Skip to main content

Share link administration

Share links distribute selected Boldo content without requiring visitors to sign in. Administrators and owners control whether this distribution channel exists and who can use it.

Read Share content with links for the creation workflow and visitor experience.

Access controls

Three controls must allow a member to create a share link:

ControlManaged byEffect
Plan featureCurrent planMakes share links available to the organization
Organization activationAdministrator or ownerStarts or stops every share link
Member permissionAdministrator or ownerAllows one member to create and edit links

The member must also be able to view the resource they want to share.

By default, the organization activation switch is on, so the controls that actually gate a new organization are the plan feature and the per-member permission, which both start off.

User type

The member permission is independent from the global user type. A Viewer can create a link when the permission is enabled and their roles allow them to view the resource.

Enable the organization

  1. Open Organization
  2. Select Share links
  3. In Enable share links, click Manage
  4. Turn on Enable share links
  5. Validate

Only administrators and owners can change this setting.

The control is a global switch:

  • when on, authorized members can create links and valid links can serve content
  • when off, existing links remain stored but immediately stop working
  • when re-enabled, existing unexpired links can work again if all other access checks still pass

While the switch is off, creating, copying, and editing links is disabled in the management interface. Editors, administrators, and owners can still delete links from the central table.

For Editors and higher, the Share links navigation entry appears when the plan includes the feature.

Allow each member

Creating links is disabled by default for each member. Enable it explicitly for the people who need it.

  1. Open OrganizationUsers
  2. Open the member
  3. Turn on Allow creating share links
  4. Validate

A non-administrator cannot change their own permission. Administrators and owners can change it for themselves or another member.

Turning the permission off has a limited effect:

  • the member cannot create or edit links
  • existing links continue to work
  • an Editor owner can still delete their links from the central table
  • administrators and owners can still delete any link

This separation lets you stop new distribution without breaking URLs already used in documentation or internal portals.

Administration rights

ActionRequired access
Create a linkShare links enabled for the organization, member permission, and view access to the resource
Copy or edit an owned linkShare links enabled for the organization, link owner, and member permission
Delete an owned link from the central listEditor or higher who owns the link
View the central listEditor or higher
View every organization linkAdministrator or owner
Copy or edit another member's linkShare links enabled for the organization, administrator or owner with member permission
Delete another member's linkAdministrator or owner
Transfer link ownershipShare links enabled for the organization, administrator or owner with member permission
Change organization settingsAdministrator or owner

Editors see only their own links in the central table. Administrators and owners also see the creator column and every organization link.

Viewers can create, copy, and delete their own links from the resource when allowed. They cannot edit an existing link or open the central Share links administration page.

Roles and effective rights

A share link runs with a synthetic Viewer user type and the business roles attached to the link.

This design separates the link from the owner's normal session:

  • the visitor cannot inherit the owner's Editor or Administrator type
  • the visitor cannot edit content
  • the link only exposes data allowed by its attached roles and access domains
  • a signed-in visitor does not add their personal rights to the link

Role selection

When a member creates a link without changing the role field, Boldo stores their current business roles on the link.

Administrators can attach any business role. Other members can only attach roles they personally hold.

If an administrator adds a role that the owner does not hold, that role remains locked for the owner. The owner cannot silently remove a role they are not allowed to delegate.

System roles are not available in the role selector. A link with no business role follows the No role system row.

Deleting a business role also removes it from every link. If a link has no remaining business role, it falls back to the No role rights.

Stable selection, current rights

The link stores the selected role identities, not a copy of every permission.

After creation:

  • removing a role from the link owner does not remove it from the link
  • assigning new roles to the owner does not add them to the link
  • editing rights or access-domain rules for an attached role changes the link's effective access
  • editing or moving the resource can change whether the link can still serve it

This distinction is important during governance changes. Audit existing links before broadening a role's read rights.

Resource checks

For organization content, the selected roles must grant the necessary item or asset rights on the resource's domains.

For a shared asset, property and flow rights still apply. Hidden properties stay hidden, and a flow requires read-flow access.

For a saved view, chart, diagram, or nested map, Boldo serves only that resource. Data queries are rebuilt from its saved configuration and remain constrained to the link's rights.

Personal resources also depend on link ownership. A personal resource stops serving if the link owner no longer owns or can access it.

IP allowlist

Share-link requests follow the organization IP allowlist by default.

When the IP allowlist is active, the share-link settings include Bypass IP allowlist for share links.

ConfigurationVisitor result
Allowlist offIP filtering adds no restriction
Allowlist on, bypass offOnly allowed IP addresses and ranges pass the IP check
Allowlist on, bypass onThe link passes the IP check from any IP

The plan, organization switch, link expiration, owner status, roles, and resource access still apply in every case.

Use bypass when a link must render outside the corporate network, for example in a hosted wiki or for an external recipient.

warning

Bypass applies to every share link in the organization. It is not configured per link.

The public error remains generic when an IP is rejected. This prevents outsiders from using the page to confirm whether a token exists.

Configure the network ranges on the Security page.

Open OrganizationShare links to search and review links.

The table includes:

  • internal link name
  • resource and resource type
  • Active, Expires on, or Expired status
  • last recorded use
  • current owner, displayed in the Creator column
  • creation date

Administrators and owners can delete any link. To copy, edit, or transfer a link, their own member permission must be enabled and the organization switch must be on.

Editing supports the name, expiration, theme, roles, and owner. The asset opening tab is not stored and cannot be edited here.

Transfer ownership

Only administrators and owners can transfer a link.

The new owner must:

  • belong to the same organization
  • have a global type of Editor, Administrator, or Owner

The new owner does not need the member permission to receive a link. They need that permission to edit it afterward.

The transfer keeps the same token, roles, expiration, and theme. It changes the identity used for personal-resource ownership checks. The previous owner loses owner-specific management rights, while administrators retain their organization-wide rights.

A link for a personal resource can only be assigned to the member who owns that resource. Boldo rejects a transfer that would immediately make the link unusable.

Transfer useful links before removing a member. Removing a member from the organization deletes the links they still own.

Several controls can stop links without deleting their source content:

ChangeEffect on existing links
Disable organization share linksAll links stop immediately but remain stored
Revoke one member's create permissionTheir links keep working; creation and editing stop
Disable the link owner membershipTheir links stop working
Remove the link owner from the organizationTheir owned links are deleted
Disable the organizationAll links stop working
Remove the feature from the planAll links stop working
Cancel or leave the subscription unpaidAll links stop working
Enable IP allowlist without bypassVisitors outside allowed networks are blocked
Archive an assetIts links stop until the asset is restored
Restrict the resource or attached rolesThe affected link can stop serving it
Delete the resourceIts associated links are deleted

Deleting a link, removing its owner from the organization, or deleting its source resource permanently removes the token. Use the organization switch for a reversible emergency shutdown.

Boldo keeps the complete token so authorized members can copy it again. Treat access to the management page and every copied URL as sensitive.

Governance checklist

Before enabling share links:

  1. Review the No role and No access domain rights
  2. Decide which business roles are safe to delegate to public links
  3. Decide whether the IP allowlist applies to visitors
  4. Enable the feature only for members who need it
  5. Define who reviews the central link list
  6. Transfer or delete links before offboarding their owners

Treat every share URL as a secret. Boldo does not authenticate the recipient or restrict forwarding once the URL has been distributed.