Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Box Collaboration Known Behaviors

When collaborating in Box, you might notice the following known behaviors. These behaviors are not considered bugs, meaning that Skyhigh CASB does not plan changes to functionality to resolve them. Most cases are simply due to the way the Box API works with Skyhigh CASB. 

  • Box single file collaboration detection works for Near Real-Time DLP but not On-Demand Scanning
    To avoid a significant performance impact, On-Demand Scans do not check each file for collaboration details. You can enable policies using Near Real-Time DLP in Box to enforce collaboration controls.
  • User unexpectedly shows as downloading or accessing a file 
    Skyhigh CASB sometimes needs to "impersonate" the owner of a file to download the contents of that file. This means that some users who do not have an account in Skyhigh CASB appear in Skyhigh CASB, and other times a user appears as accessing a file when they do not touch the file themselves. In each case, the owner of the file is the user shown as accessing a collaboration file.
  • Externally owned folders are not managed
    If a folder is owned externally, files that should be quarantined are instead shared successfully. This is a limitation of the Box API. If Skyhigh CASB cannot gain access to a folder because it's owned outside your organization, Skyhigh CASB cannot manage collaboration in files stored in the folder.
  • Distribution Lists
    If you try to collaborate on a file with people on an email distribution list, Skyhigh CASB DLP revokes the collaboration. This is because Box Groups are not supported by Skyhigh CASB. You will need to send direct collaboration invites to each person, not a distribution list.
  • Unknown User in violation after sharing a file
    When a folder has been shared with a person, the user name displays as Unknown in Policy Violation details until the recipient accepts the invitation. After the user accepts the invitation, if any policy violations are triggered, the correct user name will be displayed in the Policy Violation details.  
  • Admin user name displays as accessing every file
    Some organizations use a closed folder taxonomy in Box, meaning that users cannot create folders in the root of their Box account. Though this preserves a company's folder structure, it gives ownership of all folders to a Super Admin. In Skyhigh CASB, this causes the super admin user account to unexpectedly appear as constantly accessing files. 
  • API response actions "Modify Permission to" and "View Only" allows Box users to Download, Share, and Preview folders.
    Skyhigh CASB DLP Policies provide the API response actions "Modify Permission to" and "View Only". These response actions allow users to only view or upload any file/folder. However for some BOX users, these permissions allow them to download and share folders, and this causes data leakage. As a workaround, the user with the required permission must define "Previewer Uploader" access at the folder level and share it with other users, so that the users can’t download any files under the folder but are allowed to view them.

  • Box does not authorize API calls if the UserID belongs to an external user
    There is a limitation using userId with the closed-loop taxonomy use case. Box does not authorize API calls if the userId belongs to an external user. This is a limitation of the service. 


  • Box allows "Previewer Uploader" permission only for folders.
  • Box allows  "editor", "viewer" or "owner" permissions only for files.


  • Was this article helpful?