Mapping of access permissions to Box folder collaborators
When you copy data into Box, besides the ownership of individual files, access permissions might also need to be retained based on the access control settings on the source volumes. The Mapping: Map permissions from source to destination option in the Copy Action is designed to support this use-case. IBM® StoredIQ® applies its proprietary mapping heuristic for mapping access control from CIFS and SharePoint volumes to Box folder collaborators.
Individual file permissions within a source folder are mapped to Box collaborators that can be applied to the corresponding target folder. The folder collaborators on the target folder are an aggregate of the permissions for all files within the source folder. The permissions are aggregated in such a way that no user accidentally has permissions to a file on Box that they did not have access to on the source. However, this aggregation might, in certain cases, force some users to lose access to documents on Box that they were able to access on the source. For example, if User A had access to one file in the source folder but not to another file within the same folder, the aggregation forces User A to lose access to both files in Box. It happens because Box collaborators can be applied only at the folder-level.
| CIFS | BOX |
|---|---|
| Full Control | Co-owner, Owner |
| Modify | Editor |
| Read & Execute | Viewer |
| List Folder Contents | Viewer |
| Read | Viewer |
| Write | Uploader |
| SharePoint | BOX |
|---|---|
| Full Control, Design | Co-owner, Owner |
| Edit, Contribute | Editor |
| Read | Viewer |
| View Only | Pre-Viewer |
- If only Map permissions from source to destination is selected, all files and folders are copied to the Box Administrator account and access control is mapped from the source volume to Box folder collaborators.
- If both Map permissions from source to destination and Preserve owners from source to destination are selected, then each file or folder is copied to Box user accounts that map to the source file owners and access control is mapped from the source volume to Box folder collaborators.
- If only Preserve owners from source to destination is selected, then each file or folder is copied to Box user accounts that map to the source file owners, but no folder collaborators are added on Box.
- If neither of these options are selected, the files and folders are all copied to the Box Administrator account and no folder collaborators are added on Box.
As an example, if a Public File Share is being copied to Box, Map permissions from source to destination can be selected while Preserve owners from source to destination can be deselected so that all the contents land in the Box Administrator account, while individual users still continue to have collaboration roles for this content. Similarly, if a particular User Share is being copied to Box, Map permissions from source to destination can be deselected while Preserve owners from source to destination can be selected so that all the contents land in the mapped Box user’s account.
Before you run the actual copy action, it is a good practice to run a simulate action to preview the mappings and determine whether any access control changes are necessary before you run the copy action.