Skip to main content
Question

Prevent sharing of Top Level folders

  • June 18, 2026
  • 3 replies
  • 200 views

I am working on a new instance using a closed folder taxonomy. AKA, IT will maintain control of the folders and add employees.

I would like to make a top level folder DEPT for example and add a group to it. 

I would like the users in the group able to create and share sub folders under the Top Dept folder.

The one concern I have is that someone could accidentally share the entire top level DEPT folder.  I want the users to only be able to share the individual subfolders.  

Is there a way to do this? If I give Editor on Top folder they are able to share the entire thing including all sub folders.  The only way I have found would be to not share the top folder at all, and make the folders they need to share as an admin then grant them editor to just that folder. 

3 replies

Jey Bueno Box
Forum|alt.badge.img
  • Community Manager
  • June 19, 2026

 👋 Hi ​@HEBOXUser, welcome to the Box Community!


There is a way to accomplish this in Box without having to manually manage individual subfolders as an admin. You can restrict sharing at the top-level folder while still allowing users to create and share subfolders.


✅ Restrict shared link access on the Top-Level folder


By default, if you grant users Editor permissions on a parent folder, they inherit those permissions down the waterfall structure and can share both the parent folder and any subfolders. To prevent them from accidentally sharing the entire top-level DEPT folder, you can restrict its shared link settings:

  1. Open Folder Settings:

    • Navigate to your top-level DEPT folder in Box.
    • Click the More Options (…) menu next to the folder and select Settings (or right-click and select Settings) to open the Folder Settings page.
  2. Restrict Shared Link Access:

    • Scroll down to the Shared Link Access section.
    • Check the box that says “Only collaborators can access this folder via shared links”.
    • Under the dropdown, select Folders Only (or Files and Folders depending on your preference).
    • Click Save Changes at the top of the page.


✅ How this works in practice:

  • Top-Level Protection: With this setting enabled, if an Editor tries to generate or send a shared link for the top-level DEPT folder, the link will only work for people who are already invited as collaborators in that folder. This effectively prevents accidental exposure or sharing of the entire top-level directory to outside users.
     
  • Subfolder Flexibility: This restriction applies specifically to the folder where it is configured. Because subfolders inherit settings but allow you to manage individual collaborations, users with Editor access can still create subfolders and invite new collaborators or generate functional shared links specifically for those individual subfolders.


Please feel free to reach out if you have any other questions.


  • Author
  • New Participant
  • June 23, 2026

The above works for shared links, is there a way to prevent them from adding an external collaborator for the top level folder? 


Jey Bueno Box
Forum|alt.badge.img
  • Community Manager
  • June 23, 2026

Hi ​@HEBOXUser, thanks for your response.


There are multiple ways to prevent users from adding external collaborators to a top-level folder, depending on whether you want to restrict this at the individual folder level, the user level, or enterprise-wide:


1. Folder-level restriction (folder settings)


If you are the Owner or Co-owner of the top-level folder, you can restrict collaboration directly within its settings:

  • Restrict to within your organization: Go to Folder Settings > Collaboration > Invitation Restrictions and enable the setting "Restrict collaboration to within [your organization]". This ensures only users with your company’s approved email domains can be invited as collaborators.
  • Restrict who can invite: You can also check “Only folder owners and co-owners can send collaborator invites”. This prevents Editors or lower roles from inviting any collaborators (internal or external) to the folder.
     

2. User-level restriction (Admin Console)


As a Box Administrator, you can restrict specific managed users from collaborating externally on any content they own:

  • Go to Admin Console > Users & Groups > Managed Users.
  • Select the user and go to the Role and Access Permissions section.
  • Enable the “Restrict External Collaboration” setting and click Save.
    • Note: When enabled, this restriction automatically applies to all folders owned by that user (including their top-level folders), preventing them from inviting external collaborators.
       

3. Enterprise-wide restriction (Admin Console)


Administrators can configure global collaboration boundaries for the entire organization:

  • Go to Admin Console > Enterprise Settings > Content & Sharing tab.
  • Under the Collaborating on Content section, you can limit external collaboration by choosing “Limit collaboration to allowlisted domains” or disabling external collaboration entirely.
     

4. Box Shield Smart Access Policies


If your organization uses Box Shield, administrators can create Access Policies with External Collaboration Restrictions to block all external collaboration or restrict it to specified domains on folders matching certain classification labels.


Let us know if you have any questions or concerns. We’d be happy to help.