Terminology
| Term | What it means | ||
|---|---|---|---|
| sharer | The the user that shares content | ||
| sharee | The user whose content is shared with | assign permissions | same as "share content"the user who receives shared content |
| sharing content | to apply permissions to allow or deny access to content by other users in the enterprise | ||
| disinheritance | to override the parent folder's permissions | ||
| explicit sharing explicitly | to add permissions using the sharee's account directly | implicit sharing | to share folder to the enterprise using a link or create a user account explicitly |
| sharing via link | to add permissions via a url/link | ||
| sharing implicitly | by creating content within a shared folder |
...
Summary
SkySync transfers content and then migrates permissions, in that sequence. This is mainly because platforms expose shared content differently. In other words, we transfer content first, then apply permissions after the content is transferred. Applying permissions can have unintended consequences at the destination depending on how the destination exposes shared content after the destinations are applied. This is why we have the ability to exclude shared content from the source so that content is not duplicated on the destination after permissions are applied.
Let me give you some background on Box and Google folder sharing before diving into how SkySync interprets and transfe.
Box
In Box, when a sharer shares a folder with someoneplatform implements sharing content. Exclude shared content filter gives you some control to prevent duplication at the destination.
Box
Box supports sharing a folder explicitly by adding a user account and assigning permissions.
Box supports readonly sharing sharing a file or folder via link.
Disinheritance is not supported; there is no support for overriding the parent folder's permissions. Box also does not support sharing a file explicitly.
There is no implicitly sharing; content within a shared folder is owned by the sharer.
When a user shares a folder explicitly, the folder appears on the sharee's Box root (once the invite is accepted manually or automatically). Subfolders within that folder is owned by the sharer. You can add new sharees to other subfolders but cannot modify the permissions that are already there. This is called "disinheritance"drive (root).
G Suite
G Suite supports sharing a file or folder explicitly by adding user account and assigning permissions.
It also supports read and write sharing a file or folder via link.
Disinheritance is supported; the ability to override the a parent folder's permissions. In other words, Box does NOT support disinheritance.
G Suite
In G Suite, when a sharer shares a folder with someone, the sharee will either have a link to access the content with or, if explicitly shared, shows up folder permissions.
There is implicit sharing; content created or moved to a shared folder is also considered shared and owned, unlike Box, by the content creator and not the sharer.
When a user shares a file or folder explicitly or via link (once accessed by sharee), it appears in their "Shared With Me" bucket. The sharee can then choose to "Add to My Drive". The sharee can drag the shared file or folder can be dragged to any folder within the sharee's "My Drive", including both private or other shared folders. The sharee can even move the shared folder to a folder they are sharing with the sharer. This means that the sharer can then have the folder they shared in their "My Drive" in multiple places. Content created on a shared folder is, unlike Box, owned by the creator and considered shared to the sharer of the folder. The sharer of the parent folder can also move the subfolder created by the sharee out of the folder into a private folder in their drive. This will cause the subfolder to be orphaned on the sharee's side. Since the sharee owns the subfolder he can search for it but it is no longer in his "My Drive". Confused yet?G Suite, unlike Box, supports full disinheritance. This means that the a shared file or folder can appear in multiple folders in the sharer's "My Drive" or can be orphaned/removed from "My Drive". Since disinheritance is supported, a sharee can create a subfolder on a shared folder then remove the sharer from its permission list. The sharer will no longer see that subfolder in his folder. The Only the sharee willcan.
How SkySync Interprets Shared Folders
Box
In BoxSkySync, since sharing is limited to the root and all content within a shared folder is owned by the sharer, SkySync behaves as expected; the sharer DOES NOT see sharer sees the folder and its content as not shared, the sharee DOES see sees the folder and its content as shared.
SkySync doesn't currently support migrating read sharing via link permissions from/to Box.
There is also no support for migrating permissions to a file.
G Suite
In G Suite, things are not as straightforward. Shared behavior is driven by an application setting called GoogleDrive.AllowSharedWithMe (set to false by default) and based on how the folder was shared in the first place and whether it is already inheriting its parent folder's sharing.SkySync, the sharee sees a shared file or folder and all its content as shared, even if the sharee created the content within the shared folder.
The sharer; user that shared the file or folder; sees them as not shared.
Files or folders that appear under the shared folder, however, will be seen by the shared as either shared or not shared based on how the content was created and the GoogleDrive.AllowSharedWithMe application setting:
- If the file or folder is implicitly shared (those created or moved to the shared folder hierarchy without previously being shared), the sharer will see them as not shared. (This is consistent with Box.)
- If the file or folder was explicitly shared or shared via link with the sharer, the sharer will see them as shared by default. If GoogleDrive.AllowSharedWithMe is set to true, the sharer will see them as not shared.
Example
Lets walk through by using an example.
...
The risk with using GoogleDrive.AllowSharedWithMe is you can either end up with skipped transfers or duplicate transfers because "shared with me" items most likely have multiple parents within the scope of the sharer's account.
Transferring "Share by Link" Permissions
To apply share-by-link permissions from G Suite to Box, you will need to create a user group in Box that you can map to your Google domain. You can then add the users
...
When the job executes, folders with "share-by-link" permissions will transfer to Box as permissions to the mapped Box group.
Summary/Recommendations
GoogleDrive.AllowSharedWithMe
This SkySync application setting controls how shares
set true only if you know you are not transferring the whole drive=, otherwise you risk duplication.
Content created in a share will be seen as not shared by sharer and shared by everyone else. If that data resides somewhere else it could yield duplication.
Edge case: permission transfer on files?? Google to Box
---
Stub:
...
- Use the "Exclude Shared" filter when you want SkySync to propagate permissions; the destination will not yield the same folder structure because the destination may have a different sharing scheme (e.g. Box shares show up on root only).
- To
...
- transfer content exactly as shown from G Suite/Box without caring about sharing/permissions, do not use "Exclude Shared" filter and do not enable permission migration.
- Since G Suite allows shared content be located anywhere in a user's drive:
- Set GoogleDrive.AllowSharedWithMe to true if you are not transferring entire user drives, otherwise you risk skipping transferring shared content in the destination.
- Set GoogleDrive.AllowSharedWithMe to false (default) if you are transferring entire user drives, otherwise you risk duplicating shared content in the destination.
- The sharing permissions of explicitly shared files cannot be transferred from G Suite to Box. Only folders.