Applies to

Smartsheet
  • Enterprise

Capabilities

Who can use this capability

  • System Admin

Safe sharing policy overview

As a System Admin, you can configure the safe sharing policy in your governance controls to manage how users work in Smartsheet.

Who can use this?

Plans:

  • Enterprise

Permissions:

  • System Admin

Find out if this capability is included in Smartsheet Regions or Smartsheet Gov.

If you want to set up the policy right away, check out Configure a safe sharing policy.

About the safe sharing policy

The safe sharing policy lets you create a list of approved users and domains for sharing items. You can apply this policy to sheets, forms, reports, workflows, WorkApps, and dashboards. For example, the policy can prevent users from sharing, emailing, or executing workflows with anyone not on the safe sharing list.

You can also restrict unauthorized users from:

  • Sharing sheets and workspaces
  • Sending rows
  • Using the Send Link to Form option within the form link
  • Adding user to your plan
  • Adding users to groups

The approved users and domain lists also restrict email, which means users won’t be able to send emails from Smartsheet to restricted domains and email addresses.


What to expect

After you activate the safe sharing policy in Admin Center, two sheets become available to you:

  • One for the domain list
  • One for the user list (email addresses allowed)

These are standard sheets you can edit and share with other users. However, it’s advisable to share them only with someone you trust to manage your safe sharing list. They contain eight auto-generated columns that are locked by default. Don't change those columns to avoid compromising existing permissions or workflows, and prevent issues with future enhancements to the feature.

  • Domains/Emails allowed to share
  • Exempt from Corporate Account Requirement
  • Exempt from MFA Requirement
  • Modified By
  • Modified On
  • Created By
  • Created
  • Notes

Additionally, a new Admin Settings workspace is automatically generated for you to store both sheets. Note that the data you enter in these sheets synchronizes with the Exempt list, which you use to manage external sharing.

Known limitations

  • Future System Admins added to Smartsheet don't automatically get access to the safe sharing list. An existing System Admin must share the safe sharing sheets (or workspace) with them.
  • After you modify the safe sharing policy, it may take up to three minutes for it to apply.
  • Both sheets only support up to 20,000 rows. You may notice slight delays during the policy enforcement if you're working with more than 20,000 entries. 
  • Changes to the safe sharing sheets don't automatically trigger a notification, but you're encouraged to add a workflow to trigger a notification on changes to the sheets.

Other things to know

  • You can manage the safe sharing list programmatically using the sheet API.
  • You need to add subdomains to the allowlist individually. For instance, adding company.com to the allow list doesn't add portal.company.com. You need to add both domains.
  • When enabled, safe sharing capabilities restrict who can receive notification emails.
  • You can audit your safe sharing list through the sheet access report and use the sheet activity log to check who changed the sheets.
  • Upon activation, all System Admins on the plan receive Admin permissions on both sheets linked to the safe sharing list. They also receive a notification when the policy is activated or deactivated.