Getting Started
Using Lark
More Resources
AI Assistant
Help Center AI Assistant is now available
Got questions about Lark? Use our AI chat to find the answers.
00:00
Click and hold to drag
Got It
Try Now
Admin Console
Security
Member permissions
Admin | Set up file operation permissions for members

Admin | Set up file operation permissions for members

2 min read
Available with these plans:
Starter
Basic
Pro
Enterprise
To upgrade your Lark Plan or for more information, contact Support or your Customer Success Manager. The Lark Basic plan supports only specific countries and regions.
I. Intro
🔖
Who can perform these steps: Primary administrators or administrators with Member permissions.
This feature helps organizations manage file access permissions to protect their data. You can configure file permissions for all employees, or set specific permissions for certain departments and user groups by allowing or restricting them from doing the following:
  1. Upload documents, images, videos, and other files to the cloud, Chats, or Calendar.
  1. Download, export, and print files from the cloud, Chats, and Calendars, or open documents with third-party apps.
  1. Make copies of Docs or copy and paste content within Docs.
  1. Share documents with external parties.
  1. Share images, videos, files, or local files to external users via chats.
  1. Preview images, files, or Calendar events in chats.
Administrators on the Enterprise plan can also choose whether to determine permissions based on IP fence settings. (No.4 and No.5 not supported for the time being)
II. Steps
In the Lark Admin Console, click Security > Member Permissions > File permissions.
250px|700px|reset
Click Details > Edit to set the main and supplementary rules for each file permission. Hover over the question mark to see details.
250px|700px|reset
Select allow or restrict members' permissions in the applicable scope in supplementary rules. In Conditions (optional), select the IP segment configured. For more details, see Configure IP fence settings.
250px|700px|reset
image.png
If permissions are restricted, members won't be able to click the corresponding button related to that action. See below for reference:
250px|700px|reset
III. FAQs
How can I check whether a member's file permissions are restricted?
Click Verify Permission Rules.
250px|700px|reset
ab982340-9c72-4500-a857-dc06d1689547.jpeg
Enter the user's name, email, or phone number. Select the activity and click Verify to search.
250px|700px|reset
kG1S8vr7OR.jpg
How do I restrict certain permissions for members across departments?
You can create a user group and add selected members to that group. You can then select that user group for the rule's applicable scope.
Check out Manage User Groups to learn more.
How do I delete multiple members at once from the applicable scope?
For now, you can only delete members one by one by clicking the trash icon. Stay tuned for further updates.
I've already set "Add external collaborators to Docs/ turn on external sharing" for all members. Why are some members still unable to share externally?
Go to Security > User Permissions > Docs settings. Add external collaborators to Docs/ turn on external sharing is only effective and prioritized when it displays allow members to share files and folders with external users under Files and folders external sharing.
250px|700px|reset
84dd5b28-79a3-4d8c-9636-bb6890b9c32f.jpeg
For example, this may happen when an administrator sets restricts all under Add external collaborators to Docs/turn on external sharing in the File operation permissions page and the supplementary rule is that only member A can share externally when member A actually cannot. In this case, please have the administrator check whether Restrict members to share files and folders with external users is selected.
Can all file permissions be set based on IP fence settings?
Add external collaborators to Docs/ turn on external sharing and share local files externally are not based on IP fence settings.
Why was a member unable to download or modify files under the allowed IP segment?
This may happen when administrators have set that members can only download files when using the intranet (company internal network). When a member downloads a file through an application or an API, the IP address obtained by the server is the public IP address of the application—instead of the intranet—so the action is prohibited.
For members on business trips, can they access Docs that need a VPN or SDP to connect to the company’s network segment?
Yes, they can. Network segments recognize IP addresses by the network traffic. By using security proxy tools such as VPNs or SDPs, members will be able to access these Docs. If access is denied after using a proxy tool, please reach out to members in charge of the proxy tool.
The company's network segment has already been given access to Docs, why doesn't it work?
Please check to make sure you are connected to your company's network. Network segments recognize IP addresses by the network traffic. If you are connected to the company's guest WIFI or using proxy tools, the network traffic may not belong to your company's network segment and may cause problems.
Note: If the problem still exists after completing the steps mentioned above, please check your system time and adjust it to match that of the servers.
Written by: Lark Help Center
Updated on 2024-11-20
How satisfied are you with this content?
Thank you for your feedback!
Need more help? Please contact Support.
Overview
  1. I. Intro​
  2. II. Steps​
  3. III. FAQs​
0
English
© Lark Technologies Pte. Ltd. Headquartered in Singapore with offices worldwide.
ContactSales
rangeDom
rangeDom
rangeDom
rangeDom
rangeDom
rangeDom
rangeDom
rangeDom
rangeDom