📖 3 mins read

You have a document that is Shared to a particular department of your organizations.
This document is allowed to be shared among your domain, but the Sharing out to users, not from your domain is forbidden. You do not want to restrict it only to certain users, but everyone to have access to the Doc and if it is Shared out – the external users to be automatically removed. Using GAT+  an admin can apply a rule on Google Doc or Folder and remove the external user and all perform all the actions below automatically after each scan.

The important thing to remember about a narrow policy like this is that the file might also be subject to a big policy, which could warn the owners too. When designing policies for whole domains you have to carefully think out the domain-wide ones and the specific ones.

So do you allow all shares and block specific ones, or do you block all shares and allow specific ones?

Do you do nothing and just warn people once a month about files shared out that changed during the month?

Are there some cases where you just remove access and don’t warn people?

These can become very complex questions which the Admin team needs to think through with the managers as to what is the appropriate level of external sharing and/or warnings.

File: To do this follow the steps below:

Open Drive Audit – and apply a custom filter:

Search for the file/folder in the example below we search by user, file type and updated date. Admin can use any other search parameter to find the file they need.

Once the file is found just select it

When details of the document are shown copy the File ID.

Once you have copied the File ID, apply the custom filter again and search for the File ID equals the File ID (make sure there no space at the end and the start of the ID) to make sure it matches, and result to be shown.

This will show the same file again, we use this to make sure the rule we will apply is only for the File selected.

File ID equals the ID of the file in question, Scheduled then we choose the occurrence, in our case is every month, and Enable. Apply & Schedule will make it run Every first day of the month.

Once the report is ‘Scheduled’ please access it under Configurations in GAT+.

This will open a list of all your ‘Scheduled reports’, Under the actions field select the ‘Job Action Edit’ on the right-hand side.

Once this option is selected a new window will be displayed where you can schedule the task to remove All External Shares to this particular document.

Select ‘Save’ and on the 1st day of each month, this rule will be applied and all “External shares” from this document will be removed. This does not prevent users to share this document again, but next month when this Report runs again, it will remove them again.

To revoke the action simply “Disable” by selecting Status = Disabled

Folder: The same method can be used for Folders. Find the folder, copy the Folder ID

Then schedule the time frame, for when the Policy to run.

Then open ‘Scheduled reports’  and add/edit the job to the Policy.

You can ‘Enable’ and ‘Disable’ the report, you can also select ‘Report only’, which in turn will just run the Policy without taking the action. You can use this to Notify your users that they should not share out Docs or Folders to outside users.