The default setting should be changed to "Editor Cannot Share" for sharing sheets and reports. It is a security issue to have the current setting default to "Editor Can Share". We have to spend too much time training users in the difference between the two permissions and why it is important that we grant "Editor Can Share" only when appropriate and needed.
@Karen Richers My company has identified Smartsheet POCs for each team. Does your company have the capacity to assign functional roles as Smartsheet Developers and Designers?
We are building Smartsheet Developers that monitor and adjust Smartsheet asset access and continuity. I recommend a Form to request asset access change requests. Python scripts can automate the asset access change requests.
We are building Smartsheet Designers to build templated Smartsheet assets (e.g., Smartsheets, Forms, Reports, Dashboards, WorkApps) to the Stakeholders vision by lens.
Erin Horiuchi Green, MBA, LSSYB
Process Manager
Syneos Health
Please kindly like ❤️, upvote ⬆️ and/or mark ✅ any of my contributions that have provided value.
Core App and Project Managment Certified 🚀
To add on, I wonder if this is actually an idea to be expanded for use in Admin Center, as maybe a tenant-wide default setting, as this function certainly is a security concern for some organizations, but others may prefer it in different states. Thus, allowing System Admins to choose what the default share behavior is might be a great enhancement.
I agree with @eliweitz - this is something that should be specified in the Admin Center for each account, and not necessarily a Smartsheet-wide default setting.
If my comment helped you, please help others by marking it as an accepted answer and consider helping me by clicking the 💡Insightful or ❤️Awesome buttons below!
Business Process Excellence Manager
Smartsheet Leader & Community Champion
Pronouns: She/Her (What’s this?)
“Take chances, make mistakes, get messy!” – Ms. Frizzle
Agree. The default of the editor can share permission is by no means best practice. The access level should always default to the lowest risk level. So frankly, it should default to view or editor cannot share. IMHO, Admins should be able to remove the editor can share option as whole.
I think it is away for Smartsheet to get higher adoption of their tool because unless you have security settings set up, when you use the editor can share option with someone outside your account, they set up a new free account.