Generally a distributor or publisher of a data file would like to distribute the data file in a secure fashion and allow access to only select target users. Traditionally, the distributor of a data file searches a data file management system for target users that need to be included in the policy associated with accessing the data file. The resulting search only shows target users known to the data file management system. If the distributor does not find the target user to exist, the distributor may add the target user by adding the email address of the target user to the policy and send a notification email to the target user with an invitation to create an account and be included in the policy. However, once the data file (and policy) have been created and distributed new target users cannot be subsequently added without creating a new data file and associated policy.