We are going to use a powerful search feature inside of GAT+ Drive audit to identify the contents of documents we’re going to investigate. This feature is called the ‘File content text search’. It allows admins/delegated auditor to use a word or sentence to search through all of the files across the domain and to return documents which contain them.
Step 1: Click on the ‘Apply custom filter’ button.
Step 2: Enter the word or sentence to return files which contain them. Select the user’s account you want to search through you can leave this field blank to search your entire domain’s Drive or enter a user, Google Group or Org Unit to search through them only.
You can also use multiple rules in the definition section of the Apply custom filter. I used the Updated search parameter. Once you click on Apply button the search will begin.
It will take a few minutes depending on how many files you have across your domain.
Step 3: Select the files you are interested in, remember that these files contain the sentence “private and confidential”.
Step 4: Click on the ‘Files operation’ button and then select ‘Access permissions granted’.
Step 5: Next we will select a date in the future, we will have access to these files until this date. You have an option to write to your security officer explaining why you need access to these files.
Send the request to the Security Officer(s) for approval.
The following email will be sent to the Security Officer.
The Security Officer can click on the link in the email and will be taken to the approval area(Grant) in GAT+.
When the Security Officer grants access an email will be sent to the requesting Administrator/delegated auditor informing them. The Administrator from the ‘Access permission granted’ menu can see the full list of their access requests along with the time left for each request to remain valid.
Once the request is selected, the requestor can download documents or view the contents silently without the owners’ awareness.