With natively hosted (Simpplr/Salesforce) files, App managers are able to control file upload and download permissions for specific users. You can restrict upload of HTML in documents, as well as force files to be downloaded instead of previewed in the browser.
Note:To set file security settings, you'll need Salesforce System admin permissions.
To control the security settings on files:
- Go to Salesforce by removing everything after .com in your Simpplr URL and hit the Enter key.
- Go to Setup, then in the Quick Find box, type File upload and select File Upload and Download Security.
- Click Edit.
To prevent users from uploading files that pose a security risk:
- Check the box next to Don't allow HTML uploads as attachments or document records.
To allow custom file types to only open as an attachment for increased security:
- Check the box next to Download custom file types as attachments.
You'll see a list of file types. Each file type offers a dropdown selection where you can choose:
- Download: This means the file, regardless of file type, will always be downloaded
- Execute in Browser: This means the file, regardless of file type will always appear in the browser or through an HTTP request
- Hybrid: This allows Salesforce files to be downloaded, while attachments and documents are executed in the browser
Align settings for each file type you want to set and click Save.