Version: eXtendFiles 1.7.0 and above
Audience: Administrator

Use Cases

  • Limit the visibility of eXtendFiles to NetSuite users based on native custom record permissions, specifically the "Use Permission List" settings on the eXtendFiles record.
  • Limit access to eXtendFiles records based on their configured permission to a linked record. For example, only allow users to view files if they have access to the linked Sales Order, Purchase Order, etc.
  • Limit the visibility of eXtendFiles to defined roles and employees to ensure certain files are always public based on a file's assigned file type.
  • Limit the access of eXtendFiles to specific roles and employees based on the folders in which the files are uploaded.

Overview

  • eXtendFiles provides Signed URLs (links which are valid for a pre-defined lifetime, and generally for a short duration) when Amazon S3, Microsoft Azure, or Oracle Cloud Object storage is being used as the cloud storage provider.
  • eXtendFiles provides Shared URLs for Microsoft SharePoint/OneDrive when user-based upload (see Configuring User Based File Upload In OneDrive for more information) is being used as the cloud storage provider.

Configuration

To access and modify the sharing settings in eXtendFiles, first navigate to eXtendTech eXtendFiles eXtendFiles Configuration and select the Storage Settings → Sharing Settings subtab.
Image Placeholder
Configure the eXtendFiles sharing settings based on your preferences. Details regarding potential configuration options are listed below.

General


  1. Default URL/File Share Method
    Select the default permission for files uploaded by eXtendFiles. By default, its value will be Public for applicable backend storages.

    Note:     When using the File Sharing feature with Microsoft Azure, Microsoft SharePoint/OneDrive (with user-based file upload), or Oracle Object Storage, the Default URL/File Sharing Method will be set to "Private", and this field will be disabled. This is because all files will be private for these storage options. The Sharing Method Mapping via File Types sublist will also be ignored as files will always be private.
  2. Expiry Time for Private URLs
    Specify the duration (in days) before Private URLs will expire. 1days, 5days, etc. Note:     Consult your backend storage provider's documentation to determine the maximum allowed expiry value supported by the storage provider.
  3. Hide Change File Type Button
    This check box will determine whether to show the Make Public and Make Private buttons when viewing an eXtendFiles record.

    Note    : Making a file fully public is supported only for Amazon S3 and Google Cloud Storage.
  4. Make Thumbnails Private
    Thumbnails are usually public, but if you want to make thumbnails private, enable this preference.

Sign URL Permission *

There are four methods for defining permissions for viewing files uploaded with eXtendFiles:
Image Placeholder
  1. eXtendFiles Record Access
    If you are using the NetSuite native permission list on the eXtendFiles record and want to restrict file access to users who have access to the eXtendFiles record, select this option.
  2. Linked Records Access
    If you want to grant access based on a user's access to related records linked to the eXtendFiles record, select this option. To achieve this, you will need to configure the eXtendFile Linked Record Based Permission Settings. Instructions on how to do this are provided in the section below titled eXtendFile Linked Record Based Permission Settings.

    Note    : You can still configure the eXtendFiles record to require the user to be in its permission list, using NetSuite's permission structure, when using this option. This can add an extra layer of security by limiting access to the eXtendFiles record to a specific set of users. Furthermore, within that subset of users, the capability to view the file can be further restricted using a signed URL.
  3. Folder-Based Sharing
    To grant access based on the folders in which eXtendFiles were uploaded, you can configure the permission for each folder using the eXtendFiles - Folder Sharing Rule custom record. See Configure Folder Sharing Rule for more details on utilizing this configuration option.
  4. Configured User/Role Access (default)
    If you want to grant access based on specific roles and employees, select this option. You can configure the roles and employees by defining them in the Role / User Permission section.Image Placeholder

Role / User Permission *

These settings are applicable when using the Configured User/Role Access preference.
  1. Roles Allowed To View Private URLs (Optional)
    Define the roles that are allowed to view private URLs. These roles will be able to access all files.
    Note:     The Administrator role has this permission by default.
  2. Employees Allowed to View Private URLs (Optional)
    Define the employees that are allowed to view private URLs. These employees will be able to access all files.

eXtendFile Type and Default Sharing Method Mapping

If using Amazon S3, create mappings between your eXtendFiles File Types and the default sharing methods applicable to them.

eXtendFile Linked Record Based Permission Settings

When using Linked Records Access, specify the list of linked records that will be used as the basis for file viewing permissions on private eXtendFiles records.
Image Placeholder
  1. Linked Record Search Type
    Specify the record type of the linked record in this field. In the case of a custom record, enter the internal ID for the custom record.
  2. eXtendFiles Linked Record Reference Field
    Specify the internal ID of the field reference which is associated to the linked record on the eXtendFiles record.
  3. Priority
    Specify the priority of the linked records. If the user has access to the record from a linked record with a higher priority, then the file will be visible. Priority 1 is higher than priority 2.
  4. Allow Entity Records Access to Linked Self-Files
    To enable the currently logged-in user to view eXtendFiles linked with their entity record (vendor, customer, employee, or partner), enable this preference.
Note: If none of the specified record references are populated on the eXtendFiles record, then the file will be accessible by all users who have access to eXtendFiles record.

* The permission settings for Microsoft SharePoint/OneDrive with user-based file upload will be governed by access of logged-in user to the configured SharePoint/OneDrive account configured with the eXtendFiles. These fields will be disabled when Microsoft SharePoint/OneDrive with user-based file upload is selected.

Notes

  • For Microsoft SharePoint/OneDrive with user-based file upload, the sharing settings above are not applicable.
  • For Amazon S3 and Microsoft Azure storage, if the bucket/container names specified on the eXtendFiles Setup page (Amazon S3: Bucket and Additional Bucket, Microsoft Azure: Azure Container and Azure Additional Containers) is different than the bucket/container name present on the eXtendFiles record, then the signed URL generation will not work. See What happens if I change the Amazon S3 bucket on the eXtendFiles Setup for more information.

eXtendFiles Sharing Method Map/Reduce Configuration

If you apply a sharing type mapped to “Private” on the eXtendFiles Setup page, the sharing type of any existing eXtendFiles record will not change to “Private” immediately. The sharing type update for existing eXtendFiles will be executed using the “eXtendFiles sharing Method Map Reduce” Map/Reduce script. You will have to execute this script to change the sharing type for existing eXtendFiles based on the mapped file type.

You can create scheduled deployment of this script so that it will run automatically on a scheduled basis.