Share link administration
Share links distribute selected Boldo content without requiring visitors to sign in. Administrators and owners control whether this distribution channel exists and who can use it.
Read Share content with links for the creation workflow and visitor experience.
Access controls
Three controls must allow a member to create a share link:
| Control | Managed by | Effect |
|---|---|---|
| Plan feature | Current plan | Makes share links available to the organization |
| Organization activation | Administrator or owner | Starts or stops every share link |
| Member permission | Administrator or owner | Allows one member to create and edit links |
The member must also be able to view the resource they want to share.
By default, the organization activation switch is on, so the controls that actually gate a new organization are the plan feature and the per-member permission, which both start off.
The member permission is independent from the global user type. A Viewer can create a link when the permission is enabled and their roles allow them to view the resource.
Enable the organization
- Open Organization
- Select Share links
- In Enable share links, click Manage
- Turn on Enable share links
- Validate
Only administrators and owners can change this setting.
The control is a global switch:
- when on, authorized members can create links and valid links can serve content
- when off, existing links remain stored but immediately stop working
- when re-enabled, existing unexpired links can work again if all other access checks still pass
While the switch is off, creating, copying, and editing links is disabled in the management interface. Editors, administrators, and owners can still delete links from the central table.
For Editors and higher, the Share links navigation entry appears when the plan includes the feature.
Allow each member
Creating links is disabled by default for each member. Enable it explicitly for the people who need it.
- Open Organization → Users
- Open the member
- Turn on Allow creating share links
- Validate
A non-administrator cannot change their own permission. Administrators and owners can change it for themselves or another member.
Turning the permission off has a limited effect:
- the member cannot create or edit links
- existing links continue to work
- an Editor owner can still delete their links from the central table
- administrators and owners can still delete any link
This separation lets you stop new distribution without breaking URLs already used in documentation or internal portals.
Administration rights
| Action | Required access |
|---|---|
| Create a link | Share links enabled for the organization, member permission, and view access to the resource |
| Copy or edit an owned link | Share links enabled for the organization, link owner, and member permission |
| Delete an owned link from the central list | Editor or higher who owns the link |
| View the central list | Editor or higher |
| View every organization link | Administrator or owner |
| Copy or edit another member's link | Share links enabled for the organization, administrator or owner with member permission |
| Delete another member's link | Administrator or owner |
| Transfer link ownership | Share links enabled for the organization, administrator or owner with member permission |
| Change organization settings | Administrator or owner |
Editors see only their own links in the central table. Administrators and owners also see the creator column and every organization link.
Viewers can create, copy, and delete their own links from the resource when allowed. They cannot edit an existing link or open the central Share links administration page.
Roles and effective rights
A share link runs with a synthetic Viewer user type and the business roles attached to the link.
This design separates the link from the owner's normal session:
- the visitor cannot inherit the owner's Editor or Administrator type
- the visitor cannot edit content
- the link only exposes data allowed by its attached roles and access domains
- a signed-in visitor does not add their personal rights to the link
Role selection
When a member creates a link without changing the role field, Boldo stores their current business roles on the link.
Administrators can attach any business role. Other members can only attach roles they personally hold.
If an administrator adds a role that the owner does not hold, that role remains locked for the owner. The owner cannot silently remove a role they are not allowed to delegate.
System roles are not available in the role selector. A link with no business role follows the No role system row.
Deleting a business role also removes it from every link. If a link has no remaining business role, it falls back to the No role rights.
Stable selection, current rights
The link stores the selected role identities, not a copy of every permission.
After creation:
- removing a role from the link owner does not remove it from the link
- assigning new roles to the owner does not add them to the link
- editing rights or access-domain rules for an attached role changes the link's effective access
- editing or moving the resource can change whether the link can still serve it
This distinction is important during governance changes. Audit existing links before broadening a role's read rights.
Resource checks
For organization content, the selected roles must grant the necessary item or asset rights on the resource's domains.
For a shared asset, property and flow rights still apply. Hidden properties stay hidden, and a flow requires read-flow access.
For a saved view, chart, diagram, or nested map, Boldo serves only that resource. Data queries are rebuilt from its saved configuration and remain constrained to the link's rights.
Personal resources also depend on link ownership. A personal resource stops serving if the link owner no longer owns or can access it.
IP allowlist
Share-link requests follow the organization IP allowlist by default.
When the IP allowlist is active, the share-link settings include Bypass IP allowlist for share links.
| Configuration | Visitor result |
|---|---|
| Allowlist off | IP filtering adds no restriction |
| Allowlist on, bypass off | Only allowed IP addresses and ranges pass the IP check |
| Allowlist on, bypass on | The link passes the IP check from any IP |
The plan, organization switch, link expiration, owner status, roles, and resource access still apply in every case.
Use bypass when a link must render outside the corporate network, for example in a hosted wiki or for an external recipient.
Bypass applies to every share link in the organization. It is not configured per link.
The public error remains generic when an IP is rejected. This prevents outsiders from using the page to confirm whether a token exists.
Configure the network ranges on the Security page.
Manage all links
Open Organization → Share links to search and review links.
The table includes:
- internal link name
- resource and resource type
- Active, Expires on, or Expired status
- last recorded use
- current owner, displayed in the Creator column
- creation date
Administrators and owners can delete any link. To copy, edit, or transfer a link, their own member permission must be enabled and the organization switch must be on.
Editing supports the name, expiration, theme, roles, and owner. The asset opening tab is not stored and cannot be edited here.
Transfer ownership
Only administrators and owners can transfer a link.
The new owner must:
- belong to the same organization
- have a global type of Editor, Administrator, or Owner
The new owner does not need the member permission to receive a link. They need that permission to edit it afterward.
The transfer keeps the same token, roles, expiration, and theme. It changes the identity used for personal-resource ownership checks. The previous owner loses owner-specific management rights, while administrators retain their organization-wide rights.
A link for a personal resource can only be assigned to the member who owns that resource. Boldo rejects a transfer that would immediately make the link unusable.
Transfer useful links before removing a member. Removing a member from the organization deletes the links they still own.
Link shutdown behavior
Several controls can stop links without deleting their source content:
| Change | Effect on existing links |
|---|---|
| Disable organization share links | All links stop immediately but remain stored |
| Revoke one member's create permission | Their links keep working; creation and editing stop |
| Disable the link owner membership | Their links stop working |
| Remove the link owner from the organization | Their owned links are deleted |
| Disable the organization | All links stop working |
| Remove the feature from the plan | All links stop working |
| Cancel or leave the subscription unpaid | All links stop working |
| Enable IP allowlist without bypass | Visitors outside allowed networks are blocked |
| Archive an asset | Its links stop until the asset is restored |
| Restrict the resource or attached roles | The affected link can stop serving it |
| Delete the resource | Its associated links are deleted |
Deleting a link, removing its owner from the organization, or deleting its source resource permanently removes the token. Use the organization switch for a reversible emergency shutdown.
Boldo keeps the complete token so authorized members can copy it again. Treat access to the management page and every copied URL as sensitive.
Governance checklist
Before enabling share links:
- Review the No role and No access domain rights
- Decide which business roles are safe to delegate to public links
- Decide whether the IP allowlist applies to visitors
- Enable the feature only for members who need it
- Define who reviews the central link list
- Transfer or delete links before offboarding their owners
Treat every share URL as a secret. Boldo does not authenticate the recipient or restrict forwarding once the URL has been distributed.