====== Org. Members With Minimal Access ======
== last updated Feb. 9, 2022 ==
The Access Anywhere provides several ways to share data with people who are not part of your organization, for example [[businessgroupsharing|Business Group Workspaces]] and [[filesharing/sharing_with_links_usage|shared links]]. (The Drop Folder shared link variant may be of special interest as it allows folders to be shared for writing.) In some cases, however, an organization may want to share files with external parties using [[admin/userstorageandsharedfolders|Shared Team Folders]]. To share this way the Org. Admin makes those people "minimal access" org. members and restricts their access privileges so they can do little except access the files that are being shared with them. Here are some points to consider if this approach is adopted:
The approach to sharing that is described in this page is seldom needed and should only be employed with a thorough understanding its implications. Business groups or shared links, both of which can be used for sharing with Access Anywhere [[server/externalusers|external users]], are almost always preferable.
* The Member role is assigned automatically to each member that is added to an organisation. In most cases this assignment should be removed for the minimal access members. That way if a shared folder owner wants to grant access to all internal members of the organization, access can be granted to the Members role and exclude the minimal access members.
* Unless it is intended to allow the minimal access members to store files on company storage Access Anywhere Admin should establish the smallest possible storage quota (one MB) for these members.
* A company may want to block minimal access members' access to Access Anywhere by restricting some or all of the supported client apps. Note that access via at least one app/client is needed so the minimal access members can access the shared folders.
* A company can choose to restrict access to an IP address on a per user basis so that minimal access members can only access Access Anywhere through that IP address. This could be done on a per session basis if required.
The Org. Admin can control all of these settings from the “Organization staff > Edit User” page.
Some Access Anywhere features and options, such as personal encryption, messages and shared links for example, make information available to all org. members. When those features and options are used, minimal access members will be included.