gain access to other workspace content.
  • For a person outside AOC entirely, the link in the email opens an AoC portal the provides access to the package. This recipient does not have access to other content in the workspace or to any other functions of the application, only to packages that have been sent to them specifically. This means that packages sent to the entire workspace are not available to this recipient.
    • By default, the outside recipient does not need to create an AoC account and log in. However, you can require that; select the check box labeled Require external users to log in when receiving packages. When you require external users to log in, the link in the email notification leads the user through an account creation flow; the recipient then logs in to access the shared package through an AoC portal. This recipient does not gain access to any other content in the workspace or functions of the Packages application.
  • You can control which user types in the workspace have outside sending capability:
    • All members of the workspace (default).
    • Workspace managers only.
    • No one; you can disable outside package sending entirely.
  • If you enable sending outside the workspace, you can list eligible recipients to whom those enabled users can send; configure this at the workspace level: go to Workspaces > workspace_name > Collaboration > Who are eligible external users.

Requesting packages to My inbox

Note: The request packages permission described in this section applies only to requests to send to an individual user (send to My inbox) as opposed to sending to a shared inbox. See the following section for details on shared inbox requests.

In the AoC UI, this is the setting labeled Who can request packages by sharing submission links.

Workspace members request packages by sending a submission link. AoC sends an email notification that contains the submission link, which enables the recipient to open an AoC portal; the portal allows the recipient to create a digital package and send it to the My inbox of the AoC user who sent the submission link.

You can control which user types in the workspace can request packages from others:

  • All members of the workspace.
  • Workspace managers only.
  • No one; you can disable package requests entirely for all users of this workspace.

Unlike many of the other collaboration settings, when this setting is enabled for either members or managers, those enabled users can request packages from anyone, inside or outside the workspace, or outside AoC entirely.

Requesting packages to a shared inbox

Members of a workspace shared inbox who have Add users permission can send a submission link to anyone inside or outside AoC. AoC sends an email notification that contains the submission link, which enables the recipient to open an AoC portal; the portal allows the recipient to create a digital package and send it to the shared inbox from which the submission link was sent. The package is then available to all members of the shared inbox who have Receive permission to that inbox.

The user with Add users permission can send a submission link to another member of the shared inbox, or to someone who is not a member of the shared inbox.

In the workspace

By default, when you enable collaboration with outside users in either or both the Files and Packages applications for workspace members, those enabled users can collaborate with any user outside the workspace or outside AoC. But you can restrict collaboration to specific users or groups if required.

Go to Workspaces > workspace_name > Applications > Files/Packages > Collaboration > Who are eligible external users. You can configure the following, for the Packages app and for the Files app independently:

  • Any email address (default).
  • Any email plus the following groups.
  • Only the following emails and groups.