Viewer Only Permission (Limited Availability)

Viewer Only permission is a new folder permission level offered to Platform Enterprise, GxP with Governance and Life Science Professional plans that meet the technical domain qualification criteria set out further below.

Viewer Only Permission allows customers to better protect their contents by restricting files to be previewed in the WebUI while restricting files from being downloaded, printed or being able to select and copy-paste text.

Viewer Only permission can be assigned to any user or group, including Standard Users and Power Users. 

If Viewer Only Permission has been enabled on your domain, no additional configuration is necessary and the Viewer Only permission level will automatically appear when assigning folder permissions by selecting Share from the list of options, and clicking Manage Folder Permissions.

image1.png

More details about managing Folder Permissions can be found here

Watermarking for Viewer Only Permissions

Watermarking for Viewer Only Permissions is currently offered as part of dedicated Document Room (beta) domains and is configurable per Document Room. Watermarking is only supported for documents, video (and audio) contents are previewable with Viewer Only permission without watermark. Read more about Document Rooms (beta) here.

Is There Viewer Only Permission on Mobile, Desktop App, and Other Clients?

On the Mobile App and Desktop App, Viewer Only preview capability is currently not available. On these clients, users will not be able to see files in folders with assigned Viewer Only Permission and hence cannot preview or otherwise access the files from these devices. Other clients, including FTP, or WebDAV will experience the same behavior.

Regarding Public API support, read details in this separate article.

Which File Types are Supported?

The same file types are supported as with the WebUI previewer.  More information can be found here

File types for which a native previewer is available (Microsoft Office) will not be shown in the native previewer but in Egnyte’s built in previewer equally restricting content exfiltration through native previewers.

Is There Viewer Only Permissions in Link Sharing?

Files for which a user has Viewer Only Permission cannot be shared by the respective user. However, folders with Viewer and higher permissions that contain sub-folders for which the user has Viewer Only permission can still be shared by the user. In this case, link recipients will not be able to see and preview files through the shared folder link for which the link creator has Viewer Only permission. 

How Does Viewer Only Permission Affect Commenting, Workflows, Metadata, File Versions, and Download History?

Users with Viewer Only Permission are allowed to 

  • Read and create comments
  • View, approve and comment workflow tasks (but not create or cancel)
  • View but not modify metadata
  • View the list of file versions, but not download, delete or revert previous versions
  • View the download history of a file

When Will Viewer Only Permission Be Available on My Domain?

Egnyte is activating Viewer Only permission on a rolling basis to eligible plans as soon as the domains fulfill the technical requirements.

What are the Technical Requirements that Need to be Fulfilled Before Activation?

Viewer Only permission is a fundamental platform feature that requires certain client devices to upgrade to a new software version or to be migrated:

  • All admins and power users must use Egnyte Mobile app version 8.12.2 for iOS (available starting from October 2022) and 8.32 for Android (already available), or higher.
  • Desktop Sync devices are not supported with Viewer Only Permission and must first be synchronized and thereafter migrated to Desktop App.
  • Storage Devices as well as Public Cloud Connectors must be upgraded to Smart Cache version 3.10.0 or Storage Sync Version 12.14.0 (including Public Cloud Connectors)
  • NETGEAR devices are not supported with Viewer Only Permission and must first be synchronized and thereafter migrated to Smart Cache. Further information can be found here.
  • 3rd party integrations (not developed by Egnyte) are currently not supported and domains using integrations developed by 3rd parties cannot join Limited Availability roll-out
  • Customers’ own integrations with Egnyte’s Public API need to be tested by the customer on customers own test domains first.

Egnyte will not activate Viewer Only permission if the above technical requirements have not been met.

How Can I Have My Users Upgrade Their Egnyte Mobile Apps?

Users that have activated automatic updates for Egnyte’s mobile app will automatically get the latest version.

For users that have deactivated automatic upgrades, you can get a list of users/devices with their currently used Egnyte App version in domain Settings -> Devices. Admins may reach out to these users directly requesting to manually upgrade to the latest Egnyte App version.

How Can I Upgrade My Smart Cache and Storage Sync/Public Cloud Connector Devices?

Smart Cache Devices will automatically be updated in the chosen maintenance window. For more information about Smart Cache update windows see here.

If automatic updates for Storage Sync and Public Cloud connector are disabled, updates need to be manually performed by the admin. Please refer to Storage Sync and Public Cloud Connector pages for more details.

Our Domain Uses Egnyte's Public API - What Do I Need To Do?

Since Egnyte has no control over customers’ own integrations using the Public API, customers are required to test their integrations on a test domain before activation of Viewer Only permission.

Once activated on a domain, Viewer Only permission is also activated on the domain’s Public API and the API fully supports Viewer Only permission.

Egnyte will not activate Viewer Only permission on domains that show Public API usage without prior consent from the customer.

In order to request the activation of Viewer Only permission on a domain that uses Public API, reach out to Egnyte Support by submitting a ticket or send an email to support@egnyte.com.

Are There Any Limitations After Viewer Only Permission has been Activated on My Domain?

Yes. After Viewer Only permission has been activated on a domain, the following general limitations apply:

  • Registration of mobile devices with Egnyte app Versions not supporting Viewer Only permission is no longer possible (applies to all user types).
  • Registration of Desktop Sync devices is no longer possible (applies to all user types).
  • Registration of Smart Cache, Storage Sync and Public Cloud Connector devices with versions not supporting Viewer Only permission is no longer possible
  • Registration of NETGEAR devices is no longer possible.
  • 3rd Party applications not developed by Egnyte must NOT be activated or integrated by admins.

What If I Want to Downgrade from the Platform Enterprise Plan?

As long as there are active permission assignments using Viewer Only Permission, a plan downgrade is not possible. Before downgrading, customers must re-assign Viewer Only permissions to another (higher) appropriate permission level or revoke permissions entirely for users with current Viewer Only permission assignments.

Admins can use Folder Permission Reports in Collaboration or Permission Explorer in Secure & Govern to list users/folders with assigned Viewer Only permissions.

What if I Have Further Questions?

Reach out to Egnyte Support by submitting a ticket or send an email to support@egnyte.com and we will be happy to assist you.