Skip to main content

Hi everyone,

 

We’ve explored options to be able to prevent any user (even co-owners) from accidentally Moving or Deleting certain critical root folders within Box. Right now the only option I have found is to use the Folder Lock endpoint via the Box API, however this is not very accessible to non-developers and we need our business users to be able to enable and remove these locks as needed.

 

Has anyone found a way to manage these Folder Locks in a more user friendly way via the Box UI?

 

Thanks!

I suppose it’s safe to assume you are using a most restrictive ACL model from top down?  Assuming that and also that everyone gets notified when something is deleted (a global setting) there are a few hacks you can do but nothing OOTB for Box.

So from a prevention perspective, here is what I have done in the past.  In any folder that you do not want to be moved or deleted, place a text (or Word) file called something innocuous like “Placeholder” or something in that folder.  Then, using a service account in a VM or some laptop shoved in the corner, assign editor rights to that service account and invite them to that folder.  Then install Box Drive on that VM/spare laptop and open up that file locally from Box Drive and just leave the file open forever. No one can modify that folder from then on.

 

You can also set up a Box Relay to create a Move event (you can do delete event too but if you already have global delete notifications turned on it’s not necessary).  Whenever someone moves a folder you (or anyone else) can be emailed that it happens.   While it’s not preventative per se, it’s the only way I’ve found to be notified when a folder moves that I care about.  
 

 


Hi @mike.curry 👋 and thanks for sharing your hacks @Pouncysilverkitten. This is very helpful!

Checking the settings would also help. For the admins, referencing from Enterprise Settings: Content & Sharing Tab, you can enable Restrict Content Creation in your Enterprise Settings:
 

Determines who can create and delete folders, files, and bookmarks at the root level of your Box instance. Select this option to prevent all non-admin managed users from creating, deleting, and moving folders in their "All Files" section.

Enable this setting to create the folder structure for the entire account and then invite users into this structure.


Note: If Restrict content creation is enabled, admins can transfer ownership of folders to managed users, but managed users cannot transfer ownership to others.


The default state is cleared.

 

Just to add, in terms of collaboration, you may prevent users to delete/move files by modifying their access level. See Understanding Collaborator Permission Levels to learn more.

Feel free to reach out if you have further queries. For troubleshooting, you may submit a ticket to our Product Support. Have a great day!


@JeyBueno Box good suggestion and very useful when you just want to make it so that no one can at a global level but for a nuanced folder by folder model one currently does not exist for anyone Editor or above except for the API unless there is another way.  


@Pouncysilverkitten thanks for sharing your solution, very creative! I will test that one out for now- I’m hoping at some point the native Folder Locks will become available within the Box web UI so that our business admin users can manage the locks with ease. The laptop service account solution is perfect for protecting our top-level folder though, thanks!

 


Reply