Parent and Child Site Administrators
Files.com runs two tiers of Site Administrator access across a parent-and-children hierarchy. Parent Site Administrators have full access to every Child Site. Child Site Administrators have full access to a single Child Site only. A parent-site user can also be delegated Site Administrator access to a Child Site without being re-provisioned in that Child Site. See Child Sites for an overview of what Child Sites are.
Parent Site Administrators
A Parent Site Administrator is a Site Administrator on the Parent Site and has full Site Administrator access on every Child Site. They can switch into any Child Site and operate as its Site Administrator, subject only to the settings locked by a Child Site Management Policy. They can also reach Child Site content directly from the Parent Site through the underscore folder.
A Parent Site Administrator can:
- Create and delete Child Sites
- Switch into any Child Site and act as its Site Administrator
- Browse, copy, move, and run automations and syncs against Child Site content from the Parent Site
- Configure Child Site Management Policies that lock specific settings across Child Sites
- Grant parent-site users folder permissions or administrative access on a Child Site, without provisioning a separate user account
When a Parent Site Administrator acts on a Child Site, their activity is logged in the site where the action took place. See Child Sites History and Logging.
Child Site Administrators
A Child Site Administrator is a Site Administrator scoped to a single Child Site. They have full Site Administrator access on their Child Site and no access to the Parent Site or any sibling Child Site. They manage users, groups, folders, automations, integrations, security settings, branding, and SSO for their Child Site, except for settings locked by a Child Site Management Policy.
A Child Site Administrator is the right role for the IT lead of a subsidiary, a regional operations lead, or any operator whose authority is bounded by one site.
Delegating Child Site Administration to Parent Site Users
A parent-site user can be granted Site Administrator access to a Child Site without creating a separate account on the Child Site. The user is provisioned once on the Parent Site, logs in there, and switches into the Child Site for administrative work. Group membership can also be used to grant Site Administrator access to a Child Site, so a group of administrators can be delegated to a Child Site in one assignment.
Delegating Child Site administration to a parent-site user (or group) is the right pattern when the same person administers more than one site, when you want centralized identity for administrators, or when administrators need to move data between sites. See Data and Automations Across Child Sites.
Creating a separate Child Site Administrator account directly in the Child Site is the right pattern when the administrator works only inside that Child Site, when the Child Site has its own SSO provider, or when the administrator must connect to the Child Site via FTP, SFTP, or API keys. Protocol authentication cannot cross sites, and API keys are linked to one site.
Read-only Administrators on Child Sites
Read-only Administrators can be delegated to a Child Site from the Parent Site in the same way as Site Administrators, individually or through a group. A Read-only Administrator on a Child Site sees the Child Site's settings and logs without the ability to change settings or access files and folders beyond what their folder permissions already allow. The role gives help-desk and audit staff visibility into a Child Site without granting operational control.
Get The File Orchestration Platform Today
4,000+ organizations trust Files.com for mission-critical file operations. Start your free trial now and build your first flow in 60 seconds.
No credit card required • 7-day free trial • Setup in minutes