Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

Terminology

Term

What it means

sharer

the user that shares content

sharee

the user who receives shared content

sharing content

to apply permissions to allow or deny access to content by other users in the enterprise

disinheritance

to override the parent folder's permissions

sharing explicitly

to add permissions using a user account explicitly

sharing implicitly

by creating content within a shared folder


SkySync transfers content then migrates permissions, in that sequence. Applying permissions can have unintended consequences at the destination depending on how the destination platform implements sharing content. Exclude shared content filter gives you some control to prevent duplication at the destination.

Platform: Box

Box supports sharing a folder explicitly by adding a user account and assigning permissions.

Box supports read only sharing sharing a file or folder via link.

Disinheritance is not supported; there is no support for overriding the parent folder's permissions. Box also does not support sharing a file explicitly.

There is no implicitly sharing; content within a shared folder is owned by the sharer.

When a user shares a folder explicitly, the folder appears on the sharee's drive (root).

Platform: G Suite

G Suite supports sharing a file or folder explicitly by adding user account and assigning permissions.

It also supports read and write sharing a file or folder via link.

Disinheritance is supported; the ability to override a parent's folder permissions.

There is implicit sharing; content created or moved to a shared folder is also considered shared and owned, unlike Box, by the content creator and not the sharer.

When a user shares a file or folder explicitly or via link (once accessed by sharee), it appears in their "Shared With Me" bucket. The sharee can then choose to "Add to My Drive". The sharee can drag the shared file or folder to any folder within the sharee's "My Drive", including both private or other shared folders. This means that a shared file or folder can appear in multiple folders in the sharer's "My Drive" or can be orphaned/removed from "My Drive". Since disinheritance is supported, a sharee can create a subfolder on a shared folder then remove the sharer from its permission list. The sharer will no longer see that subfolder in his folder. Only the sharee can.

How SkySync Interprets Shared Folders

SkySync Box Connector:

In SkySync, the sharer sees the folder and its content as not shared, the sharee sees the folder and its content as shared.

SkySync doesn't currently support migrating permissions when sharing via link from/to Box.

There is also no support for migrating permissions to a file.

SkySync G Suite Connector:

In SkySync, the sharee sees a shared file or folder and all its content as shared, even if the sharee created the content within the shared folder.

The sharer; user that shared the file or folder; sees them as not shared.

Files or folders that appear under the shared folder, however, will be seen by the shared as either shared or not shared based on how the content was created and the SkySync configuration setting: GoogleDrive.AllowSharedWithMe.

  1. If the file or folder is implicitly shared (those created or moved to the shared folder hierarchy without previously being shared), the sharer will see them as not shared. (This is consistent with Box.)

  2. If the file or folder was explicitly shared or shared via link with the sharer, the sharer will see them as shared by default. If GoogleDrive.AllowSharedWithMe is set to true, the sharer will see them as not shared.

Example

Lets walk through by using an example.

 Expand for more information

We have two users, Juan and Lynn. In SkySync, we open two connections, one for each account, respectively.

Juan has two folders in his "My Drive": JuanFolder1 and JuanFolder2. 

Lynn has one folder in her "My Drive": LynnFolder1

Juan shares JuanFolder1 with Lynn explicitly and shares JuanFolder2 as a link to the entire enterprise. Lynn adds the two shared folder into her "My Drive"

Lynn shares LynnFolder1 with Juan explicitly. Juan adds LynnFolder1 into his "My Drive".

In SkySync, using Juan's account, JuanFolder1, JuanFolder2 are not considered shared and LynnFolder1 is considered shared. Using Lynn's account, JuanFolder1, JuanFolder2 are considered shared and LynnFolder1 is not considered shared.

So far so good...

Lynn creates a subfolder: JuanFolder1/SubfolderByLynn and moves JuanFolder2 to JuanFolder1.

Juan moves LynnFolder1 to JuanFolder1.

In SkySync, using Lynn's account, regardless of GoogleDrive.AllowSharedWithMe setting, JuanFolder1, JuanFolder1/JuanFolder2, JuanFolder1/SubfolderByLynn and JuanFolder1/LynnFolder1 are all considered shared. LynnFolder1 also shows up in her root drive as not shared.

In SkySync, using Juan's account:

  1. When GoogleDrive.AllowSharedWithMe is false, JuanFolder1, JuanFolder1/SubfolderByLynn are not considered shared, JuanFolder1/LynnFolder1 and JuanFolder1/JuanFolder2 are considered shared. JuanFolder2 also shows up in his root drive as not shared.

  2. When GoogleDrive.AllowSharedWithMe is true, JuanFolder1, JuanFolder1/JuanFolder2, JuanFolder1/SubfolderByLynn and JuanFolder1/LynnFolder1 are not considered shared. JuanFolder2 also shows up in his root drive as not shared.

LynnFolder1 is considered a "shared with me" container thus its share state is on the sharer's side is driven by GoogleDrive.AllowSharedWithMe. The issue is, from Juan's standpoint, we cannot determine whether LynnFolder1 is also located somewhere else on Lynn's drive. The flag gives you the opportunity to decide whether to consider it shared or not so that it can be included or excluded on Juan's transfer job.

JuanFolder2 is also considered "shared with me" even though Juan owns it and it is not shared with him. The folder has two parents, one of which is a folder Juan shares. So we consider it a "shared with me" within the shared folder to give you the opportunity to decide whether to consider it shared or not so that it can be included or excluded on Juan's transfer job.

The risk with using GoogleDrive.AllowSharedWithMe is you can either end up with skipped transfers or duplicate transfers because "shared with me" items most likely have multiple parents within the scope of the sharer's account.

Transferring "Share by Link" Permissions

To apply share-by-link permissions from G Suite to Box, you will need to create a user group in Box that you can map to your Google domain. You can then add the users 

For example, when transferring from G Suite to Box, if your domain in G Suite is mydomain.com, under Group Mappings, create an exception map with mydomain.com as the source group and the group name added to Box as the destination group.

When the job executes, folders with "share-by-link" permissions will transfer to Box as permissions to the mapped Box group.

Summary/Recommendations

For best results, we recommend that jobs of this nature are broken into two parts:

  1. Taxonomy Job w/ Permission Migration

  2. Copy/Sync Job w/ Author Preservation

  1. Use the "Exclude Shared" filter when you want SkySync to propagate permissions; the destination will not yield the same folder structure because the destination may have a different sharing scheme (e.g. Box shares show up on root only).

  2. To transfer content exactly as shown from G Suite/Box without caring about sharing/permissions, do not use "Exclude Shared" filter and do not enable permission migration.

  3. Since G Suite allows shared content be located anywhere in a user's drive:

    1. Set GoogleDrive.AllowSharedWithMe to true if you are not transferring entire user drives, otherwise you risk skipping transferring shared content in the destination.

    2. Set GoogleDrive.AllowSharedWithMe to false (default) if you are transferring entire user drives, otherwise you risk duplicating shared content in the destination.

  4. The sharing permissions of explicitly shared files cannot be transferred from G Suite to Box. Only folders.

  5. If you use disinheritance in G Suite to remove a sharer from the permission list, content will most likely be skipped. The sharer cannot transfer the content because it no longer has access to it within his share. The sharee cannot transfer the content because "Exclude Shared" will skip over the parent of the disinherited content.

  • No labels