File Management – Changing ownership or file access rights
GAT Unlock is tightly integrated with the powerful search and filter options available in GAT+. This means you only have to do things once.
In this example we are going to find all the spreadsheets owned by the group ‘sales’ that are shared externally, then we will remove the external sharing and change the ownership (on all the selected files at once).
TIP: Always narrow the file request with a search first – saves time and makes approval simpler.
Step 1: Click on the ‘Apply custom filter’ button in Drive Audit.
Step 2: Select the following option:
- For the filter type select User/Group/OU search, we will enter the ‘Sales’ group in this field ‘Local User/Group’, make sure to enter the full email address.
- Click the checkbox option ‘Owned’, this will show all the files owned by ‘Sales’ group. Otherwise, it would show all of the files associated with the ‘Sales’ group, were Sales shows up as Owner, Editor or Reader.
- In the filter definition area, select the parameter Type equal to Spreadsheets and to add another search parameter click on ‘Add rule’ button and select ‘Sharing Flag’ to ‘Shared Out’. Selecting shared out will only focus on files leaving your domain.
You can quickly check how many files you are dealing with, by selecting ‘Show stats for the current filter’ once the result is displayed.
Step 3: Next click on the files you want to audit individually or click the check-mark beside the ‘Title’ to select all files from the search.
Note: You can not perform actions on a ‘Suspended’ account.
Step 4: Once the files are selected – click on the ‘File operation’ button and then select the ‘File Management’ option.
Step 5: In this example, we are removing external access to the selected spreadsheets and changing the owner, you can also ‘deny access for old owner’.
Note: When changing the owner, the previous owners are set up as editors of the files, so if you want to cut off any access for the old owners, you can select ‘deny access for old owner’.
When you click on the ‘Send request’ button, an email is going to be sent to your security officer for approval.
If the request is approved, the action will take place and the owner will be changed, you will be notified as above.
If permission is not granted by the security officer, you will also be notified and no actions will be taken.
You can check the actions in the Admin log
Access Permissions Granted – How to silently copy or view files
We are going to use a powerful search feature inside of the GAT+ Drive audit to identify the contents of documents we’re going to investigate. This feature is called the ‘File content text search’. It allows admins/delegated auditor to use a word or sentence to search through all of the files across the domain and to return documents which contain them.
Step 1: Click on the ‘Apply custom filter’ button.
Step 2: Enter the word or sentence to return files that contain them. Select the user’s account you want to search through you can leave this field blank to search your entire domain’s Drive or enter a user, Google Group or Org Unit to search through them only.
You can also use multiple rules in the definition section of the Apply custom filter. I used the Updated search parameter. Once you click on the Apply button the search will begin.
It will take a few minutes depending on how many files you have across your domain.
Step 3: Select the files you are interested in, remember that these files contain the sentence “private and confidential”.
Step 4: Click on the ‘Files operation’ button and then select ‘Access permissions granted’.
Step 5: Next we will select a date in the future, we will have access to these files until this date. You have an option to write to your security officer explaining why you need access to these files.
Send the request to the Security Officer(s) for approval.
The following email will be sent to the Security Officer.
The Security Officer can click on the link in the email and will be taken to the approval area(Grant) in GAT+.
When the Security Officer grants access an email will be sent to the requesting Administrator/delegated auditor informing them. The Administrator from the ‘Access permission granted’ menu can see the full list of their access requests along with the time left for each request to remain valid.
Once the ‘Apply grant’ button is selected, the list of the files will be displayed, with an extra field called ‘Actions’ where you will have an option to ‘Download’ and ‘Show file’.