Setting up advanced sharing controls in Dropbox Business requires configuring both team-level sharing policies and granular folder permissions through the admin console. The process involves managing external sharing settings, defining user roles, and implementing security measures like link restrictions and expiration policies. Dropbox Business Advanced and Enterprise plans offer additional controls through the Advanced Team & Content Controls Add-On, which enables automated workflows and sensitive content monitoring.

Key findings from the sources include:

• Admins can restrict external sharing at the team level and set default permissions for shared links ^[6]
• The Advanced Team & Content Controls Add-On provides automated alerts for sensitive content and user lifecycle management ^[1]
• Folder permissions include three primary roles: Owner, Editor, and Viewer, each with distinct capabilities ^[2]
• Shared links can be configured with passwords, expiration dates, and access restrictions ^[6]

Configuring Advanced Sharing Controls in Dropbox Business

Team-Level Sharing Settings

The foundation of advanced sharing controls begins in the Dropbox admin console, where team-wide policies determine how members can share content externally. Admins with appropriate permissions (typically Team Admins or User Management Admins) can access these settings by navigating to the Admin Console > Settings > Sharing ^[7]. The sharing tab contains critical controls that apply to all team members unless overridden at the folder level.

Key configuration options include:

• External sharing permissions: Admins can completely disable external sharing or allow it with restrictions. The "Only people on this team" setting prevents any external collaboration, while "People on this team and external people" enables controlled sharing ^[6]
• Shared link defaults: Default access levels for new shared links can be set to "Team only," "People with password," or "Anyone with the link." The most secure option requires admins to manually approve each external share ^[6]
• Link expiration policies: Admins can enforce automatic expiration for all shared links after 7, 30, 90, or 365 days, or allow links to remain active indefinitely. This setting helps prevent stale access to sensitive documents ^[6]
• Password requirements: The admin console allows mandating passwords for all externally shared links, with options to set minimum password strength requirements ^[6]
• Dropbox Transfer controls: For large file deliveries, admins can restrict who can send transfers externally and set default expiration periods for transferred files ^[6]

These team-level settings create a security baseline while still allowing folder owners to implement stricter controls when needed. The admin console also provides activity logs showing all external sharing events, enabling auditing and compliance monitoring ^[7].

Folder-Specific Permissions and Advanced Controls

Beyond team-wide policies, Dropbox Business offers granular control through folder-specific permissions and advanced add-ons. Each shared folder maintains its own permission structure with three primary roles: Owner (full control), Editor (can modify content), and Viewer (read-only access) ^[2]. Admins can manage these roles through the folder's sharing settings or via the Advanced Team & Content Controls Add-On for automated governance.

Critical folder-level controls include:

• Role-based access: When sharing folders, admins can assign specific roles to internal and external collaborators. Owners can promote/demote members, while Editors can only manage files, not membership ^[2]
• Invitation restrictions: Folder owners can prevent members from inviting additional people, maintaining tighter control over access. This setting appears in the folder's sharing options under "Who can manage access" ^[2]
• Permission inheritance: Subfolders automatically inherit permissions from parent folders unless explicitly modified. Admins should audit nested folder structures to prevent unintended access ^[2]
• External user management: For folders shared with external parties, admins can set expiration dates for individual collaborators and receive notifications when external users access content ^[6]

For organizations requiring enterprise-grade governance, the Advanced Team & Content Controls Add-On (powered by BetterCloud) provides additional capabilities:

• Sensitive content detection: Automated scanning of files for PII, financial data, or custom patterns with configurable alerts ^[1]
• User lifecycle automation: Workflows for automatically adjusting permissions when employees join, change roles, or leave the organization ^[1]
• Policy violation responses: Predefined actions like quarantining files, notifying admins, or revoking access when policy violations occur ^[1]
• Cross-platform governance: Unified controls for Dropbox alongside other SaaS applications through BetterCloud's integration ^[1]

The add-on requires separate installation through the Dropbox admin console under Apps > Advanced Team & Content Controls ^[1]. Admins should first define their organization's data classification policies before configuring these automated controls to ensure proper sensitivity labeling and handling procedures.