Contact Support

Customers who viewed this article also viewed

banner icon

Identify Changes in NetScaler build files with

File Integrity Monitoring

Learn More Watch Video
CTX217124 {{tooltipText}}

Policy Based Administration

Applicable Products

  • ShareFile

Objective

ShareFile Policy Based Administration allows admins to provision users with specific ShareFile permissions in bulk, based on Active Directory group membership. A company administrator can configure various policies that control how the ShareFile account is used in the organization. This feature is available for both .COM and .EU accounts.

These policies are created within specific ShareFile categories that help break the product down into smaller sets of permissions and action capabilities. Once policies are created within each category, a company administrator can then assign these policies to users based on their Active Directory group membership using the User Management Tool or the ShareFile API. If you want to manage policies via the User Management Tool, please contact your account owner.
 

Requirements

  • To have Policy Based Administration enabled on your account, please contact support
    • Note: You must have "Access company account permissions" permission on your account to request access.
  • In order to create a policy, you must have the "Create and manage policies" permission.
  • The "Create and manage policies" permission does not require the assignee to have all ShareFile permissions.
  • The "Create and manage policies" permission is a requirement for creating policies, but also required for editing a policy (and managing the permissions of users while those users are part of policy management) via the ShareFile web app.

Notes 

  • If a user has the "Manage employee users" permission but not the "Create and manage policies" permission, that user will only be able to view employee permissions from the user profile page, and not categories.
  • When a user is upgraded from client to employee status, or a new employee user is created, the user will receive the permissions granted to them during the upgrade/creation process, until they are given policies via the User Management Tool or API.

Instructions

Policy Categories

Permissions are grouped into three separate categories. Users can be assigned only one policy per category.

User-added image


User Access Policies

User Access encompasses actions that may be taken by a user within the ShareFile account. A complete list of settings can be viewed in the screenshot below.

Note: The "Create and manage policies" permission is located within the User Access category.

User-added image

File and Folder Management

File and Folder Management includes Storage Quotas, File Retention, and Folder Expiration settings. 

If you enable Quotas after utilizing Policy Administration features, you will need to edit and update your User Management Tool rules, including scheduled rules. 

A fixed setting means that an end user cannot modify those settings when an admin on a folder, whereas the user-customizable setting means the user can select a value between the range configured in the policy they are a part of.

Note: If a user is not part of a policy in this category, they will automatically default to the account's default quota until the user is added to a specific policy.

User-added image

 

Storage Location

Storage Location includes the user's default StorageZone. Important: this setting can only be set during user provisioning.

User-added image

Create a New Policy

The Policy Management page can be found in the Admin settings section of your ShareFile account. Click a category to expand the policies contained within.

Every category contains a Default Policy. While this default policy can be edited, it cannot be deleted.

  1. Click Create New Policy.
  2. Provide a recognizable Policy Name
  3. Assign permissions within the given category
  4. Click Create.
Important: The Storage Location policy and setting may only be applied during user creation.

 


Edit, Duplicate or Delete a Policy

Click the checkbox beside a policy to reveal the Edit, Duplicate, and Delete options.

User-added image


Clicking Edit will reveal the policy settings. Make your changes and save.

Clicking Duplicate will create a copy of the chosen policy. You can rename the policy and adjust settings if needed.

Important: A Policy can only be deleted if NO users are currently assigned to it. The Default policy cannot be deleted.

 


Assign a Policy via the User Management Tool

Policies can be assigned via the ShareFile User Management Tool version 1.9 or later . 

Before installing UMT 1.9 or later, please uninstall any previous versions of the tool and verify that you have stopped or ended existing UMT-scheduled tasks.
Upon setting up UMT 1.9 or later, please update your scheduled tasks to reflect the new rules.


(Note: Policies can also be assigned via the ShareFile API, though the API does not currently support policy creation.)

From the Users tab, select the desired Active Directory entity in the sidebar and click the Add Rule button.

User-added image

Next, configure the user policies per category as needed. You will be able to select the policies that you created in the ShareFile web application. Be sure to Save your changes.

At the Rules tab, you can adjust the Rule hierarchy. If your user is a part of more than one rule, the highest rule of the hierarchy will be applied to that user.

Note: If a user's Active Directory group changes, the next time the User Management Tool runs the user's policies may also change.


Check User Policy in Web App

You may review a user's policy membership within the ShareFile Web App. Navigate to the user management menu and access the user's profile. Their policy will be indicated as shown below.

User-added image

Remove a User from Policy Management

To remove a user from policy management, you must use the Edit Settings button within the category you wish to manage.

User-added image
User-added image

Once removed, the user's individual settings can be adjusted.

Reassign a Removed User

To reassign a user that has been removed from policy management, return to the user page and click the Assign to Policy button.

The user will be automatically assigned to a policy based on rules set in the ShareFile User Management Tool.

User-added image
User-added image

 


Additional Resources

Documentation User Management Tool for Policy Based Administration
https://docs.sharefile.com/en-us/user-management-tool/policy-based-administration/whats-new.html
Download User Management Tool for Policy Based Administration
https://www.citrix.com/downloads/sharefile/product-software/sharefile-user-management-tool-pba.html