Solved: Re: Limit user access to publicly share Shared Dri...

Capitan1 · 11-19-2024 11:05 AM

Hello,

I would like to only allow certain users (IT) access to publicly share folders and files in a shared drive while all other users will not be able to do so. Is this possible?

In my testing the only way to enable public sharing is to enable it by moving the GSD to an OU that enables it. Once you do that then ALL users have access to share files publicly with a link. I have not found another way to do this. Does anyone have any insight into this?

Thanks,

Justin

Zakaria

You're right @Capitan1! That setting works exactly how you described it. Here's the breakdown (true for all the sharing settings):

For anyone in that OU: It changes how sharing works in their own Drive (My Drive).
For shared drives in that OU: It changes the sharing settings for the whole shared drive, so it affects everyone who can updates file permissions.

We use a special shared drive to control who can share stuff publicly. This drive lives in an OU where we allow public sharing, but we don't actually put any users in that OU. Instead, we give specific people access to the shared drive.

This means they have to move or copy stuff over. But the good news is that it makes it way easier to keep track of what's shared publicly and who's doing the sharing.

View solution in original post

icrew

Sounds like you probably want to set your non-IT users as Content Managers, not Managers, of the Shared Drive, and set up sharing restrictions on the Shared Drive. Check out https://support.google.com/a/users/answer/12380484?hl=en (especially the "Access control to shared drives" section) for all the details.

Hope that helps,

Ian

Capitan1

Providing end users content manager perms does not affect the file perms for sharing files publicly with a link but I appreciate the help.

I feel that your reply was solely focused on the aspect of sharing folders (and applying don't let content managers share folders setting) but did not consider what to do for files.

icrew

This is the bit I was referring to, especially the last paragraph:

Access control to shared drives

You can use this feature only if your organization supports it. For help, contact your administrator.

Members with Manager access and Google Workspace admins can control access to the items in a shared drive. In addition to setting up members, they can set restrictions on sharing as follows:

Prevent sharing files with people outside your organization
Prevent sharing files with non-members
Prevent members with Content manager access from sharing folders
Prevent members with Commenter or Vieweraccess from downloading, copying, or printing files

These restrictions override file and folder sharing (described in the next section). If a shared drive Manager changes a shared drive’s restriction settings, access privileges for files in the shared drive are updated.

For example, if a file in a shared drive is shared with an external person and then the shared drive settings are updated to prevent sharing with people outside your organization, that external user can’t access the file anymore. However, their permission on the file stays in place. If the setting is changed to allow sharing with external users again, any external users who the file was already shared with regain access to it.

Capitan1

I'm a bit confused since this setting "Prevent sharing files with people outside your organization" would be the only setting that may have any impact on the ability of users making files public. This setting would also apply to all user managers and content managers and would not allow any privileged users to share publicly.

From my perspective I was hoping to allow the IT OU access to share files publicly in a GSD but not allow any other OUs to have that permission. It seems to be the OU settings only apply to My Drive and/or apply to the entire Shared Drive (all users no matter perms) if the Shared Drive lives in that OU.

Zakaria

You're right @Capitan1! That setting works exactly how you described it. Here's the breakdown (true for all the sharing settings):

For anyone in that OU: It changes how sharing works in their own Drive (My Drive).
For shared drives in that OU: It changes the sharing settings for the whole shared drive, so it affects everyone who can updates file permissions.

We use a special shared drive to control who can share stuff publicly. This drive lives in an OU where we allow public sharing, but we don't actually put any users in that OU. Instead, we give specific people access to the shared drive.

This means they have to move or copy stuff over. But the good news is that it makes it way easier to keep track of what's shared publicly and who's doing the sharing.

Capitan1

Thank you!

Limit user access to publicly share Shared Drive files and folders

Access control to shared drives