What is GAT Unlock? #
GAT Unlock is an enhancement functionality within the main GAT+ tool, and it allows Google Workspace Admins to take more actions using GAT+.
GAT Unlock operates on the principle that access to documents, or change of ownership of documents, without the owner’s knowledge or permission, can only be accomplished with the active input of at least two people in the organization.
The second person is the “Security Officer” and is responsible for approving or denying requests submitted by the Super Admin. The Security Officer can be any member of the domain.
For easier management, it is recommended to have at least two Security Officers in the domain.
GAT Unlock can be used to:
- Allow setting up Email delegation within GAT+
- Allow setting Email auto-forwarding within GAT+
- Allow change of ownership of Drive files within GAT+
- Allow altering Drive files by adding and replacing existing permissions
- Allow copying Drive files
- Allow viewing File content
- Allow download of the File content
- Allow viewing Email content
- Allow download of Email content
- Allow Admins to onboard offboard and modify users within Flow
Prerequisite: When ‘GAT Unlock’ is enabled, Admins can generate access or change requests, but only Security Officers can approve them.
An individual can be a member of both lists, but cannot approve their own requests. The Security Officer list for all domains is maintained by the GAT Labs staff.
Availability:
Unlock is part of all plans for Education domains:
For Enterprise, Unlock is part of:
GAT Unlock Features #
Drive Audit #
Within the GAT+ auditing areas, you’ll find GAT Unlock related features like:
- File Management – Using this action you can change ownership of the files or folders you select.
You can also add new contributors/viewers or commenters to any file or folder you’ve selected.
- Select file copy – You can create a duplicate copy of any file or folder you’ve selected.
- Create a new access request – You can gain access to the contents of a file.
With GAT+ only (without this feature), you can only view metadata related to the file. With GAT Unlock’s access request feature, you can gain access to the actual contents of files.- Use Case Examples:
#
You’ll find the GAT Unlock functionality in the Shared Drive tab of the GAT+ Drive auditing area.
- Alter the membership settings of a Shared Drive:
Email audit #
In the Email audit area, within the Emails tab and the Email Content Search tab, you’ll find the following GAT Unlock feature:
Create a new access request – With this feature, you can gain access to email content. Without this feature, you can only see metadata related to emails but not the actual contents.
While using this feature you can enable some additional requests:
Create Access Request Use Case Examples: #
Download Email Use Case Examples: #
Users – Email delegation #
In the User audit area (within the Email Info tab) you’ll be able to set Gmail mail delegation or an email auto-forwarding policy for any user. This is an actionable feature of GAT Unlock.
Set up Email Delegation use case example: #
Pre-Approve Access to Files or Emails and Flow: #
‘Pre-approval is the ability to set up a Workspace Super Admin to use the GAT Unlock functionality without needing approval from the Security Officer for each request.
Pre-approval policies can be created by the Security Officers only. It is a one-time setup.
Pre-Approval by Security Officer Use Case Examples #
GAT Flow #
GAT Unlock is a prerequisite for Flow to work. For every request in GAT Flow, approval from a Security officer is required, unless pre-approval is set up.
