Help Centre
› Webmail
› How to Manage Folder Permissions
This tutorial walks through granting, modifying and revoking access to your mailbox folders on SmartXHosting webmail. Folder sharing is how UK teams run shared support@ inboxes, give compliance officers audit-only visibility, and hand over a colleague's Sent folder during a holiday without exchanging passwords.
Folder sharing replaces two common anti-patterns:
- Sharing passwords between colleagues — a UK GDPR breach waiting to happen, and an instant fail in any Cyber Essentials assessment.
- Auto-forwarding to a personal account — creates off-platform copies that evade retention controls and often fail authentication checks at the onward receiver.
With folder sharing, each user signs in with their own credentials, sees the shared folder through a proper ACL, and leaves an audit trail server-side.
| Role | Read | Write | Delete | Manage | Typical use |
|---|
| Viewer | Yes | No | No | No | Read-only audit or oversight |
| Contributor | Yes | Yes | No | No | Shared team inbox with reply duty |
| Editor | Yes | Yes | Yes | No | Holiday cover or filing deputies |
| Manager | Yes | Yes | Yes | Yes | Deputy with re-sharing rights |
- Open All email folders from the side panel (mobile) or the folder tree (desktop).
- Locate the folder you want to share.
- Tap the gear icon next to the folder name.
- A sharing panel opens. Click Add user.
- Enter the colleague's email address — must be an address on your same SmartXHosting Axigen domain.
- Select the permission role from the dropdown.
- Click Save. The user can open the folder within seconds.
The user you shared with receives no automatic email notification — best practice is to send them a short message telling them what you shared and why. Axigen deliberately avoids auto-notifications to prevent noise in shared environments.
- Open the sharing panel on the folder (gear icon).
- Find the user in the list.
- Click the role dropdown next to their name.
- Select the new role.
- Click Save. The change takes effect on the user's next refresh.
There is no "request approval" flow — changes are applied instantly on save.
- Open the sharing panel.
- Find the user in the list.
- Click the Remove button (or the X icon) next to their name.
- Confirm the removal.
Revoked access is immediate on the server. The folder disappears from the user's webmail within one or two minutes. A user with a desktop client's cached copy of messages still has them locally — ask them to empty the local cache on revocation if that matters for compliance.
Axigen permissions are per-folder, not inherited. If you share Projects with a colleague, they do not automatically get access to Projects / Acme 2026 — each sub-folder is a separate permission boundary.
Two approaches depending on intent:
- Explicit per-folder. Share each sub-folder individually. Good when you want fine-grained control (some sub-folders shared, others not).
- Top-level share with recursive script. Administrators can use an IMAP ACL script to propagate permissions across a tree — contact SmartXHosting support for a one-off bulk change if your tree is large.
Review folder shares regularly — at least quarterly, more often for regulated sectors. Questions to ask:
- Does each share still have a business reason?
- Is the permission level still appropriate (could we downgrade Editor to Viewer)?
- Have any of the named users left the organisation?
- Has the folder's contents changed in a way that affects who should see it?
To list every share on a single folder, open the sharing panel — you see every user with access and their role. To list every share across all your folders, use the desktop webmail Settings › Sharing › Overview page, which lists every folder you have shared and every folder others have shared with you.
- Cyber Essentials certification. Assessors look for evidence that access is managed by role, not by shared credentials. A folder-sharing policy with quarterly review records is exactly what they want to see.
- UK GDPR Article 32 (technical and organisational measures). Document your folder-sharing policy: who can share, who approves, how reviews are conducted.
- Data Subject Access Requests (DSARs). If a data subject asks what correspondence your organisation holds about them, you will need to search every folder they might appear in — including folders shared with multiple users. Keep the structure tidy to make searches feasible within the 30-day statutory timeline.
- Leaver process. When an employee leaves, revoke every share that named them. This is easy to miss if you use wildcard/group shares elsewhere.
- SRA / FCA / ICO sector expectations. Regulated sectors expect documented access controls. A clear record of folder shares (who, when, why) is the same evidence used for general shared-storage governance.
Sharing Sent folders. If you share your Sent folder (or your entire mailbox) with a colleague, they see every message you send — including personal correspondence to HR, to your doctor, or to your solicitor. Consider creating a dedicated "Shared projects" folder instead, and routing project correspondence through it explicitly.
Granular permissions built in. SmartXHosting Business Email supports unlimited per-folder shares at no extra cost. Every access decision is logged server-side in the Axigen audit trail, available to administrators for compliance review.
Q: Can I share with a group rather than individual users?
A: Yes, if your administrator has configured distribution groups in Axigen. Share with the group address and all members inherit access. Leavers need to be removed from the group to lose access.
Q: Does the owner still have full rights?
A: Yes, always. Sharing adds access for others without restricting the owner's own permissions.
Q: Can a Contributor see who else has access?
A: No. Only Managers and the owner can see the sharing list. Contributors and Editors see only that they have access.
Q: Are shares exported in a backup?
A: Yes. Axigen backups preserve ACLs, so a restored mailbox retains its shares. If the restored mailbox is placed in a different organisation, ACLs pointing at users in the original organisation become invalid.
Q: Is there a limit on shares per folder?
A: No hard limit. Practical limit around 100-200 shares per folder; beyond that, consider a distribution group or a dedicated shared mailbox.