How to control and monitor document access

Outbound sharing refers to documents owned by your account that are shared with external users. For example, this could occur when a user from your account invites an external user to collaborate on a document.

To control outbound sharing permissions, navigate to “Sharing" from the security dropdown in the left-hand menu of the admin panel and select the sharing settings tab. Set the shareable link setting to “Restricted” or “Off,” and restrict email sharing to approved domains and addresses. This setting will control who your users can share their documents with. You can also control whether or not your users can publish or embed their documents. 

For more granular control, configure sharing settings for organizational groups. Account owners and admins can customize shareable link settings, publishing, and embedding for different groups. Simply select a group from the organizational groups menu on the left-hand side of the admin panel and then set that group's specific sharing settings. 

The shareable link settings (public, restricted, or off) will be enforced on all documents and folders owned by individuals in that organizational group. If a user puts a document or folder into a folder owned by a user from a different organizational group, the sharing permissions will default to those of the parent folder.

For more information about organizational groups, visit the Lucid admin panel: Group management article in the Lucid help center.

Inbound sharing occurs when users in your account gain access to documents owned by external users to collaborate on outside of your account.

To manage inbound sharing, you can block users on your Lucid account from accessing documents and folders owned by external users or specify which domains and users they are allowed to access content from.

If you are concerned about inbound sharing, we recommend reviewing the “Accessing external documents and folders” section under the sharing settings tab and selecting one of the following:

• Block access to externally owned documents and folders
• Block access to externally owned documents and folders, except for these domains and/or user emails

Please use caution when restricting access. You cannot restore users’ access to externally owned folders through the admin panel.

If you choose to block external access except to certain domains and user emails, you can add up to 200 domains and email addresses to an allow list. Add all relevant domains—some organizations may have more than one domain associated with their account. We recommend working with any partners you add to the allow list to ensure they have enabled domain control for their Lucid account. Without domain control activated, users can create unauthorized accounts.

Learn more about blocking access to external documents and folders in the Lucid admin panel: Security settings article in the Lucid help center.

 

Should you choose not to restrict outbound sharing, we recommend that you review Discovery on a regular basis.

Discovery can be used to filter documents with any type of external access. From the results page, you can revoke external collaborators, change a document’s location, or even change the document’s owner.

If you find any unwanted activity made by an external actor in the audit logs, you can revoke external access to specific documents and folders by following these steps:

1. Run a search in Discovery with the necessary parameters for your search results, including users, keywords, document type, and creation date.
2. From the search results, check the box to the far left of one or more documents. Select the box at the top of the search results page to select all documents.
3. Click Actions at the top right of the search results.
4. Select one of the following options:

   • Remove any type of external access: Remove external collaborators and turn off external shareable links on the selected documents or folders.

   • Only remove external collaborators: Remove external collaborators from the selected documents or folders.

   • Only restrict external links: Turn off external shareable links on selected documents or folders.

5. In the panel that appears, select your external access and notification preferences.
6. Click Remove external access.

Account owners, Shield admins, and document admins can also set up classification controls to disable external sharing of documents via email or link to anyone outside of their Lucid account. For instructions on how to set up classification controls, refer to our compliance settings article. 

Monitor external access or various actions with our Enterprise Shield audit log. Learn more in this guide.

Note: These guides are here to help you get the most out of Enterprise Shield, but are not intended to address all scenarios or compliance requirements. You’re in the best position to decide how to configure your settings to ensure they meet your specific security and privacy needs.