Child Sites Access Model

Child sites are isolated from each other, so a user's access to one site does not carry over to any other site. Access to a child site is determined by where the user account is defined and what permissions it has been granted. Understanding this model is necessary for setting up users correctly and auditing who can reach which site's content.

Users can access a child site whenever any of the following are true:

• They are a Site Administrator of the parent site (also known as a "Parent Site Administrator").
• Their user account in the parent site has been granted Folder Permissions to the child site.
• Their user account in the parent site has been granted admin access for the child site.
• Their user account exists in the child site.

Parent Site Administrators

Parent Site Administrators can connect to any child site and act as a Site Administrator of that child site. They can also directly access and change the contents of any child site through the underscore folder within the parent site.

This gives your parent Site Administrators, typically your IT sysadmins, unrestricted control over your Files.com infrastructure.

Site Administrators on your parent site can connect to each child site by logging into the parent site web interface. A menu appears next to the logo of the parent site to provide access to child sites for parent Site Administrators.

When a parent Site Administrator connects to a child site, they have full Site Administrator access to the child site. That access lets them change settings of the child site, but child sites inherit settings defined in the parent site's child site settings policies. Those policies prevent Child Site Administrators from changing inherited settings within the child site.

Activities performed by a parent Site Administrator connected to a child site appear in the child site's logs. See Child Sites History and Logging for details.

Browsing Child Site Contents

Parent site administrators have access to the contents of every child site through the _ folder (The Underscore Folder) of the parent site. Each child site appears as a subfolder under the _/Sites folder in the parent site. This means that parent Site Administrators can make any changes to the contents of each child site's sub-folder.

The _/Sites system folder is available to a parent site administrator through the web interface, the Desktop App, any official Files.com SDK, or by accessing it through FTP or SFTP.

When a parent Site Administrator changes the contents of a child site by browsing the child site's contents in the parent site, those changes appear in the parent site's logs.

Parent Site Users Granted Access to Child Sites

Parent Site Administrators can grant other parent site users or groups permissions to any paths within a child site, with all of the permission options.

Parent Site Administrators also have the option of designating other parent site users as Site Administrators or read-only administrators of a child site.

Parent site users who have been granted folder permissions or admin access for a child site log in to the main parent site. When they have access to only a single site, they are automatically placed within that site after login.

When a user account has access to more than one site, they are prompted during login to select which site to use.

Child Site Users

Child Site Users are user accounts that are created within a child site. They can be created manually by any Site Administrator of the child site or its parent site, or through automated provisioning.

Users with logins in a child site connect to the site through its address with any of the enabled protocols. They connect to the site's custom subdomain or custom domain, if one exists.

Child site users, even child Site Administrators, cannot be granted folder permissions for folders in the parent site or any other child sites. This reduces the complexity of your security setup by only allowing one-way delegation of access from parent to child.

Only user accounts created within a child site can access the child site through FTP and SFTP. Parent site users granted permissions to a child site cannot use FTP or SFTP to connect to the child site.

When to Create Child Site Users Instead of Delegating Parent Users

Most users who need access to a child site can be granted that access from the parent site, which simplifies managing users and auditing their permissions. There are a few situations where creating a user account directly in the child site makes more sense.

When Using FTP/STP or API Access on a Child Site

When a user needs to connect to the child site via protocol transfers (FTP/SFTP), their account must exist within the child site. This is because protocol-based file transfer authentication cannot cross sites. After users authenticate through file transfer protocols, they can only access their files within the same site where their account exists.

Machine users and system accounts connect automatically using API keys or SFTP/SSH keys for access. In order for those accounts to connect, they must be created in the site where they will perform their work because they cannot switch sessions the way a human user can.

When User Management Is Delegated to a Child Site Administrator

When a child site's Site Administrator is responsible for managing that site's users, all of their users are created in the child site. This is because the child Site Administrator has that access only for the child site, so they can't manage users in the parent site.

When the Child Site is Separate Organization or Brand

When a child site uses a separate brand from the parent organization, and you don't want its users to interact with the parent site for any reason, create those users within the child site. Child site users connect directly to the child site to log in. It is common to configure a custom domain for a child site to support its distinct branding.

When the child site exists to support M&A or as a standalone, separate organization from the parent site, it makes sense to create the site's users directly in the child site. Typically this includes configuring separate identity providers for Single sign-on (SSO).

Permissions Audit Export

The permissions audit export lists the permissions that have been granted to users. When it's run for a parent site, all permissions for the parent site and all of the child sites are included. When the export is run in a child site, only permissions that apply to the child site are included.