Version: eXtendFiles 1.6.2 and above
Audience: Administrator

Use Cases

  • Limit the visibility of eXtendFiles to NetSuite users based on native custom record permissions, specifically the "Use Permission List" settings on the eXtendFiles record.
  • Limit access to eXtendFiles records based on their configured permission to a linked record. For example, only allow users to view files if they have access to the linked Sales Order, Purchase Order, etc.
  • Limit the visibility of eXtendFiles to defined roles and employees to ensure certain files are always public based on a file's assigned file type.
  • Limit the access of eXtendFiles to specific roles and employees based on the folders in which the files are uploaded.

Overview

  • eXtendFiles provides Signed URLs (links which valid for a pre-defined lifetime, and generally for a short duration) when Amazon S3, Microsoft Azure, or Oracle Cloud Object storage is being used as the cloud storage provider.
  • eXtendFiles provides Shared URLs for Microsoft SharePoint/OneDrive when user-based upload (see Configuring User Based File Upload In OneDrive for more information) is being used as the cloud storage provider.

Configuration

To access and modify the sharing settings in eXtendFiles, first navigate to eXtendTech eXtendFiles Setup and select the Sharing Settings subtab.
Image Placeholder

Configure the eXtendFiles sharing settings based on your preferences. Details regarding potential configuration options are listed below.

General

  1. HIDE CHANGE FILE TYPE BUTTON
    This check box will determine whether to show the Make Public and Make Private buttons when viewing an eXtendFiles record.

    Note: Making a file fully public is supported only for Amazon S3.

  2. MAKE THUMBNAIL PRIVATE
    Thumbnails are usually public, but if you want to make thumbnails private, enable this preference.

  3. DFAULT URL/FILE SHARING METHOD
    Select the default permission for files uploaded by eXtendFiles. By default, its value will be Public for applicable backend storages.

    Note:     When using the File Sharing feature with Microsoft Azure, Microsoft SharePoint/OneDrive (with user-based file upload), or Oracle Object Storage, the Default URL/File Sharing Method will be set to "Private", and this field will be disabled. This is because all files will be private for these storage options. The eXtendFiles Type and Default Sharing Method Mapping sublist will also be ignored as files will always be private.

  4. EXPIRY TIME FOR PRIVATE URLS IN DAYS
    Specify the duration (in days) before Private URLs will expire. 1days, 5days, etc. Note:     Consult your backend storage provider's documentation to determine the maximum allowed expiry value supported by the storage provider.

    Note: Other supported formats for the expiry time are: 2days 3hours 6minutes 20seconds, 2day 3hour 6minute 20second, 2d 3h 6m 20s, 2days 3hours, 2day 3hour, 3hour 5minute, 2days, 2day, 3hours, 3hour, 5minutes, 5mins, 5min, 10seconds, 10sec, 10s.

Sign URL Permission *

There are four methods for defining permissions for viewing files uploaded with eXtendFiles:
  1. SIGN URL IF USER HAS FILE'S RECORD PERMISSION
    If you are using the NetSuite native permission list on the eXtendFiles record and want to restrict file access to users who have access to the eXtendFiles record, select this option.

  2. SIGN URL BASED ON LINKED RECORD
    If you want to grant access based on a user's access to related records linked to the eXtendFiles record, select this option. To achieve this, you will need to configure the eXtendFile Linked Record Based Permission Settings. Instructions on how to do this are provided in the section below titled eXtendFile Linked Record Based Permission Settings.

    Note: You can still configure the eXtendFiles record to require the user to be in its permission list, using NetSuite's permission structure, when using this option. This can add an extra layer of security by limiting access to the eXtendFiles record to a specific set of users. Furthermore, within that subset of users, the capability to view the file can be further restricted using a signed URL.

  3. SIGN URL FOR CONFIGURED USER/ROLE PERMISSION
    If you want to grant access based on specific roles and employees, select this option. You can configure the roles and employees by defining them in the Role / User Permission section.

  4. ALLOW FOLDER BASED SHARING PERMISSION
    To grant access based on the folders in which eXtendFiles were uploaded, you can configure the permission for each folder using the eXtendFiles - Folder Sharing Rule custom record. See Configure Folder Sharing Rule for more details on utilizing this configuration option.

Role / User Permission *

These settings are applicable when using the SIGN URL FOR CONFIGURED USER/ROLE PERMISSION preference.
  1. ROLES ALLOWED TO VIEW PRIVATE URLS
    Define the roles that are allowed to view private URLs. These roles will be able to access all files.

    Note:     The Administrator role has this permission by default.

  2. EMPLOYEES ALLOWED TO VIEW PRIVATE URLS
    Define the employees that are allowed to view private URLs. These employees will be able to access all files.

eXtendFile Type and Default Sharing Method Mapping

If using Amazon S3, create mappings between your eXtendFiles File Types and the default sharing methods applicable to them.

eXtendFile Linked Record Based Permission Settings

When using SIGN URL BASED ON LINKED RECORD, specify the list of linked records that will be used as the basis for file viewing permissions on private eXtendFiles records.
Image Placeholder
  1. LINKED RECORD SEARCH TYPE
    Specify the record type of the linked record in this field. In the case of a custom record, enter the internal ID for the custom record.

  2. EXTENDFILES LINKED RECORD REFERENCE FIELD ID
    Specify the internal ID of the field reference which is associated to the linked record on the eXtendFiles record.

  3. PRIORITY (LOWEST IS HIGHEST)
    Specify the priority of the linked records. If the user has access to the record from a linked record with a higher priority, then the file will be visible.

  4. ALLOW ENTITY RECORDS ACCESS TO LINKED SELF FILES RECORD
    To enable the currently logged-in user to view eXtendFiles linked with their entity record (vendor, customer, employee, or partner), enable this preference.
Note: If none of the specified record references are populated on the eXtendFiles record, then the file will be accessible by all users who have access to eXtendFiles record.

* The permission settings for Microsoft SharePoint/OneDrive with user-based file upload will be governed by access of logged-in user to the configured SharePoint/OneDrive account configured with the eXtendFiles. These fields will be disabled when Microsoft SharePoint/OneDrive with user-based file upload is selected.

Notes

  • For Microsoft SharePoint/OneDrive with user-based file upload, the sharing settings above are not applicable.
  • For Amazon S3 and Microsoft Azure storage, if the bucket/container names specified on the eXtendFiles Setup page (Amazon S3: Bucket and Additional Bucket, Microsoft Azure: Azure Container and Azure Additional Containers) is different than the bucket/container name present on the eXtendFiles record, then the signed URL generation will not work. See What happens if I change the Amazon S3 bucket on the eXtendFiles Setup for more information.

eXtendFiles Sharing Method Map/Reduce Configuration

If you apply a sharing type mapped to “Private” on the eXtendFiles Setup page, the sharing type of any existing eXtendFiles record will not change to “Private” immediately. The sharing type update for existing eXtendFiles will be executed using the “eXtendFiles sharing Method Map Reduce” Map/Reduce script. You will have to execute this script to change the sharing type for existing eXtendFiles based on the mapped file type.

You can create scheduled deployment of this script so that it will run automatically on a scheduled basis.