One of the key features of GAT+ is it’s very powerful Drive audit search capability. Its power comes from its ability to use so many search operators and parameters to find files based on a multitude of different aspects of its metadata. Navigating through Drive audit you will notice how quickly the data loads.
We have even dedicated an entire post to talk about powerful things you can do from the Drive Audit list.
Let us examine the options in detail.
Title – Can be the file name or any part of the name.
Note: GAT remembers document name history, so if someone renames a document GAT will return matches against the new and old names.
File ID – Is the ID for the file in question.
All files have an ID which can be found in the URL of the file or in GAT+ you can click on the title which will display the full ID.
MimeType – MIME stands for Multi-purpose Internet Mail Extensions. MIME types form a standard way of classifying file types on the Internet.
Here are a few examples:
Flags – State conditions applied to files.
Restricted – Whenever the file is prevented from being downloaded, printed or copied.
Editors can’t share – This flag is self-explanatory and refers to files not being able to be shared by editors.
- Team Drive Extra ACLs – Some files within Team Drives might have additional sharing settings, for example, a TD file can be shared out with a link.
- ACLs Changed – ACLs Changed is set when a super admin makes some changes through GAT+ (e.g. remove editor/reader, change owner etc.)
- Title Truncated – Some files have reaaaaaaaaaaaaaaaaally long file names and we’re forced to truncate them so that they can be indexed.
- Incomplete data – When changes are made to some files using GAT Unlock the data in the database can be out of date.
Sharing Flags – This flag covers all of the scenarios a file can be exposed.
Anyone in Domain – Anyone within your domain (myOrganisation.com)
Quota Bytes – this parameter refers to the size of the files. Native Google files do not display any size details but all non-Google files do. This parameter takes Bytes. For example:
1 Kilobyte = 1024
1 Megabyte = 1048576
1 Gigabyte = 1073741824
The below example will return all files greater than 1 Gigabyte:
Type – The most popular file type extensions are shown with this search parameter.
Users – Anyone who is an Owner, Editor or Reader of a file. Can also be entered as a regular expression.
Owner – Anyone who is the owner of a file. This can be a full email address or a partial address. For example to find all files owned by email@example.com
You can select the following:
Owner equal firstname.lastname@example.org or Owner contains (case insensitive) joe
You can also use the contains (case insensitive) to find all files owned by gmail accounts for example:
Owner contains (case insensitive) gmail.com
Editors – Anyone who is the editor of a file. Same search criteria as ‘Owners’.
Readers – Anyone who is the viewer of a file.
Created – When a file was created/uploaded into Google Drive.
Updated – The updated date field changes whenever certain actions are taken. Please see below:
- File permission changes (add/removing editors or reader, add/removing internal or public share)
- A file has been edited
- A files name has changed
Updated is NOT changed whenever:
- A user is viewing a file.
- A user is moving a file (surprisingly!).
Full Content Search
In GAT+ Drive audit, we have a section “File Content Search” this allows an Admin to search for a term (sentence) and select the scope of users where the result to be searched for.
“credit card” – This will return files which contain exactly this sentence, or any of the words inside the quotes. The same result will be displayed if you use a credit card.
Title / Description Search
Title / Description Search queries are performed using only files metadata, that is only text columns presented in Drive result table. Contents are not considered. This is a very fast method of finding files using their title or description.
Example 1: The following example below finds all file records containing ANY terms from the list: “java”, “shop” and “coffee” with a file’s title or description.
Example 2: You can also search for exact phrases by wrapping them in double-quotes. For example, the following finds all records containing “java” or “coffee shop”:
Example 3: To exclude a word, you can prepend a hyphen “-” character. For example, to find all file records containing “java” or “shop” but not “coffee”, use the following:
Sorting by text score
GAT returns results in unsorted order by default. However, tile / Description queries compute a relevance score for each record that specifies how well a record matches a query.
Also, each text column has a weight which denotes the significance of this column relative to the other ones in terms of a text search score. The order of importance is:
title (10), description (5), owner (4), organizers (4), writers (3), readers (1)
For each column, GAT multiplies the number of matches by the weight and then sums the results. Using this sum, GAT then calculates a score for a record.
To sort results in order of relevance score, you must enable the following option:
It’s disabled by default.
Terms queries are case insensitive by default. You can make them case sensitive by enabling this option:
It’s disabled by default.
Note also that both the options (case sensitive and sort by text score) can be combined:
GAT+ and GAT Shield has operator called ‘matches‘ which will recognise partial strings (Adam* to return all Adams for example) and regular expressions. The regular expression feature, in particular, is very powerful.