One Quick Tip to Manage Google Drive Security and Sharing Settings
This should be easier than it is.
Note: Ofer Shaked originally posted most of this advice on LinkedIn. Credit to him for pointing it out. I am paraphrasing his recommendations here so that there is an easily-accessible reference point for anyone seeking this information in the future.
I am generally a big fan of Google Drive and the apps it comes with (Docs, Sheets, etc.). For collaboration purposes, it is much better than the Microsoft Office suite, in my opinion. The fact that it is difficult to download and email around documents (as opposed to just sharing them) is a feature for me, as it helps to mitigate the version control hell that many organizations face when people email around documents that end with “v2_FINAL_CLEAN.doc” or some version of it.
One problem, however, is that it can be a little tricky to figure out exactly with whom you have shared what. Evidenced by multiple threads on the topic, Google has not made it easy to figure this out. Since sharing documents with people and then forgetting that you have done so can be a potentially security issue, I put together this guide.
The one step solution to this problem
When in Google Drive (https://drive.google.com), type “owner:me from:me” in the search box, as in below:
This shows all of the files and folders you have shared with anyone else. I would recommend taking an inventory and removing anything that doesn’t need to be shared at present.
You should also look at the folders you are sharing. Although Google will warn you when adding new documents to folders that are already shared, you might have ignored this, and now you are sharing more information than you initially intended.
If you are using a paid version of Google Workspace, you also have the option to set an expiration when sharing files and folders. If you are working on a time-limited project with folks external to your organization, this is probably the way to go. Even if you plan on working indefinitely with another group, it might be worth the productivity hit to just expire the permissions every quarter or so and see who re-requests access.
That’s all for this week! Hope this has been helpful.