One great way to secure documents in Google Workspace is by using shared drives. These shared spaces are where teams can store, search, and access their files from any device, anywhere. But unlike My Drive, where individuals own files, files are owned by everyone in the drive. This helps keep all of a team or department’s data in a centralized, easy-to-find location.
Although shared drives can aid teams in secure collaboration, they also come with security risks that can be difficult for admins and end-users to parse out. At Nira, we receive a lot of questions surrounding shared drives. People want to know if shared drives can have Public links that anyone on the internet can access or how to deal with multiple members or domains with access to shared drives.
To clear up any confusion, here are the answers to our seven most commonly asked questions:
Google Workspace Shared Drives FAQs
1. Can users add Public links or Company links to shared drives?
Users cannot add Public or Company links to shared drives. Shared drives can only be Restricted, meaning only explicitly added collaborators can access shared drives. Since permissions are inherited, this means that by default all documents and folders within Shared drives will be Restricted to start.
However, documents and folders that are a part of a shared drive can be given Public or Company links. In the case of folders within a shared drive, that means that every item within that folder would inherit the Public or Company link, too. We don’t recommend using Public and Company links for documents and folders containing sensitive information.
2. How much visibility do users have in shared drives?
People with access to the shared drive can view everything in that shared drive unless they are removed as a collaborator on the drive or folder. Depending on their permission level, they can take different actions like viewing and commenting on files or making and rejecting edits in documents.
3. What kinds of accounts can be added to shared drives?
Any account type can be added to shared drives. Internal accounts, personal accounts, and accounts owned by outside domains can be added to shared drives.
If you add an external user to a shared drive, they must have a Google account and be signed in to Drive to access the shared drive and its contents.
4. What happens when you suddenly stop sharing a shared drive with external parties?
When you add an external account to a shared drive, they receive access to all the documents and folders within the shared drive. If you later remove that external account from the shared drive, it will be removed from all the documents and folders in the shared drive as well.
It’s not possible to remove the external account from individual documents within the shared drive. Their access must be removed at the overarching shared drive or folder level.
The only way to keep an account from having access to the documents and folders within a shared drive is to remove them from the shared drive.
5. Can I remove a collaborator on a shared drive from the documents within the shared drive?
Since permissions are inherited from shared drives to all items within them, the accounts will need to be removed from the shared drive itself. They cannot be removed from individual items within the shared drive. They must be removed at the top-drive level.
6. How do you deal with multiple members in shared drives?
It’s essential to be aware of the various roles that are available in shared drives. For example, there can be multiple Managers, Content managers, Contributors, etc. for one shared drive.
Knowing who is a member of the shared drive and what level of access permissions they have is key to keeping company documents secure.
7. Can shared drives be owned across multiple domains?
Multiple domains can be Managers on the same shared drive. This makes collaboration between different companies seamless. For example, if a company is working on its SOC 2 audit with its auditor and needs to drop a lot of information into a shared drive and move that information around.
When two domains own the same shared drive, either domain can remove the other from the shared drive and all of its folders and documents, no matter who originally first created the shared drive. This is why it’s so important to manage shared drive permissions and ensure that Manager-level access is only given when absolutely necessary and is revoked when access is no longer needed.
Shared drives can be a help or a hindrance to your document security response depending on how you utilize them.
Admins are able to lock down certain sharing permissions and capabilities, but it can be difficult to get full visibility into issues without the proper admin solution.
To help, we’ve written a comprehensive guide on document security that goes over shared drives, folders, labels, and more.