FolderSharingOption Class Reference
The FolderSharingOption class defines sharing permissions for Document Library folders. This class specifies which users, user groups, or security roles can access a folder and their permission level.
Overview
The FolderSharingOption class is used in conjunction with the Folder.ShareWithSpecificUsers() method to configure granular folder access control. Each FolderSharingOption instance represents a single permission grant to a user, user group, or security role.
Key Characteristics:
- Used with Folder.ShareWithSpecificUsers() method
- Supports users, user groups, and security roles
- Three permission levels: FullControl, CanUpload, CanView
- Multiple permissions can be assigned to a single folder
- Enables role-based access control
FolderSharingOption Properties Reference
| Property | Type | Required | Description |
|---|
| RecordId | string | Yes | ID of User, UserGroup, or security Role to grant access |
| AccessLevel | string | Yes | Permission level: "FullControl", "CanUpload", or "CanView" |
Property Details
RecordId
The unique identifier of the User, UserGroup, or security Role being granted access to the folder.
Type: string
Required: Yes
Valid Values:
- User.Id - Individual user identifier
- UserGroup.Id - User group identifier
- Security Role.Id - Security role identifier
Description: Specifies which entity (user, group, or role) receives the permission. The RecordId must correspond to an existing User, UserGroup, or security Role record in the system. The platform determines the record type automatically based on the ID format.
Usage:
- Use User.Id for individual user permissions
- Use UserGroup.Id for team or department permissions
- Use security Role.Id for role-based permissions
- Invalid or non-existent IDs will cause sharing operation to fail
AccessLevel
The permission level granted to the user, group, or role.
Type: string
Required: Yes
Valid Values:
"FullControl" - Complete management access"CanUpload" - View and upload permissions"CanView" - Read-only access
Description: Defines what actions the user, group, or role can perform within the folder. The AccessLevel value must exactly match one of the three valid values (case-sensitive).
Access Level Details
FullControl
Complete management access to the folder and its contents.
Permissions Granted:
- View all files in folder
- Upload new files
- Edit file properties
- Delete files (own and others)
- Move files between folders
- Copy files
- Manage folder sharing settings
- Delete the folder
- Modify folder properties
Typical Use Cases:
- Folder managers
- Project leads
- Department heads
- Administrative users
CanUpload
View existing files and upload new content.
Permissions Granted:
- View all files in folder
- Upload new files
- Edit properties of files they uploaded
- Download files
- View file metadata
Permissions Denied:
- Delete files uploaded by others
- Modify folder sharing settings
- Delete the folder
- Edit folder properties
Typical Use Cases:
- Team members contributing content
- Collaborators adding documents
- Contributors to shared repositories
CanView
Read-only access to folder contents.
Permissions Granted:
- View all files in folder
- Download files
- View file metadata
- View file version history
Permissions Denied:
- Upload new files
- Edit any properties
- Delete anything
- Modify sharing settings
Typical Use Cases:
- Stakeholders reviewing content
- Read-only access for external partners
- Archive folder access
- Reference material access
Validation Rules
RecordId Validation
Required:
- RecordId cannot be null or empty
- RecordId must reference existing User, UserGroup, or security Role
Constraints:
- Must be valid GUID or system-generated ID format
- Record must exist in the system
- Record must be active (not deleted)
AccessLevel Validation
Required:
- AccessLevel cannot be null or empty
- AccessLevel must be exactly one of: "FullControl", "CanUpload", "CanView"
Constraints:
- Case-sensitive string match
- Invalid values will cause sharing operation to fail
- Cannot be modified after folder sharing is configured (must reconfigure)
Important Notes
Permission Precedence
When a user has multiple permissions (through direct assignment, group membership, or role assignment), the most permissive access level applies.
Example:
- User is directly granted "CanView"
- User is member of group granted "CanUpload"
- User's effective permission: "CanUpload" (more permissive)
Owner and Administrator Override
- Folder owners always have FullControl regardless of FolderSharingOption settings
- Users with Administrator System Role always have FullControl regardless of sharing configuration
- FolderSharingOption settings do not restrict owners or administrators
Dynamic Group Membership
When using UserGroup RecordId:
- New members added to group automatically receive folder access
- Members removed from group automatically lose folder access
- No need to reconfigure folder sharing when group membership changes
Dynamic Role Assignment
When using security Role RecordId:
- Users assigned the role automatically receive folder access
- Users removed from role automatically lose folder access
- No need to reconfigure folder sharing when role assignments change