Skip to main content

Storing Important and/or Sensitive Information

Files that are important to a user’s department unit at large or that contain sensitive information should not be stored directly in an individual user’s private Box folder. Such data should instead be owned by the unit’s shared account and placed in a shared folder, to which the user is granted access.

Requesting a Shared Account

When your unit begins using Box and submits a request form for delegated administrators, a shared account can be requested at that time.

If you are already an approved delegated administrator for your area, you can simply email the OIT Box support address requesting a shared account. (Address is intentionally not included.  General support inquiries should be sent to the appropriate OIT Help Desk).  You must indicate:

  • Whether the account will be used to hold PHI in any of its subfolders (if so, the name of the top-level folder will be prefixed with “[Restricted]”)
  • Provide the desired name of the account as well as the reason your unit needs a separate shared account rather than a subfolder of your existing share if applicable

If your request is approved, you will be made a co-owner of the new shared account’s top-level folder. You can then add any other existing delegated administrators your unit would like to maintain the shared account as additional co-owners of the top-level folder.

Using Shared Folders

As a general rule, you should not share the top-level folder of the shared account to your users, as this grants them access to all data your unit has stored in Box, including, as an example, PHI or other sensitive information. Additionally, if you grant them an editor role with this share, they can even change the name of your unit’s top-level folder. You should instead make use of subfolders to manage permissions to users with more granularity.

Once you have been made a co-owner of the shared account’s top-level folder, you can create subfolders as many levels deep as you would like. Only subfolders that have been directly shared with users will appear in their list of files and folders when they log into Box, but they can see the name of the top-level folder if they inspect the subfolder shared with them.

RECOMMENDATION: Because the name of the top-level folder may not be immediately visible when looking at a shared subfolder, the names of any subfolders individually containing restricted data must be prefixed with “[Restricted],” but this is up to you to the delegated administrator to enforce.

A subfolder can be shared with an individual Box user or with an entire Box group. This allows you to easily share information with your entire unit, or departments and subgroups within your unit. Please note that you will need to be a group admin of any group to which you wish to share files or folders. Only group admins can share to a group in order to prevent unwanted mass sharing by end users. For more information on sharing to groups, please see Box Group Management.

Helpful Links

Creating and Managing Groups

Delegated Administrator Setup Procedure

Guide to Managing of Box Groups

Guide to Shared Folders

Managing Box Users in the Connect Admin Tool (CAT)

Group Management and RAD Synchronization (Quickstart Guide)

Group Management and RAD Synchronization (Extended Guide)