Shares Out, Shares In, Shares Internally, Top Externals

Shares Out – Shares In – Shares Internally – Top Externals

Sometimes it is good to be able to quickly get a table of some key metrics. A common question is ‘Who shares out the most documents?’, often followed by ‘Who shares in the most?’.

Shares Out

GAT+ makes answering these three questions very easy. For the first part, go to the User Audit and select the ‘Drive Productivity’ tab. There you will see a column, ‘Shared Out’. The Drive Productivity tab shows files which are exclusively owned by your local users. The Shared Out column indicates the files shared to external users from other domains. Click on the heading will be the most to the top.

There are a few other notable headings such as Public and Public with link which provide valuable insight. Public means these files are accessible from anywhere on the internet. Public with link means that these files are only available from a definite URL which can be shared with anyone.

Shares Internally

The second part is knowing ‘Internal’ file sharing. Internal means these files are shared only with local users on your domain and with no one outside.

Clicking on any one of the numbers shows you the files behind the number, allowing you to quickly identify who the shares are ‘to’.

Shared In files

In the User audit Drive tab which is adjacent to Drive Productivity tab is where you will find the ‘shared in’ column. Shared in files can be sorted like other headings, once sorted it will rank the most files shared into a user’s account.

Click on any number to see the details of the files behind the number, including who it is shared with, shared from, number of visits, sharing rights, last accessed, etc.

As with all the User Audit report tabs, each tab can be subject to further filtering, so you can find the information above for all the members of a particular Organization Unit or a particular group, or for Admins or accounts that match particular name criteria, etc.

Top Externals  – Who ‘outside’ is sharing in the most?

Find in a single click the top external users sharing documents into your domain.
On the GAT+ side menu click on ‘One Click Reports’ and select ‘External Users – Docs’.

Sort on the second column ‘Owns (not ours)’ to see which external users share in the most files.

Remember, from a security perspective a document shared in with edit rights is just as dangerous from a security perspective as a document shared out (a point often missed by other tools).

From this table you can also see and sort by rank the external domain users that have access to your files, these can be ranked by volume and by type of access (Edit or View access).

GAT+ not only allows you to see the big picture but to ‘zoom in’ very quickly.

Identifying External Public Files Your Users Can Edit

Following our last post explaining how to deal with organization files that were shared to the public (Public Shared files – How to Address with GAT), this post will deal with a second potential source of accidental information leakage to the public. In this post, we will look at documents shared into the domain, that are open for your users to edit and which are also ‘Public’.

First, we will assess the current situation, which can be done in 4 simple clicks…

  1. Click on the Apply custom filters button within Drive Audit.

Click Apply custom filters button within Drive Audit

  1. In the filter menu select the following filter operators.
    • Editors matches
    • Sharing Flags contains Public
  • Sharing Flags contains Shared in

Make sure that all of these search operators are properly combined by using AND.

From the resulting list, you can see what are the public files your staff can edit. They may believe this is a private collaboration with an external individual but in fact, the contents are public on the internet. Using the steps outlined in Public Shared files – How to Address with GAT, you can notify your users in the same way of the risk involved.

How to Stop Internal Shares Among Students

First, read the post here in the GAT G+ Community. This will save you a lot of time creating and sharing rules. Don’t forget to return to this post – this rule is a new rule and not the same as the ‘Chinese wall’ example in the link above.

(If you have some useful filters you can share with others in the GAT community, whether for business Admins or GAFE Admins.)

This rule will show you how to find all the internal shares for an OU called students. After finding the shares it will then show you how to remove remove them on a scheduled basis.

Having read the paper at the end of the link posted above, go to the GAT Drive audit and using the pencil icon (beside ‘Export to Spreadsheet’), paste the following rule


 “0privacy”: “OPEN_TO_DOMAIN_PRIVACY”,

 “0editedFrom”: “04/05/2015 23:00:00″,

 “0userOwnedDocs”: “true”,

 “0searchTextType”: “DOC_NAME”,

 “#multi”: “and 0 1”,

 “0deleted”: “false”,

 “1deleted”: “false”,

 “1privacy”: “NULL_PRIVACY”,

 “_reportType”: “USER_DOCS”,

 “0organization”: “/Students“,

 “1searchTextType”: “DOC_NAME”,

 “1negate”: “true”,

 “1organization”: “/Staff



After pasting the rule above, look carefully at the items in blue. Change the date to yesterday’s date (based on the date format you set for your domain dd/mm/yyyy or mm/dd/yyyy). Change the Students OU to the OU name you use for students on your domain. Change the Staff OU to the OU name you use for teachers or staff on your domain.

Having pasted this rule and run a search, next press the ‘Schedule/Save’ button, then schedule this report to run every day after midnight. This will generate a report for you in either pdf or csv output, showing students who shared documents internally, excluding those shared with teachers.

Run the report for a few nights to make sure you are happy with it. Also, test with a few documents to make sure your scopes are working fine. Note, based on the rule above, one use case where a pupil can share with another and not have it reported is where the share is to a teacher and a fellow pupil. In all cases, we expect this is legitimate as it will be transparent to the teacher.

When you are happy with the rule, return to editing the rule via the scheduled reports icon.

scheduled reports icon

From here, clicking on the scheduled report name (see area in red oval below)

lets you edit the scheduled report. From here you can automatically have all shares removed and optionally a warning sent to the students (select ‘Notify Local Users’ also).

Only implement this feature when you are sure the files being reported in the nightly reports are correct and are of the type you want to stop internal sharing of.

How it’s done

To learn how to build up the rule we outlined above, you first find all the documents owned by the OU you want to monitor/control, in the screenshot below we selected ‘Users’ as the OU.

You select the items as shown above and finally to build the search and filter string, you press the selection for internally shared, (‘1’ in the example above). If there is nothing already internally shared, the yellow filter may not exist, so share at least 1 internal document (an unlikely scenario).

Next, we find all the documents used by Teachers or Staff. This is the default search for an OU (in the example below we use the OU ‘Leavers’).

NOTE! Owned Docs selection box is not ticked. This means show all the docs for teachers which they either own, can read or can edit.

We are looking for these, so we can exclude them, so after you complete the search, select

‘Negate Filter’ New Filter button

The final step is to combine the two filters. To do this select the tab ‘Recent Filters’ and select the last two searches.

GAT filters

Combine with ‘AND’ and press ‘Show’, now you have your filter and a rule that you can schedule to run every night (‘Schedule/Save’).

Remember the example above is for an OU, but you can also repeat the above steps and just pick a Google group.