Ownership and Sharing Policy
Share Links are a feature your site can offer to your users, and every Share Link belongs to someone. The site-wide policy controls whether Share Links exist at all and who's allowed to create them. Per-link ownership controls who can manage, edit, or revoke a given link. Together they define how Share Links fit into your organization's broader access policies.
Enabling Share Links Sitewide
Share Links save time and effort for your administrators by letting your users securely share files over the web without turning to shadow IT. Shadow IT refers to employees using unauthorized software or hardware for work, which can improve productivity but creates security and compliance risks.
Each site has an Enable Share Links setting that site administrators can change. By default, this setting is turned on, because Share Links are useful for ad hoc, human-centric file sharing.
When a site administrator turns Enable Share Links off, no user can create new Share Links. Existing Share Links created before the setting was turned off remain available.
Disabling Share Link Functionality Entirely
Some organizations do not want any user to create Share Links, usually because of an organization-wide mandate against file-sharing applications. Site administrators can deactivate the Enable Share Links setting on their site. Doing so prevents the creation of new Share Links for every user, including site administrators and users who already have sharing permission. Existing Share Links are not revoked automatically.
Sharing Permission
Even when Enable Share Links is on, a user must have sharing permission on a folder to create Share Links for files in it.
Once a Share Link is created, the included files are accessible by default to anyone with the URL until the Share Link expires, is manually revoked, or has its usage limited through its settings. Because sharing has broad reach, creating a Share Link requires that the user has sharing permission. This lets site administrators choose exactly which users can create Share Links.
Share Link permissions are assigned at the folder level. Only the users or groups you explicitly grant this access to can create Share Links. You choose which files and folders in your site a given user can share, and which they cannot.
If a user is assigned non-recursive sharing permissions on a folder, subfolders of that folder are not included when the folder is shared. Similarly, if a permission fence is placed on a folder below a folder the user has permission to share, the fenced folder cannot be shared.
Share Link Ownership
Share Links have a user ID who "owns" the link. The owner has full control over their links, and receives the enabled Share Link notifications. The owner's permissions are used to determine which paths may be added to a Share Link, along with what allowed actions can be set for the link. Users who are not Site Administrators or Read-Only Administrators can only see Share Links they own.
Ownership of a Share Link lets standard users control the entire Share Link lifecycle without being granted wider administration rights. A line-of-business user who has mistakenly shared a file with a contact can resolve the issue without escalating to higher authority. They can review the access logs to determine what file access happened and disable the link themselves.
Ownership for New Share Links
The owner of a new Share Link is automatically assigned, depending on how the link was created.
When a user creates a Share Link, that user becomes the owner. For automated Share Link creation through the CLI, APIs, or SDKs, the authenticated user owns the new Share Link, unless they are using a site-wide API key.
When a Share Link is generated through the API using a site-wide API key, the Share Link has no assigned owner.
Updating Share Link Owners
Site Administrators have full access to every Share Link, regardless of who the assigned owner is. This includes Share Links with no assigned owner. Site Administrators can modify any existing Share Link directly to change the owner.
Owners of a Share Link who are not Site Administrators cannot reassign their own Share Links to a different owner.
Share Links With No Owner
When a process uses a site-wide API key to generate a Share Link, the Share Link has no assigned owner.
Share Links without owners work normally for their recipients, and any Site Administrator can manage them.
Managing a Share Link After Creation
You'll often need to update a Share Link after it's been created. You might want to extend the expiration for an expired link, change the password on the link, invite more contacts, or change its contents.
Both standard users with Sharing permission and site administrators can manage Share Links. Standard users see only the Share Links they own. Site administrators see all Share Links within the site.
Changing the Contents of a Link
A live Share Link gives access to its files and folders as they currently exist on your site. Share Link owners and Site Administrators can change the paths included in a live Share Link after it has been shared.
A snapshot Share Link contains a read-only copy of the files as they existed when the Share Link was created. Users cannot add or remove items from a snapshot Share Link after it has been generated. See Live and Snapshot Share Links for the full distinction.
Extending an Expired Share Link
Share Links that have passed their Expiration date do not appear in listings of Share Links, so you cannot extend an already expired Share Link.
Internal Notes
Depending on how your organization uses Files.com, your users may create dozens or even hundreds of Share Links they need to manage. The internal note associated with each link is a convenient way to track its purpose.
Visitors to a Share Link do not see the text you enter as an internal note. It is only visible to internal users.
Site administrators can enable the Require internal notes site setting. When that setting is enabled, Share Link creators cannot leave the internal note blank when saving a Share Link.
Even when the Require internal notes setting is not enabled, Share Link creators can always see and change the internal note for their links.
Revoking a Share Link
Revoking a Share Link permanently deletes the Share Link, its settings, any registrations for it, and its access logs. A revoked Share Link cannot be reactivated.
A Share Link can be revoked at any time by a site administrator or by the user who created it. When a Share Link is revoked, it stops working immediately, and anyone visiting the Share Link URL receives a "Share not found" message (or the custom Not Found message if your site configures one).
Share Links Owned by a Deleted User
Share Links owned by a deleted user are still available to visitors, and site administrators can still manage those links. This serves two purposes: existing Share Link invitations and published link addresses keep working, and the registration information and access logs for the links are retained.
Removing all the links for a deleted user manually is a tedious task, so when you delete a user, Files.com prompts you to either keep their existing Share Links or revoke them all. Revoking the links permanently deletes each Share Link, any registrations for the Share Link, and the associated access logs.
You can also enable the Auto-revoke Share Links for deactivated users setting to revoke all of a user's Share Links automatically when that user is disabled or deleted, with no manual intervention.
Deleting a Share Link Owner's User Account
Removing a user who owns Share Links triggers the Auto-revoke Share Links for deactivated users setting logic. When that setting is enabled, any Share Links owned by the user are automatically removed.
When the Auto-revoke Share Links for deactivated users setting is not enabled, Site Administrators have the option to re-assign all Share Links owned by the user they are deleting to a different user.
Auto-revoke Share Links for Deactivated Users
The Auto-revoke Share Links for deactivated users setting automatically deactivates Share Links owned by a user when that user is disabled or deleted. When enabled, this setting prevents Share Links from being used to bypass user access policies. By default, the setting is turned off.
For organizations with strict access control requirements in legal, finance, government, and healthcare sectors, this setting improves security compliance and reduces administrative overhead by removing the need for manual revocation of Share Links when users lose access.
Effects of Enabling the Setting
When this setting is enabled, all Share Links created by a user are automatically revoked when the user account loses access to the system. This happens whether the user is disabled manually or automatically. Share Links belonging to users who are disabled by the Disable inactive users setting are also revoked.
Enabling the setting also enforces that a Share Link's Expiration date cannot be set later than the user's Access expiration date. If a user's Access expiration date is moved to an earlier date, the expiration date of every Share Link they own is updated to match.
Get The File Orchestration Platform Today
4,000+ organizations trust Files.com for mission-critical file operations. Start your free trial now and build your first flow in 60 seconds.
No credit card required • 7-day free trial • Setup in minutes