# Sharing Sites using HyperPrivacy mode include the Sharing feature for sharing files and folders between different users. Use it whenever you need different users to access the same files: a Marketing team and a Sales team that both need to download the same data, individuals collaborating on a confidential project, or employees onboarding and off-boarding external partners for automated data flows without administrator involvement. ## Use Case: Inter-Departmental Sharing In this example, groups represent distinct organizational units: a Sales group, a Marketing group, and a Product group. Users are assigned to only one of those groups, depending on which department they work for. If all the users in this example are assigned the default User role provided with a new installation, they will all have the ability to share folders. A member of the Product group might create a folder that contains demonstration videos and case studies, and then share it with the Marketing and Sales groups. Each user in those groups can download items from that folder. ## Use Case: Intra-Departmental Sharing In this example, a group of users represents a single department. The manager of this department needs a private area for confidential items the employees cannot see, while all work files generated by the department are shared among the employees and accessible by the manager. The manager is configured with a role that allows them to manage other users and to create shares (the default Manager role works for this), and the manager is granted a home folder for private files. The employees are not granted home folders. The manager creates a separate folder in their own home folder, and then shares that with the employees in their department. The result: the manager has access to all of their employees' work product along with the manager's own confidential folders, but employees see only items in the shared area. ## Use Case: Delegated Administration In this example, an employee is responsible for managing file exchanges with a set of partners. The partners need to upload files daily and need access to download from a shared folder. First, configure a role (or use the default Manager role) that provides the sharing capability and the ability to manage other users, and assign that role to the employee. Create a second external user role that does not include the sharing capability or any management of any users. Create a user group that represents the partners. When the manager employee creates user accounts for each partner, they assign each new user that external user role, disable the home folder, and add them to the user group for partners. Next, the manager creates a folder for each partner in the manager's home folder. The manager shares each folder with the appropriate external user, granting them the ability to make changes in the folder. For the shared download folder, the manager shares the same folder with the partners group, without granting them the ability to make changes. This provides read-only access to the shared download folder for all the partners. ## Required Role Capability Users whose roles include the *Allow sharing files or folders with internal users and creating public links for external users* capability can share items with other users and groups. The default User role includes this capability by default. Users with a [home folder](/hyperprivacy-mode/user-home-folders.md) who have a role that allows sharing can share any item in their home folder with any other user or group. This means the capability to share items also allows a user to list all of the users and groups in your installation. If you create user accounts for external contacts, you may want to create a customized role for those users that does not include the ability to share, so that they cannot see all of the other users in your installation. ## Accessing Shares Via FTP For a user with a home folder who connects with FTP/SFTP, all items shared with the user are listed under a folder named *shares* in the root folder. Users who do not have a home folder see a list of any shared items in the root folder when they connect over FTP or SFTP. ## Permissions for Shares Each shared item has four permissions for a user or group: read, write, share, and link. Permissions for a shared folder are fully recursive and apply to all the files and folders in that share. When you share an item with other users or groups, they always have the read permission, which gives them the ability to download from that share and to enter any subfolders within a shared folder. Users with read access to a shared folder can also upload folders into that folder via FTP or SFTP, and they have full access to those uploaded items. Granting the write permission (displayed as *Manage*) to a user for a share allows them to upload, create new folders, rename items, delete items, and use the move or copy features with the share. Users with write permission to a shared folder can delete every item within the folder, but cannot remove the folder itself. Users with write permission to a shared item can rename the shared item. The share permission allows users to share the item with other users and un-share it from any users, including their own account. If the user with share permission also has other permissions, they can grant or remove those permissions for others when sharing the item. The link permission allows users to create external public links for the item. Users cannot grant higher access than they have to the item shared with them. If the user does not have the write permission for the share, they cannot create links that allow uploads. ### Group Permissions vs User Permissions The permissions assigned to an individual for a share take precedence over permissions assigned to any group the user belongs to. When a user is a member of multiple groups with different permissions for a share, the user receives the combination of all granted permissions. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.exavault.com/hyperprivacy-mode/sharing.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.