With GAT+, Google Admin can identify the owner of a file and report potential policy violations such as inappropriate file sharing (e.g. open to the public) in the Google Workspace domain in several ways.
When you identify a policy violation, before attempting to delete unwanted shares, you can generate an automated email notifying the Owner of the files in question to verify. The Owner can look at those files to check their permissions and take further action.
Option 1: One-time ‘Report Only’ #
First, let’s see how to use one of the pre-defined filters and report only.
You can simply filter out the files OR use one of the pre-defined filters, e.g. for files Open to Public with link (1), select all of them returned by GAT+ (2), use the Remote permissions option under the File operators button (3), and configure it as shown below under the Multi permission change (for filter selection) window (4).
IMPORTANT: To be able to ONLY notify the Owners of those files (but not remove the permissions yet), please make sure to select Report only option (7), Notify local user: Owners (8).
This is important so that permissions remain unchanged and GAT+ will send an automatic notification email to the owners of these files, as you can see below (9) with the links to the files.
When all is ready click on the Remove permissions button (10). Please DO NOT get confused as this button will not remove permissions as long as the setup is as we describe above.
An example of the email notification sent to the files’ Owner with the links to the files in question and their attachments:
Option 2: ‘Report Only’ Regularly #
The second option is scheduling a report to notify the Owner of files.
You can also schedule a report (1) based on the defined filter, which GAT+ will generate and send to your email box as an offer as specified under the Occurance field (2). Once Enabled (3) and Apply & Schedule (4), the report will be generated regularly.
Once the report is applied and scheduled, under the Scheduled Report (1) section of GAT+, you can review the Schedule job details (2), Enable the report (3), select the Report only option (4), Notify local users: Owners (5), and Save settings (6).
NOTE: Both options described above will be used for notification purposes only. These will not remove permissions yet unless otherwise specified in your settings.
Option 3: Import and Notify Manually #
Lastly, you can import the metadata and use it for further analysis.
In the GAT+ Drive section (1) you can apply any filter (2) you like/need and export (3) the metadata returned by GAT+ to a Google Sheet. From there you can extract the Owners’ email addresses (as well as File titles and IDs if applicable). Then you can use this information for further processes/needs. For example, you can send mass emails to isolated contacts and provide them with those files so they can evaluate from their end. This option is more manual.