File Management – Changing ownership or file access rights
GAT Unlock is tightly integrated with the powerful search and filter options available in GAT+. This means you only have to do things once.
In this example we are going to find all the spreadsheets owned by the group ‘sales’ that are shared externally, then we will remove the external sharing and change the ownership (on all the selected files at once).
TIP: Always narrow the file request with a search first – saves time and makes approval simpler.
Step 1: Click on the ‘Apply custom filter’ button in Drive Audit.
Step 2: Select the following option:
- For the filter ‘Type’ select ‘User/Group/OU search’,
- Enter the ‘Sales’ group in this field ‘Local User’s email/Group’s email’, make sure to enter the full email address.
- Make sure to tick the ‘Include Sub. Org.‘ Box to include all the OU’s within the sales OU in the filter.
- Select Ownership equals to Owned.
- This will show all the files owned by the Sales group. Otherwise, it would show all of the files associated with the Sales group, where Sales shows up as Owner, Editor, or Reader.
- Select the parameter ‘Type’ equal to ‘Spreadsheets’ and ‘Sharing flags’ contains ‘Shared out’.
- Selecting shared out will only focus on files leaving your domain.
You can quickly check how many files you are dealing with, by selecting ‘Show stats for the current filter‘ once the result is displayed.
Step 3: Next click on the files you want to audit individually or click the check-mark beside the ‘Title’ to select all files from the search.
Note: You can not perform actions on a ‘Suspended’ accounts.
Step 4: Once the files are selected – click on the ‘File operation’ button and then select the ‘File Management’ option.
Step 5: Change the ownership of the selected files by adding the email of the new owner.
Note: When changing the ownership, the previous owner is set up as editors of the files by default.
Access can be denied, files which are trashed can be un-trashed, and custom path for the when the ownership happens can also be set.
Step 6: To remove the external access to the spreadsheets tick in the checkmarks for removing the external permissions
Step 7. When all option is selected Send a request to the Security officer for approval.
The designated security officer will receive an email request as shown below, clicking ‘here‘ will launch the GAT tool to the ‘File Management‘ tab in the security officer section, where they can action the request.
If the request is approved, the action will take place and the owner will be changed, you will be notified as below
If permission is not granted by the security officer, you will also be notified and no actions will be taken.
You can check the actions in the Admin log. The changes can be undone by clicking Revert changes.
Access Permissions Granted – How to silently copy or view files
We are going to use a powerful search feature inside of the GAT+ Drive audit to identify the contents of the documents we’re going to investigate.
This feature is called the ‘File content text search’, it allows admins/delegated auditor to use a word or sentence to search through all of the files across the domain and to return documents that contain them.
Step 1: Click on the ‘Apply custom filter’ button.
Step 2: Enter the word or sentence to return files that contain them. Select the user’s account you want to search through, you can leave this field blank to search your entire domain’s Drive or enter a user, Google Group or Org Unit to search through them only. in this case we are searching domain-wide using ‘/’ symbol.
It will take a few minutes depending on how many files you have across your domain.
Step 3: Select the files you are interested in, remember that these files contain the sentence “Test for auto share removal”.
Step 4: Click on the ‘Files operation’ button and then select ‘Create new access request’.
Step 5: Next we will select a date in the future, we will have access to these files until this date. You have an option to write to your security officer explaining why you need access to these files.
Send the request to the Security Officer(s) for approval.
The following email will be sent to the Security Officer.
The Security Officer can click on the link in the email and will be taken to the ‘Access Permissions‘ in GAT+.
When the Security Officer approves an email will be sent to the requesting Administrator/delegated auditor informing them.
When approved click on the “previous searches” button and select the previous filter applied.
Click on the green checkmark under Actions
View file content
From the right side under Actions > (lock icon) option:
- Show File content
You can also use File content search to find sensitive data and take action using Unlock.
Video: How to Manage File permissions in your Google Drive
To request a demo please click here and fill the form, we will get back to you in less than 12 hours during weekdays.
If you trailed GAT in the past and you would like to run a fresh trial again, please enquire through this form.