DLP-rules - why is there sometimes "Triggeringerin...

anders_wockatz · 03-14-2023 08:32 AM

We have switched on a DLP-rule that blocks external sharing of files containing swedish personal numbers.

Sometimes when we receive an alert about user action taken that violates the rule, we don´t see who´s the triggering user. Moste often we do, but sometimes it says "Triggering user (none).

I want to know in what specific cases that is suppose to happen.

ajojose33333344

Hi @anders_wockatz were you able to find the exact reason:

if a script or application is being used to access and share the files, the DLP system may not be able to determine the user behind the action. Similarly, if a service account is being used to access and share the files, the DLP system may not be able to identify the individual user associated with that account.

anders_wockatz

Thank you for those aspects. I wpould say that the circumstances you pwrite
is very rare to non existing in our environment.

I as well want to know if it, "Triggering User (None)" will happen when an:
- external part with a Google-account in fact is the trigger.
- external part without a Google-account in fact is the trigger.
- anonymous person (edit for everyone with the link) in fact is the trigger.

Best regards
Anders Wockatz
System Governance Manager Google Workspace

The municipality of Dals-Ed
(PII Removed by Staff)

Telephone - direct: +(PII Removed by Staff)
Telephone - switchboard +(PII Removed by Staff)
Email: (PII Removed by Staff)
www.dalsed.se

--
Det här är epost från en anställd eller förtroendevald i Dals-Eds kommun.
Om det av någon anledning råkat hamna fel, vänligen radera mejlet.

DLP-rules - why is there sometimes "Triggeringering user (none)" instead of an account