Skip to main content
Northwestern University

SAFER to SharePoint Sites

The University is migrating files from Box to Microsoft OneDrive and SharePoint in the 2021-2022 academic year. Weinberg College is supporting Northwestern IT in these efforts as we help those using SAFER migrate to SharePoint sites with specific settings.

For clarification of terms used in this article, please see the SharePoint and OneDrive Glossary of Terms prepared by Weinberg College IT.

SharePoint Site Features for Migrated SAFER Data

Northwestern SharePoint sites have security settings intended for the management and sharing of folders containing sensitive data, including SAFER-managed data in Box. Review the different data sensitivity levels outlined in the University Data Access Policy.

Below is a list of security settings included in the Northwestern SharePoint Sites for SAFER data:

Compare SAFER and Northwestern SharePoint Site Functionality and Permissions

Read more about these settings and terms on this web site's SharePoint and OneDrive Glossary of Terms page.

SAFER (Sensitive Administrative Files E-Registry) was an application that interacted with Box to offer a more secure process for managing permissions to folders that contain sensitive data. SAFER is retiring with the Box environment and all content will be moved to Northwestern SharePoint sites. Due to the nature of SharePoint, some SAFER features cannot be duplicated. See below for more details.

SAFER
Northwestern SharePoint Site
for SAFER content
Ownership and structure of content
Department SAFER shares typically belong to departments, programs, or large offices.
With the migration from Box, SAFER shares will become document libraries within a SharePoint site. Document library "owners" (if given "Full Control" at the document library level) manage permissions only for that library. A site organization with distinctive document libraries also allows for limiting access of a member to a single library--or a specific set of libraries. Document library "members" (if given "Contribute" access at the document library level) can view, add, and edit content but cannot share anything.
Role to manage member access while having no data access
SAFER has a "Director" role that allows for access governance but does not allow direct access to the data.

There is no such "Director" role in SharePoint. Sharepoint site owners both govern access and also have access to ALL content within a SharePoint site.

Please Note: If this is not a viable approach for your SAFER content, your unit may require separate SharePoint sites for different SAFER shares.

Approving permission changes
Two data stewards approve every permission change on a SAFER-registered folder.
Any individual SharePoint site owner or document library owner can make permission changes according to their role. Site owners may also approve/decline member requests for sharing content either within or outside of Northwestern.
Inviting permanent collaborators
SAFER prevents collaborators who are not stewards from inviting additional collaborators.
This SAFER functionality is maintained when "Member Sharing" on the site is turned OFF. With this setting off, only owners and document library owners can share content without approvals.
Changing settings and permissions Stewards perform every action they need with Online Forms.
Site and document library owners perform actions within SharePoint site settings.
Importing bulk changes For SAFER bulk changes to permissions, there was an online form. No form for bulk changes exists for SharePoint sites. Changes will need to be made directly to each document library, SharePoint site, or permission group in the site as needed. We recommend setting up SharePoint permission groups for your new site to simplify the maintenance of permissions.
Migration of "Top-Level Folders" “Top-Level Folders” within SAFER shares can have different stewards as compared to the shares in which they sit.
During the migration, “Top-Level Folders” will likely become their own document libraries within a SharePoint Site. The owner of the document library will be the individual with top-level access.
Managing Folders and Subfolders Subfolders, under SAFER top-level folders, can be added, modified or deleted by individuals with Box editor access. These same individuals cannot edit the top-level folder in the same way.

Folders within a SharePoint site's document library inherit permissions from the document library. Document library members (with "Contribute" access), by default, CANNOT create new document libraries, but they CAN create folders and other content within the document libraries to which they have access. 

Note: If your SAFER content is migrated by Northwestern IT to SharePoint, all sharing permissions in Box will be moved with the content. Site owners may wish to streamline permissions in the Microsoft environment using groups. If you would like to have custom permissions on a folder within a document library, you can select "Stop inheriting permissions" from the document library and then set custom permissions as needed.

Notifications SAFER directors are notified for activities such as moves, deletions, and new permissions granted.

Northwestern SharePoint site owners are not notified for activities such as moves, deletions, and new permissions granted. However, SharePoint site owners can opt to be notified if someone requests access to content--and then the owner can approve or deny the request.

Retention Policies None

None by default. However, a SharePoint site retention policy can be modified to be a one-year, two-year, three-year, or seven-year policy by contacting BOX-migration@northwestern.edu. 

Back to top