Google Drive has sparked a revolution for collaboration in business environments, streamlining communication and eliminating the need for slow, back-and-forth emails and phone calls for managing ongoing projects.
Through access permissions, Google Drive enables collaborative sharing that allows users to view, comment on, and even directly edit business critical documents and spreadsheets in real time. Essentially, Google Drive empowers employees to get things done, faster.
Here’s what organizations need to know about Google drive access permissions, effective and secure management of those permissions, and how to restrict access when necessary.
What are Google Drive Access Permissions?
Google Drive permissions allow users to grant access to documents, spreadsheets, and other business items within an organization. These three tiered levels of permission mean that users can preserve the integrity of an item, preventing it from being changed or viewed without their approval.
Let’s break down the access levels on Google Drive:
- View
This is the least privileged of the Google Drive access permissions.The “View” sharing setting means that the user can simply see and review a document. They are unable to make changes to the item that was shared with them.
- Comment
If you grant this permission to a user, they are able to leave their comments alongside text or data (in the case of a spreadsheet.) This setting is excellent for when you want input from a specific person, but don’t want them to be able to directly make changes to the item.
- Edit
This is the highest level of Google Drive access permissions that’s available. It allows the user to make direct edits to a document. It’s important to note that in Drive’s default settings, someone given editing access can add other editors to the item - even without your permission.
What are the standard sharing settings on Google Drive?
Just like you wouldn’t want everyone to be able to view the contents of your personal email inbox, Google Drive sharing settings ensure that you have control over who has access to your documents.
There are three types of sharing settings in Google Drive:
- Public
If you set a document or spreadsheet to “public,” that means anyone on the internet with a link to the item can access it. This setting should only be used for items that do not contain sensitive information.
- Specific people
This sharing setting allows you to choose specific users that you want to access your document. Anyone who hasn’t been added to your list of users will receive a message informing them that Google Drive has restricted access to your item, and they cannot view it.
- Domain
The Domain setting means that everyone within your organization (or team) can view your document. This is particularly convenient in a business environment, when you want everyone in your company to be able to access a resource but don’t have the ability to individually share it with everyone.
What’s the difference between sharing folders and files?
When you share a specific file within Google Drive, whether it’s a spreadsheet, slideshow, document, or something else, the user will be able to see that specific item.
If you share a folder, every file within that folder will be accessible to the user who was granted permission. In the event that you are planning to share a folder, it would be wise to review all of its contents before doing so.
What does Google Drive Restricted Access Mean?
If a user attempts to view a folder or file that has not been shared with them, and that item’s sharing settings are set to private or limited to select users, they will encounter a message reading that Google Drive has blocked them from accessing that item.
Managing Google Drive Access Permissions: A Basic Guide
While this may sound complicated, it’s all quite simple and intuitive when put into action.
Here’s a step-by-step guide to setting up Google Drive access permissions.
- Click on the “Share” button in the upper right corner of your document. The button has a padlock icon on it.
- Add people, groups, organizations, or other users whom you want to give access to the item.
- After adding them, set what level of permissions you’d like them to have (i.e., view, comment, or edit.)
- Under “general access,” set what level of permissions are appropriate for the doc.
- The setting “private” means that only you can view the document.
- You can choose your organization, so that everyone at your company can see it.
- You can choose “anyone with the link,” so that access is free for everyone. Please note this setting should only be used when the information and/or data within the item is not sensitive or private.
Best practices for granting appropriate Google Drive access permissions
For Google Drive permissions, you should always operate under the assumption that less is more. Keep sensitive information on a need-to-know basis. Resist the temptation to automatically grant free access or editor status to anyone - be sure that only people you trust are given editor permissions.
Be absolutely sure that documents, spreadsheets, or slideshows containing critical data or private information are kept on the lowest possible level of Google Drive Access permissions (private, or shared with just a few select users - not the entirety of your organization.)
How to revoke access or change permissions
The process of revoking access or changing Google Drive permissions is simple. You simply click on the share button, then choose “remove access” next to the person’s name. You can also click under “general access” to change the general viewing settings.
Google Drive’s Collaboration Features
It’s easy to use the comment and suggestion features within Google Drive. If you’ve been shared on a document, simply highlight the text, column, or other field you’d like to comment on. A small menu will pop up on the right hand side. You’ll click on the first option - a speech bubble with a plus sign - in order to add a comment. If you’re not sure which symbol that is, hover your mouse over the menu and the words “add comment” will appear over the symbol.
If you’d like to suggest a change, follow the same steps, but select the very last symbol (which looks like a line with a pencil). You can also navigate to the top right corner of the page, just under the share button, and select the suggestion symbol in order to add your suggestions to the item.
The benefits of real-time collaboration in Google Drive are clear. You can skip endless rounds of sending a document via email for numerous edits - instead, you can instantly see the changes being made, and leave our own comments or suggestions. Additionally, Google Drive provides a single source of truth, so nobody gets confused regarding the latest version of an asset in question.
Why You Need an Automated Google Drive Permissions Manager
Most companies won’t be able to dedicate a specific person as a Google Drive permissions manager. Rather, that responsibility falls to team members across various departments, who may be less up-to-date regarding the importance of ensuring security while collaborating, especially with external contractors or resources.
Keeping track of permissions, including rescinding access for users who have left your company or who have unnecessary permissions for sensitive materials, is a daunting task. Think about the thousands - or even millions - of documents, slideshows, spreadsheets, and other assets within your company’s Drive. In our analysis of DoControl clients of all sizes using Google Drive, over the course of 2023 the average company’s Google Drive grew from 1.5 million assets to a staggering 3.5 million assets!
Then, consider the fact that each of those items has its own set of permissions, oftentimes with mixed levels of access. And when it comes to collaborative projects with contractors or other companies, some of those users with access to your critical assets aren’t employed by your organization. That same client analysis found that by the end of 2023, most companies had around 1,177 Google Drive users. That’s a lot of user activity to keep track of.
We also found a noticeable phenomenon of over-exposed sensitive data. For companies on the bigger end of the scale (those with more than 1,000 employees), there were an average of 168,000 assets with sensitive data that were exposed to the entirety of the organization.
In other words, documents and spreadsheets containing private information - which should only be shared on an as-needed basis - were fully visible to every employee at that company.
Even worse, these companies had an average of 3,729 assets with sensitive data that were publicly accessible, meaning that anyone on the internet with a link to that item could potentially view it. The ramifications of this are serious: with just a link, a bad actor can gain access to information like customers’ credit card information, employees’ personal details, and more.
It’s critical to remember that Google Drive Access permissions aren’t just a tool for teams and organizations to streamline their operations - they’re the key to the internal workings of a company, so these permissions must be fully understood and regularly reviewed. This is particularly important in collaborative environments, where access permissions are often granted without a second thought.
DoControl’s SaaS security solution provides you holistic, in-depth visibility into all layers of your SaaS application data, including within Google Drive. With DoControl, you gain crucial insights into your SaaS data exposure, risky user activity, and all the security threats facing your cloud - including but also over-permissioned third-party apps.
Talk to us today to learn more about how our SaaS security solution can help you discover vulnerabilities in your SaaS environment and ensure that your cloud environment and sensitive data remain safe.