Sharing and Permissions
How sharing works internally and externally, classification labels, RBAC, and what happens when you share with someone outside the org.
Sharing and Permissions
How do permissions work?
Hierarchical: tenant → department → folder → document. The most specific permission wins. A document inherits from its folder, which inherits from its department, unless overridden at any level.
What's the difference between sharing internally and externally?
- Internal: Grant another Papyrus user access. They sign in with their existing account.
- External: Generate a time-bounded, password-protected link with optional watermark. The recipient doesn't need a Papyrus account.
How long does an external share last?
Default 7 days; configurable per share (1 hour to 90 days). Revocable at any time.
What's a classification label?
A sensitivity label: Public, Internal, Confidential, Restricted. Each level enforces different policies — e.g., Restricted documents cannot be externally shared at all.
Can I share a folder externally?
Yes, on the Business+ plans. External recipients see only the documents in the folder, with the same expiry/password/watermark controls as document shares.
Who can see what I share?
For internal shares: the people you explicitly grant + any inherited admin access (Tenant Admin, Auditor with audit-log scope).
For external shares: only the people the link is sent to. Each view captures the recipient's email and IP.
I can't share — why is the button disabled?
Three reasons typically:
- The document is classified Restricted
- The document is under a litigation hold
- Your role doesn't include the “Share” permission for this document/folder
Can I revoke a share?
Yes. Open the document, click Shares in the right sidebar, find the share, click Revoke. The link stops working immediately; the audit log captures the revocation.