Best practices for external sharing

Keep the following best practices in mind when you configure and use external sharing in your organization.

  • When the internal users create shares for external users, it is best practice is to set an expiration date at the time of the share creation. At a later date, you can also add or change an expiration date on a share. If you do not set an expiration date and the share is no longer needed, the issuer or supervisor must delete the share manually.
  • It is best practice to add an LDAP administrator group to the Folder Share and Document Share class definition's Default Instance Security, that has permission to monitor and potentially administer existing share records created by the internal users.
  • If a share issuer must be removed from the organization's LDAP directory, for example, because they are leaving the organization, reassign the shares that were originally granted from that issuer to a different user before removing the original issuer from the LDAP directory.

    A user or group with full privileges (Views all properties, Modify all properties, Delete, Read permission, Modify permissions, Modify owner) can use the Administration Console for Content Platform Engine to query the Share records and change the Issuer. The new Issuer must have the same or greater privileges as compared to the original issuer on the documents or folders in order for the external share permissions for the external user to be maintained.

    To reassign shares:
    1. Use the New Object Store Search to search for Share records where the issuer must be changed.
    2. Do a new Principal Search to find the new user that you want to make the issuer of the Shares.
    3. Select the User, right-click, and select Copy Object Reference.
    4. Right-click the Document Share or Folder Share record where you want to change the issuer, click Paste Object, and save your changes.
  • Use only document classes that support versioning in your external share scenarios, so that the Upload New Version action does not encounter issues when it attempts to automatically check out the document.
  • Use only document classes where the Copy to Reservation attribute is applied to each property in the class. The external share interface does not prompt for property input when an external user updates a document using the Upload New Version action
  • The first time sharing a folder that has a large number of sub-folders or contained documents might be time-intensive, or in extreme cases, might incur a timeout error. It is therefore recommended that if you have a large number of documents to share, you organize them into separate folders, for example, grouped by topic, and share each of the folders individually.
  • (V5.5.6 and earlier) Associate your document entry template to the folder that you are sharing rather than to a parent folder. This ensures that the entry template is used when an external user adds a document to the folder.
  • Grant access to objects for external users by using the external share capabilities and not by directly assigning access rights in the Administration Console for Content Platform Engine.