Building a Chinese Wall Between Google Groups

The GAT team love interesting audit problems and a very nice one arose when a school asked us how they could ensure two Google Groups did not share documents with each other.

Normally for internal use cases, we test to ensure sharing is happening, in this case, we were testing to ensure sharing was not happening.

This solution to this audit test is in effect verifying that a ‘Chinese wall’ exists inside an organization. Such a test has use in other areas such as financial, accounting and legal environments.

The ability of GAT to complete this test depends on four features unique to GAT:

  • The ability to build audit filters by Group.
  • The ability to distinguish between files owned and files used.
  • The ability to join audit filters together to make more complex filters.
  • The ability to use boolean operators between these filters.

In this case, assuming groups A and B have no overlapping members, we find all files owned by Group A and find all files used by Group B. We then combine these two filters to return only files owned by Group A AND used by Group B.

Then we reverse the order of search for owned and used.

Next, we combine these two new searches to find all files owned by A and used by B OR all files owned by B and used by A.

All of this can be done through the ‘Recent Filters’ tab in the GAT Drive audit.

Example of how filters can be combined to give ever more complex filters using the recent filters tab. To re-execute any filter again just click on it. To save any complex filter, after executing click ‘Schedule/Save’ and instead of scheduling the filter just return to your Drive audit. That filter will be loaded automatically into recent filters every time GAT starts.

This audit can then be scheduled to be turned into an Audit or a policy and the shares can even be automatically removed.

From V.3440 GAT allows for filters to be copied between domains. Behind every filter, even the default one you will find a filter edit link

Click on this link to open up the filter edit table, here you can paste a complex rule you developed yourself or you got from another Admin.

 

The rule for the above filter is…

{

 “1userOwnedDocs”: “true”,

 “4deleted”: “false”,

 “2deleted”: “false”,

 “#multi”: “or 0 3”,

 “5searchTextType”: “DOC_NAME”,

 “3#multi”: “and 4 5”,

 “4privacy”: “NULL_PRIVACY”,

 “1deleted”: “false”,

 “4searchTextType”: “DOC_NAME”,

 “5deleted”: “false”,

 “5privacy”: “NULL_PRIVACY”,

 “1userToAudit”: “gat.devs@bsn.ie“,

 “1privacy”: “NULL_PRIVACY”,

 “2privacy”: “NULL_PRIVACY”,

 “2searchTextType”: “DOC_NAME”,

 “5userToAudit”: “gat.devs@bsn.ie“,

 “_reportType”: “USER_DOCS”,

 “1searchTextType”: “DOC_NAME”,

 “2userToAudit”: “vpn@bsn.ie“,

 “4userOwnedDocs”: “true”,

 “0#multi”: “and 1 2”,

 “4userToAudit”: “vpn@bsn.ie

}

Simply change the groups to ones on your domain, paste the changed rule from above, and post to execute immediately.

The rule will now be in recent filters and you can save or schedule as you wish.

Comments

comments