OneDrive: Procedures
Procedures for Sharing Files and Folders in OneDrive

Post

Information Security Procedures (ISPR) are developed to provide the necessary steps to implement a specific Information Security Best Practice (ISBP).

This ISPR directly supports the ISBP for sharing files and folders in OneDrive.

Sharing Files and Folders

In today’s evolving threat landscape, we must protect ourselves from those that would perpetrate fraud against us by constantly questioning how we store and transmit confidential information.

Available methods

  1. Anyone: Avoid this option. Gives access to anyone who receives this link, whether they receive it directly from you or forwarded from someone else, which includes people outside of your organization.

    Using this option can potentially put the institution at risk. If users intentionally or inadvertently share confidential information or protected data, Anyone that receives or fraudulently generates the link will have access to that information – no authentication is required.

  2. People in Your Organization: Use with caution. Gives everyone in your organization access to the link, whether they receive it directly from you or forwarded from someone else.

    Only use this option when you intend to share information with colleagues that does not contain confidential information or protected data. Be aware that any LBCC user with access to OneDrive can gain access to that information if they obtain the link.

  3. People with Existing Access: Can be used by people who already have access to the document or folder. It does not change the permissions on the item. Use this if you just want to send a link to somebody who already has access.

  4. Specific People: Should be your default option. Gives access only to the people you specify, although other people may already have access. If people forward the sharing invitation, only people who already have access to the item will be able to use the link.

    Minimizes risk by restricting information to a specific person or group. Make sure the data you share is appropriate for the intended audience.

Select Permissions Based Upon the Audience’s Need to Know

DO NOT share files or folders using Anyone with this link. Using this option can potentially put the institution at risk. If users intentionally or inadvertently share confidential information or protected data, Anyone that receives or fraudulently generates the link will have access to that information – no authentication is required.

Anyone with this link

DO share files and folders by selecting Specific People.

Make sure the data you share is appropriate for the audience you choose. Read more about data classification for specifics.

Specific People

  • Only select Allow Editing if users need the ability to edit the document or folder.

Enter Email Addresses

  • Add people by entering a valid email address or the name of an Outlook Contact Group you created previously.
  • Click Send when finished and an automated email notification will be sent to each user.
    Add Email Address

Change Existing Permissions

Only select Allow Editing if users need the ability to edit the document or folder.

From the file or folder in question, select the Shared link located in the last column.

Shared Link

The Manage Access pane will open on the right side of OneDrive.

Manage Access Pane

Change Permissions of an Individual User

To change the permissions of an individual user, click the down arrow option next to the user’s name in the Manage Access pane under Direct Access and choose from one of the following options:

  • Can Edit: Grants the user edit and delete privileges.
  • Can View: Grants the user view only access. 
  • Stop Sharing: Removes all  privileges from the user.
    Change Permissions
  • Confirm your selection.

Stop Sharing with Users

From the file or folder in question, select the Shared link located in the last column.

Shared Link

The Manage Access pane will open on the right side of OneDrive.

Manage Access Pane

Stop Sharing a File or Folder Entirely

  • Click Stop Sharing.
    Stop Sharing

Delete a Share Link

  • Click the ellipsis () next to the link, and click the X.
    Links Giving Access

Stop Sharing with Specific People

  • Expand the list under a specific people link and click the X to remove someone.
    Stop Sharing With Specific People

Stop Sharing with Someone That Has Direct Access

  • Under Direct Access, click the dropdown next to the person’s name and select Stop Sharing.
    Stop Sharing Direct Access