Skip to main content
Shield Access Policy rule settings are used to configure access policies. Access policies contain one or more security control types and have settings that are common to all policies and security control types and settings that are specific to each security control type. This topic has the following sections:

Common Access Policy Settings

The following settings are common to all Access Policies.

Common Security Control Settings

Access policies can contain one or more security controls. Several security control types, External Collaboration Restriction, Shared Link Restriction, Download and Print Restriction, Integration Restriction, and FTP Restriction, contain the following setting:

Unique Security Control Settings

The following section describes the settings for the security controls you can add to access policies.

External Collaboration Restriction Settings

The following settings can be configured when you add the External Collaboration Restriction security control to an access policy:
NoteInherited collaborations can still occur. When the policy is applied on a file level, but not on a folder, an external collaborator can be invited to the folder containing the file and they will be able to access the file. To prevent this, there are two options:
  • Apply the policy to the folder that includes the file. This prevents an external collaborator from being invited to the folder.
  • Select the Existing and new external collaborations option.
  • Existing and new external collaborations - The policy applies to all collaborations. After the policy takes effect it may take a small amount of time to identify existing collaborations to which it applies. Collaborators will not be notified of any such collaborations that have become restricted.
NoteExisting collaborators are restricted from viewing files matched by policy. They are not removed from collaboration. If the restriction is lifted, collaborators can again access collaborated files.
The following settings can be configured when you add the Shared Link Restriction security control to an access policy:

Download and Print Restriction Settings

The following settings can be configured when you add the Download and Print Restriction security control to an access policy:

Integration Restriction Settings

The following settings can be configured when you add the Integration Restriction security control to an access policy:
NoteThe following integrations will still be able to download content when users right-click on their files and select the Open with command even if you do not specify them here:
  • Microsoft Office for the web
  • Google Workspace
  • Apple iWork
  • Adobe Acrobat Online
IMPORTANT:When you are creating a Shield access policy and Box displays no integrations from which to choose, your organization may have exceeded the limit of 100 authorized integrations. To further investigate, contact Box support.

FTP Restriction Settings

The following setting can be configured when you add the FTP Restriction security control to an access policy:
Note:FTP Restriction is not supported in Box Notes.

Watermarking Settings

The following setting can be configured when you add the Watermarking security control to an access policy:

Box Sign Request Restriction Settings

The following setting can be configured when you add the Box Sign Request Restriction security control to an access policy: