Terminology
Term | What it means |
---|---|
sharer | the user that shares content |
sharee | the user who receives shared content |
sharing content | to apply permissions to allow or deny access to content by other users in the enterprise |
disinheritance | to override the parent folder's permissions |
sharing explicitly | to add permissions using a user account explicitly |
sharing via link | to add permissions via a url/link |
sharing implicitly | by creating content within a shared folder |
Summary
SkySync transfers content then migrates permissions, in that sequence. Applying permissions can have unintended consequences at the destination depending on how the destination platform implements sharing content. Exclude shared content filter gives you some control to prevent duplication at the destination.
Box
Box supports sharing a folder explicitly by adding a user account and assigning permissions.
Box supports readonly sharing sharing a file or folder via link.
Disinheritance is not supported; there is no support for overriding the parent folder's permissions. Box also does not support sharing a file explicitly.
There is no implicitly sharing; content within a shared folder is owned by the sharer.
When a user shares a folder explicitly, the folder appears on the sharee's drive (root).
G Suite
G Suite supports sharing a file or folder explicitly by adding user account and assigning permissions.
It also supports read and write sharing a file or folder via link.
Disinheritance is supported; the ability to override a parent's folder permissions.
There is implicit sharing; content created or moved to a shared folder is also considered shared and owned, unlike Box, by the content creator and not the sharer.
When a user shares a file or folder explicitly or via link (once accessed by sharee), it appears in their "Shared With Me" bucket. The sharee can then choose to "Add to My Drive". The sharee can drag the shared file or folder to any folder within the sharee's "My Drive", including both private or other shared folders. This means that a shared file or folder can appear in multiple folders in the sharer's "My Drive" or can be orphaned/removed from "My Drive". Since disinheritance is supported, a sharee can create a subfolder on a shared folder then remove the sharer from its permission list. The sharer will no longer see that subfolder in his folder. Only the sharee can.
How SkySync Interprets Shared Folders
Box
In SkySync, the sharer sees the folder and its content as not shared, the sharee sees the folder and its content as shared.
SkySync doesn't currently support migrating read sharing via link permissions from/to Box.
There is also no support for migrating permissions to a file.
G Suite
In SkySync, the sharee sees a shared file or folder and all its content as shared, even if the sharee created the content within the shared folder.
The sharer; user that shared the file or folder; sees them as not shared.
Files or folders that appear under the shared folder, however, will be seen by the shared as either shared or not shared based on how the content was created and the GoogleDrive.AllowSharedWithMe application setting:
- If the file or folder is implicitly shared (those created or moved to the shared folder hierarchy without previously being shared), the sharer will see them as not shared. (This is consistent with Box.)
- If the file or folder was explicitly shared or shared via link with the sharer, the sharer will see them as shared by default. If GoogleDrive.AllowSharedWithMe is set to true, the sharer will see them as not shared.
Example
Lets walk through by using an example.
We have two users, Juan and Lynn. In SkySync, we open two connections, one for each account, respectively.
Juan has two folders in his "My Drive": JuanFolder1 and JuanFolder2.
Lynn has one folder in her "My Drive": LynnFolder1
Juan shares JuanFolder1 with Lynn explicitly and shares JuanFolder2 as a link to the entire enterprise. Lynn adds the two shared folder into her "My Drive"
Lynn shares LynnFolder1 with Juan explicitly. Juan adds LynnFolder1 into his "My Drive".
In SkySync, using Juan's account, JuanFolder1, JuanFolder2 are not considered shared and LynnFolder1 is considered shared. Using Lynn's account, JuanFolder1, JuanFolder2 are considered shared and LynnFolder1 is not considered shared.
So far so good...
Lynn creates a subfolder: JuanFolder1/SubfolderByLynn and moves JuanFolder2 to JuanFolder1.
Juan moves LynnFolder1 to JuanFolder1.
In SkySync, using Lynn's account, regardless of GoogleDrive.AllowSharedWithMe setting, JuanFolder1, JuanFolder1/JuanFolder2, JuanFolder1/SubfolderByLynn and JuanFolder1/LynnFolder1 are all considered shared. LynnFolder1 also shows up in her root drive as not shared.
In SkySync, using Juan's account:
- When GoogleDrive.AllowSharedWithMe is false, JuanFolder1, JuanFolder1/SubfolderByLynn are not considered shared, JuanFolder1/LynnFolder1 and JuanFolder1/JuanFolder2 are considered shared. JuanFolder2 also shows up in his root drive as not shared.
- When GoogleDrive.AllowSharedWithMe is true, JuanFolder1, JuanFolder1/JuanFolder2, JuanFolder1/SubfolderByLynn and JuanFolder1/LynnFolder1 are not considered shared. JuanFolder2 also shows up in his root drive as not shared.
LynnFolder1 is considered a "shared with me" container thus its share state is on the sharer's side is driven by GoogleDrive.AllowSharedWithMe. The issue is, from Juan's standpoint, we cannot determine whether LynnFolder1 is also located somewhere else on Lynn's drive. The flag gives you the opportunity to decide whether to consider it shared or not so that it can be included or excluded on Juan's transfer job.
JuanFolder2 is also considered "shared with me" even though Juan owns it and it is not shared with him. The folder has two parents, one of which is a folder Juan shares. So we consider it a "shared with me" within the shared folder to give you the opportunity to decide whether to consider it shared or not so that it can be included or excluded on Juan's transfer job.
The risk with using GoogleDrive.AllowSharedWithMe is you can either end up with skipped transfers or duplicate transfers because "shared with me" items most likely have multiple parents within the scope of the sharer's account.
Transferring "Share by Link" Permissions
To apply share-by-link permissions from G Suite to Box, you will need to create a user group in Box that you can map to your Google domain. You can then add the users
For example, when transferring from G Suite to Box, if your domain in G Suite is mydomain.com, under Group Mappings, create an exception map with mydomain.com as the source group and the group name added to Box as the destination group.
When the job executes, folders with "share-by-link" permissions will transfer to Box as permissions to the mapped Box group.
Summary/Recommendations
- Use the "Exclude Shared" filter when you want SkySync to propagate permissions; the destination will not yield the same folder structure because the destination may have a different sharing scheme (e.g. Box shares show up on root only).
- To transfer content exactly as shown from G Suite/Box without caring about sharing/permissions, do not use "Exclude Shared" filter and do not enable permission migration.
- Since G Suite allows shared content be located anywhere in a user's drive:
- Set GoogleDrive.AllowSharedWithMe to true if you are not transferring entire user drives, otherwise you risk skipping transferring shared content in the destination.
- Set GoogleDrive.AllowSharedWithMe to false (default) if you are transferring entire user drives, otherwise you risk duplicating shared content in the destination.
- The sharing permissions of explicitly shared files cannot be transferred from G Suite to Box. Only folders.