UBbox can be used by departments to securely share and store documents, and to administer group access. To create departmental shared folders, use an ITORG exception account as the owner.
It is not recommended that actual UBITNames (of staff, faculty, etc.) be the “Owner” of shared folders with institutional or departmental data. Category 1 regulated private data may not be stored in UBbox without approval of UB’s Information Security Office. Contact your departmental IT support staff or the UBIT Help Center for more information.
Permission levels on UBbox follow a "waterfall" design in which individuals only have access to the folder they are invited into and any subfolders beneath it. People can be invited into folders but not individual files. See Sharing Folders with Collaborators in UBbox.
Choose user permissions (Box roles) carefully for shared folders. Assigning users the least privileges necessary is recommended.
The centrally-provisioned group boxaccess provides UBbox authorization for UBITNames when logging in via ADFS. All active faculty, staff and students have membership in this group.
We can also provide access to ITORG accounts via departmental groups added to the central ubfs_BoxExceptions group. Departmental sub-groups can be created by node admins and added to ubfs_BoxExceptions via a the EIS request form. Any ITORG accounts that are members of these departmental groups are authorized to use UBBox.”Any ITORG accounts that are members of these departmental groups are authorized to use UBbox. For consistency in naming these nested ITORG groups, we suggest a nomenclature of [OU Branding Prefix]_BoxExceptions. As an example, EIS would create and use the group ‘eiss_BoxExceptions’.
Additionally, to use an ITORG account for box, it must have a unique email address value. This can be either via the creation of an Exchange mailbox (if collaboration and status messages are desired) or via a well-formed, non-routable email address of ‘samAccountName@itorg.ad.buffalo.edu’
If you would like EIS to add an ITORG group as a member of ‘ubfs_BoxExceptions’ or need an ITORG account stamped with a unique email address, submit a request through the UBIT Help Center Online. Once an ITORG group is a member of ubfs_BoxExceptions, ITORG accounts with appropriate email addresses can be added and removed by the department as needed. To limit the number of UBbox licenses used, please only include those ITORG accounts that require access.
When an ITORG account is deleted, all its associated data is also deleted.
If an ITORG account is deleted, then CIT needs to be notified so that the account can also be deleted in UBbox so that the license can be released.
How Groups Are Added to Ubbox
UBAD groups are automatically added to UBbox if the string boxaccess is in the Active Directory Users and Computers 'Notes' field of the group. This field corresponds to the group's Info attribute. Any existing data in the Notes field can remain and will not interfere with the boxaccess string.
Collaboration invitations will only go to members of a group that have logged in prior to the invitation going out. If a member subsequently logs in, they will have access but will not receive the collaboration invitation.
Removing Groups from UBbox
To remove a group from UBbox, remove the boxaccess string.
Group additions to and removals from UBbox will happen every 15 minutes. A logon of a user that is a member of a boxaccess marked group will also force creation of the group if it does not already exist in UBBox.
You do not have to have an Exchange mailbox, unless collaboration and status messages from UBbox are desired. In that case, the messages should be monitored.