Viewer Only Permission (Limited Availability)
Viewer Only permission is a new folder permission level offered to Platform Enterprise, GxP with Governance and Life Science Professional plans that meet the technical domain qualification criteria set out further below.
- Viewer Only permission allows customers to better protect their content by restricting files to preview only.
- It prevents downloading, printing and copying of files.
- Viewer Only permission can be assigned to any user or group, including Standard Users and Power Users.
If Viewer Only Permission has been enabled on the domain, no additional configuration is necessary. The Viewer Only permission level will automatically appear when assigning folder permissions by selecting Share from the list of options and clicking Manage Folder Permissions.
More details about managing Folder Permissions can be found here.
Watermarking for Viewer Only Permissions
- Watermarking for Viewer Only Permissions is currently offered as part of the dedicated Document Room domains (beta) plan and is configurable per Document Room.
- Watermarking is only supported for documents, video and audio content is previewable with Viewer Only permission without watermark.
Viewer Only Permission on Mobile, Desktop App, and Other Clients
- On the Desktop App, Viewer Only preview capability is currently not available. On these clients, users will not be able to see files in folders where they have Viewer Only Permission and hence cannot preview or otherwise access the files from these devices.
- On the Mobile App, if the viewer-only permissions are enabled on the domain, users with viewer-only permissions can access folder contents and preview files. This applies to both iOS and Android platforms. Click on the links in the previous sentence for more information.
- Additionally, in the iOS mobile app, users will receive the following prompt when attempting to open a direct link to a file or folder in that folder:
'Your access is restricted to viewer-only permissions. Please use the Web UI to view this folder.'
- Other clients, including FTP, or WebDAV will experience the same behavior.
- Regarding Public API support, please read the details in this separate article.
Supported File Types
All files that can be previewed in the WebUI previewer are supported. More information can be found here.
All previews will occur exclusively through Egnyte's native previewer, even for file types supported by Microsoft Office's previewer (available through the Microsoft Office integrations). This ensures consistent security measures across all previews, effectively preventing content exfiltration.
Link Sharing and Viewer Only Permissions
- Users who have Viewer Only Permission to a file cannot create share links for it.
- Folders with Viewer and higher permissions that contain sub-folders for which the user has Viewer Only permission can be shared by the user. In this case, link recipients will not be able to see and preview files through the shared folder link for which the link creator has Viewer Only permission.
Commenting, Workflows, Metadata, File Versions & Download History
Users with Viewer Only Permission are allowed to
- Read and create comments.
- View, approve and comment workflow tasks (but not create or cancel).
- View but not modify metadata.
- View the list of file versions, but not download, delete, or revert to previous versions.
- View the download history of a file.
Previewing Video Files
Users with viewer-only permission can preview video files only if advanced video playback is enabled.
Without advanced video playback, the video would need to be previewed in the browser's native previewer, which cannot enforce preview-only.
Frequently Asked Questions
When Will Viewer Only Permission Be Available on My Domain?
Egnyte is activating Viewer Only permission on a rolling basis to eligible plans as soon as the domains fulfill the technical requirements.
What are the Technical Requirements that Need to be Fulfilled Before Activation?
Viewer Only permission is a fundamental platform feature that requires certain client devices to upgrade to a new software version or to be migrated:
- All admins and power users must use Egnyte Mobile app version 8.12.2 for iOS (available since October 2022) and 8.32 for Android (available since September 2022), or higher.
- Desktop Sync devices are not supported with Viewer Only Permission and must first be synchronized and thereafter migrated to the Desktop App.
- Smart Cache devices must be upgraded to version 3.10.0(available since November 2022) or higher.
- Storage Sync devices must be upgraded to version 12.14.0(available since November 2022) or higher. This applies to public cloud connectors as well.
- NETGEAR devices are not supported with Viewer Only Permission and must first be synchronized and thereafter migrated to Smart Cache. Further information can be found here.
- 3rd party integrations (not developed by Egnyte) are currently not supported.
- Customers’ own integrations with Egnyte’s Public API need to be tested by the customer on their own test domains first.
Egnyte will not activate Viewer Only permission if the above technical requirements have not been met.
How Can Users Upgrade Their Egnyte Mobile Apps?
Users who have activated automatic updates for Egnyte’s mobile app will automatically get the latest version.
For users that have deactivated automatic upgrades, a list of users/devices with their currently used Egnyte App version is available in domain Settings -> Devices. Admins may reach out to these users directly requesting to manually upgrade to the latest Egnyte App version.
How Can a user Upgrade their Smart Cache and Storage Sync/Public Cloud Connector Devices?
Smart Cache Devices will automatically be updated in the chosen maintenance window. For more information about Smart Cache update windows see here.
If automatic updates for Storage Sync and Public Cloud connector are disabled, updates need to be manually performed by the admin. Please refer to Storage Sync and Public Cloud Connector pages for more details.
The Domain Uses Egnyte's Public API - What does an admin Need To Do?
Since Egnyte has no control over customers’ own integrations using the Public API, customers are required to test their integrations on a test domain before activation of Viewer Only permission. To request a test domain, contact your Egnyte representative.
Once activated on a domain, Viewer Only permission is also activated on the domain’s Public API and the API fully supports it.
To test the integration with Egnyte’s Public API, the same requirements and instructions apply as 3rd party integrations. Please refer to the Viewer Only Permission and Partner Integrations FAQ for more information.
- In order to request the activation of Viewer Only permission on a domain that uses Public API, reach out to Egnyte Support by submitting a ticket or sending an email to support@egnyte.com
- Egnyte will not activate Viewer Only permission on domains that show Public API usage without prior consent from the customer.
Are There Any Limitations After Viewer Only Permission has been Activated on the Domain?
Yes. After Viewer Only permission has been activated on a domain, the following general limitations apply:
- Registration of mobile devices with Egnyte app Versions not supporting Viewer Only permission is no longer possible (applies to all user types).
- Registration of Desktop Sync devices is no longer possible (applies to all user types).
- Registration of Smart Cache, Storage Sync and Public Cloud Connector devices with versions not supporting Viewer Only permission is no longer possible
- Registration of NETGEAR devices is no longer possible.
- 3rd Party applications not developed by Egnyte must NOT be activated or integrated by admins.
What If a customer wants to Downgrade to a plan not including viewer only permission?
As long as there are active permission assignments using Viewer Only Permission, a plan downgrade is not possible. Before downgrading, customers must re-assign Viewer Only permissions to another (higher) appropriate permission level or revoke permissions entirely for users with current Viewer Only permission assignments.
Admins can use Folder Permission Reports in Collaboration or Permission Explorer in Secure & Govern to list users/folders with assigned Viewer Only permissions.
What if there are any Further Questions?
Reach out to Egnyte Support by submitting a ticket or send an email to support@egnyte.com and they will be happy to assist you.