With Microsoft OneDrive, you can securely share files with colleagues. However, it is important to understand the different Data Classification levels and acceptable ways to share P3 and P4 files.
Guidance for Data Classification Levels - P1 - P4 Data
Please read the UC Information Protection Standards to become familiar with the data classification levels:
| Link Type | P4 | P3 | P2 | P1 |
|---|---|---|---|---|
| Specific People Internal User |
Acceptable | Acceptable | Acceptable | Acceptable |
| Specific People External User |
Acceptable – Use good judgment | Acceptable – Use good judgment | Acceptable | Acceptable |
| People in UC Irvine (Internal Link) |
Never use this link type with P4 | Acceptable – Not Advisable | Acceptable | Acceptable |
| Anyone with the link (Open Link) |
Never use this link type with P4 | Never use this link type with P3 | Acceptable – Use expiration date when possible | Acceptable – Use expiration date when possible |
How to create links and share files.
The following important guidelines ensure you do not expose P3 – P4 data to external users:
- Please familiarize yourself with the different sharing options.
- Never create an “open link” (Anyone with the link) to a file or folder with P3 - P4 data.
Sharing Options:
When sharing a file or folder you are presented with the following options:
- Specific people (default link type) gives access only to the people you specify (internal or external users), although other people may already have access. If people forward the sharing invitation, only people who already have access to the item will be able to use the link. This is the only acceptable way to share P3 – P4 data to external users.
- People in UC Irvine gives anyone in your organization who has the link access to the file, whether they receive it directly from you or forwarded from someone else.
- People with existing access can be used by people who already have access to the document or folder. It does not change the permissions on the item. Use this if you just want to send a link to somebody who already has access.
- Anyone with the link gives access to anyone who receives this link, whether they receive it directly from you or forwarded from someone else. This may include people outside of your organization. This is considered an “Open Link”
If P3 – P4 data must be shared outside of the organization, use a “Specific People” link. This will require a verification code sent to the intended recipient's email address if they are outside the organization.
Examples of different link types
Review sharing links for a file or folder and revoke unneeded links
It is important to remove sharing links that are no longer needed. To review the sharing links for a file or folder, click on the details pane icon in the top right:
In the details pane, click on Manage access
This will display all the sharing links. In this example, there is an Anyone link with view access, an Internal link with edit access, a Specific link with edit access, and a Specific link with view access.
In addition to “Links giving access”, there is also a set of permissions called “Direct access”. Users are advised not to use these permissions to share files. Use only sharing links, not Direct access permissions.
To revoke a sharing link, click on the ellipsis next to the link and click the X to remove the link:
You will be prompted to confirm, and the link will be removed:
For Specific People links, you can remove individual users while still preserving the link for others to use:
Revoke Direct Access
The following information is specific to OneDrive Group Accounts and SharePoint Sites
If a ‘member’ grants access to an internal or external user using Direct access (instead of using a sharing link), they will not be able to revoke the access. In this case, please contact the ‘owner’ and ask them to revoke access.
In the screenshot below, an external user was added by a member, and there is no control to revoke access. The following screenshots show how to navigate to SharePoint and discover the site owner so that they can be notified and remove the link.
(Click to enlarge)
Click the link at the top right “Go to site”.
(Click to enlarge)
Clink the link at the top right to show the members.
(Click to enlarge)
The Members will be listed and the owners will be identified.
(Click to enlarge)