Find out who changed file permissions in time and take necessary actions โ Google Workspace security automation guide.
Google Workspace is an exceptionally safe environment โ many IT Directors choose Google Workspace for this very reason. It offers robust data security features and invests a lot to keep your data 100% safe in the cloud.
However, Google can’t control your users behaviour, therefore the mishandling of data by users can still pose significant risks. Your Google workspace users can not even considering the risks, share files externally, change file access permissions, forward corporate emails to their personal accounts. In the previous posts we described in detail how to automate external files sharing audits, how to automatically revoke access for departing users ย (to ensure full data safety and implementation of security automation best practices).ย
In this tutorial we’ll handle file change permission audits. This audits help you find out who changed permissions on a folder or file, read file permissions, and list all permissions associated with your Google Workspace files.
By automating these audits, you will not only quickly identify who changed file permissions but also ensure that unauthorized changes are promptly addressed without creating additional workload on you, as a Google Workspace admin. This process will increase your organization’s compliance and safeguard sensitive information from potential misuse. Automation willย ensure that your organization is unlocking the full potential of Google Workspace in terms of data security, and prevents users from mishandling it.ย
Table of Contents
Set Up your Zenphi Account
Get your journey to higher data security underway by kicking off with a free Zenphi account. Register here and dive into the world of automated workflows or schedule a demo meeting to learn about how Zenphi could better your business. In Zenphi, each automated workflow is represented by a ‘flow,’ comprising a trigger and subsequent actions.
Step 1: Use “Google Audit Activity” Trigger
The first step to our flow will be to configure our โGoogle Audit Activity” Trigger.
In Zenphi, the trigger is the action that initiates the flow. In this specific case, the flow will begin whenever certain audit activity occurs. You will need to begin by setting up your connection to Google Audit Report, granting Zenphi permission to monitor the activity of your choosing.
Here we will set the Application Name to Google Drive and the Event Name to โchange_document_visibility.โ This will trigger our flow whenever a user changes the document visibility inside Google Drive. Weโre able to filter out the changes made to document visibility depending on what we wish to avoid. In this example, we have used โvisibility_change==externalโ to start the flow only when a document is now being shared externally.
Step 2: Retrieve Document Parameters
Next, we will use a very powerful tool called โQuery Collection.โ
This action allows us to retrieve certain information from a selected collection.
We will use this action to retrieve 4 key elements:
- the ID of the file,
- the owner of the file,
- the title of the Google Doc,
- and lastly, the Shared Drive ID if it belongs to one.
Each of these elements will have its own Query Collection action assigned.
To set it up, we just need to indicate the collection we wish to filter, in this case, the Parameters coming from our trigger. This will allow us to see the information that the trigger provided.
However, we must filter the collection to retrieve the information for each key element we wish to retrieve. To do so, we will repeat the same process for each of the 5 Query Collections actions and simply change the name of the item weโre looking for inside of the Filter section. This will allow us to decide which records we want to obtain.
Step 3: Add The Document Information To Google Sheet
To keep better track of the files that have had their visibility changed from internally to externally, we will create a simple Google Sheet by using the โAdd Rowโ action.
Simply set up your Google Sheet with a header for each column you wish to add. To use the action, set up the connection to your Google Sheet and then select the file you just created. Click on โLoad Headersโ to import the name of each column so youโre able to view where to insert each token from our previously created Query Collections.
Step 4: Review If The File Is On Shared Drive
Since the last step of our flow consists of notifying the owner about the change in permissions to their file, we must keep in mind that this process is a bit different when the file is on a Shared Drive since there isnโt one designated owner.
To see if a file is on a Shared Drive, we will make use of โQuery Collectionโ once again, using the same collection as before and filtering when the Item name is โowner_is_team_drive.โ
Then, we will use a simple โIf Conditionโ action which will follow the true branch only when the value returned from the previous action is true, indicating that the file is effectively on a Shared Drive. Shared Drives donโt have owners, but the most similar we can get to that is someone with an Organizer role inside the drive.
To get a user with this type of permissions, we will use the โList Shared Drive Membersโ action, using the id of the Shared Drive we created in Step 2 and making sure to execute as a Domain Admin. This will create a collection of members of the Shared Drive, which we will introduce into a Query Collection and filter by when the role is equal to Organizer.
ย
Step 5: Notify The File Owner
Now that we have all the information of the file that is being shared externally and the owner or organizer of the file depending on the Drive it belongs to, we are now able to notify them that the File may be being leaked to people outside of the company who shouldnโt have access.
For this, we will use the โSend Emailโ action, where you have the ability to customize the email using all the previous information gathered using the Token Picker. You can share the Google Sheet with the user, use the Item id retrieved to generate the link to the file and much more.
Step 6: Customize And Test
And in just 5 easy steps, you have ensured that if a file owner changed file permissions and sharing it externally now without realising that this action is posing a threat to your Google DLP policy,ย now this person is notified, and is responsible for taking action.
Now, save and publish your flow. Start enhancing your companyโs data security without having to sacrifice any of your time to do so.
If you have any questions or wish to set up aย meeting to learn more about how Zenphi could help your business, you can schedule here.
Video Tutorial On How To Automate File Permission Changes Audits
Watch this YouTube video to recreate the same flow in Zenphi
Talk to us
Concerned that your users behaviour might be compromising Google Workspace security? Let us show you more use cases on how to automate Google admin tasks that would safeguard your data without creating additional workload on you!
