.svg)
If you are an advanced user, you can use the code editor in the Add Watermark Rule wizard to write your conditions for adding watermarks to files. With the code editor, conditions can be more complex and can user a wider range of parameters.
Note: To indicate in the code editor that you want to include the watermark on all files, enter the word true
|
Parameter |
What does the parameter do? |
Sample returned value |
|---|---|---|
|
_file.path |
Returns the path that was accessed. |
_file.path == '/myuser/mydir/myfile.pdf' |
|
_file.pathStartsWith(start) |
Returns true when the path has been accessed. Starts with the given `start` parameter. |
_file.pathStartsWith('/myuser/mydir') |
|
_file.ext |
Checks if the file has the extension specified. |
_file.ext == 'pdf' |
|
_file.pathContains(path) |
Checks if the file path contains the sub-path specified. |
_file.pathContains('/myuser/mydir') |
|
_file.pathMatches(path) |
Checks if the file path matches the path specified. |
_file.pathMatches('/myuser/mydir') |
|
_file.fileNameContains(text) |
Checks if the filename includes the given text. |
_file.fileNameContains('mrn') |
|
_user.anonymous |
Checks if the user making the request is anonymous |
_user.anonymous == false |
|
_user.username |
Returns the name of the user trying to execute an action. Note: This cannot be used to identify the main Admin since "admin" is not stored as a user. Instead use user.isMasterAdmin (see below). |
_user.username == 'FileCloudUser' |
|
_user.email |
Returns the email of the user trying to execute an action. |
_user.email == 'john.doe@mail.com' |
|
_user.userType |
Returns the type of user that is trying to execute the action. The available types are: 'Full Access', 'Limited Access', 'Guest Access'.
|
_user.userType == 'Guest Access' |
|
_user.inGroup(groupName) |
Checks if a user is part of a given group. |
!_user.inGroup('managers') |
|
user.isEmailInDomain(domainsToCheck) |
Checks if a user's email id matches a given list of domains. The 'domainsToCheck' parameter can be a single domain, or a comma-separated domains list. |
_user.isEmailInDomain('example.com', 'mail.com') |
|
_request.remoteIp |
Returns the IP address that was used to execute the action. |
_request.remoteIp == '43.12.45.78' |
|
_request.isAdminLogin |
Returns true for admin login request. |
_request.isAdminLogin |
|
_request.agent |
Returns the user agent that was used to execute the action. The possible values are: ‘Cloud Drive', ‘Cloud Sync', 'Unknown', 'Web browser', 'Android', 'iOS', 'MS Outlook' , 'MS Office' , 'FileCloud Desktop Windows’ and 'FileCloud Desktop Mac’. |
_request.agent == 'Unknown' |
|
_request.inIpv4Range(lowIp, highIp) |
Checks if the IP address that was used to execute the action is part of a given IP range, represented by limits of the range (given with the parameters). |
_request.inIpv4Range('138.204.26.254', '138.204.26.1') |
|
_request.remoteCountryCode |
Returns the two-character uppercase ISO country code. Returns "Unknown" if country could not be determined. Note: To use this expression, the Show Geo IP Chart setting in the Settings > Admin screen must be set to TRUE. |
_request.remoteCountryCode == 'US' |
|
_policy.name |
Checks if the user’s policy is equal to/not equal to the specified policy. |
_policy.name == ‘Human Resources’ |
|
Note: In any of the expressions including share.path, specify the original path of the shared file (for example /user1/textfile1.txt), not the path in the Shared with Me folder (for example, /SHARED/user1/textfile1.txt) |
||
|
_share.path |
Returns the path of the share. |
_share.path == '/myuser/mydir/myfile.pdf' |
|
_share.public |
Returns true or false if the share is public or not. |
_share.public |
|
_share.onlyAllowedEmails |
Checks if all users receiving a share match one of the emails or one of the domains specified in the rule. A domain may be specified instead of an email by using *, for example *@gmail.com.
|
'true' if all share recipients are in a domain or email in the onlyAllowedEmails list.
|
|
_share.allowedUsers |
Returns a list of the allowed users of the share (including the users in an allowed group). The list contains the users' email addresses. |
'john.snow@mail.com' in _share.allowedUsers |
|
_share.allowedGroups |
Returns a list of the allowed groups of the share. |
'EVERYONE' in _share.allowedGroups |
|
_share.hasUsersFromDomain(domain) |
Checks if the allowed users list has any users with an email domain that matches the given domain.
|
_share.hasUsersFromDomain('gmail.com') |
|
_share.onlyUsersFromDomain(domain) |
Similar to the _share.hasUsersFromDomain(domain) function, but checks if the allowed users list has any user with an email domain that doesn't match the given domain. In the provided sample, the expression only returns true if all users have their emails in the `mycompany.com` domain. This method only makes sense with ALLOW rules.
Do not use this expression in an OR condition with another expression; this could cause shares to be denied unintentionally. Instead use _share.onlyAllowedEmails with a wildcard. For example, instead of: (_share.onlyUsersFromDomain('gmail.com') || _share.onlyAllowedEmails('testuser@test.com')) use:
_share.onlyAllowedEmails('*@gmail.com','testuser@test.com') |
_share.onlyUsersFromDomain('mycompany.com') |
|
_share.pathStartsWith(start) |
Returns true when the shared path starts with the given `start` parameter. |
_share.pathStartsWith('/myuser/mydir') |
|
_share.pathContains(text) |
Returns true when the shared path contains the given `text` parameter. |
_share.pathContains('sometext') |
|
_share.pathMatches(pattern) |
Returns true when the shared path matches the given `pattern` parameter. Wildcards are supported: `*` for any sequence of characters and `#` for a single character. |
_share.pathMatches('*sometext*') |
|
Note: When you set a _metadata rule, the metadata set and the attribute specified cannot contain periods within their names. For example, cce.pii is valid, but cce.x.pii.y is not valid. |
||
|
_metadata.exists(metadataValue) |
Checks if the path or one of its children, have the given metadata attribute set. The metadata attribute must be provided using the `metadataSet.attribute` notation. |
_metadata.exists('cce.pii') |
|
_metadata.existsWithValue(metadataValue, value) |
This function is similar to the _metadata.exists(metadataValue) function, but it checks if the metadata attribute (first parameter) exists, and if its value is equal to a given value (second parameter). |
_metadata.existsWithValue('content.category', 'confidential') |
|
_metadata.existsWithValueInArray(metadataValue, value) |
This function is similar to the `_metadata.existsWithValue(metadataValue, value) function, but checks whether an array metadata attribute contains the specified value. |
_metadata.existsWithValueInArray('content.categories', 'pii') |
|
_metadata.existsWithCondition(metadataValue, operator, value) |
This function is similar to the _metadata.existsWithValue(metadataValue, value) function, but it takes an operator parameter (second parameter) that will be used to compare the metadata attribute value (first parameter) with the provided value (third parameter). The available operators are: `==` (equals), `!=` or `<>` (not equal), `>` (greater than), `<` (less than), `>=` and `<=`. When the metadata and the third operator are numbers, they'll be compared as numbers. If any parameter is not a number, it will be compared alphabetically (dates, for example, cannot be compared using `>, <, >=, <=`). The sample checks if the risk level of a document is greater than 6. |
_metadata.existsWithCondition('content.Risk Level', '>', 6) |