Configuring API Google Attributes policies

Configure API Google Attributes policies to enforce actions on Google Drive files based on their searchability setting.

API Google Attributes policies are evaluated when a file's searchability attribute matches the configured condition. The primary use case is to detect when a file is changed from Must have link to access to Can find in search results and automatically restrict it back to link-only access.
Note: File attributes must be enabled in App Security before configuring these policies. See Configuring Attributes for API scanning.

Steps

  1. In App Security, navigate to Protect > Policies > Google Workspace.
  2. Under API Google Attributes, click "+" to add a new policy.
  3. Select which users the policy applies to:
    Table 1.
    Option Description
    All Scanned Users The policy applies to all users configured for Google Workspace scanning.
    Selected The policy applies to specific user groups. Click + Add group to add one or more groups using AND or OR criteria.
  4. Under Condition, configure the condition:
    Table 2.
    Condition Description Values
    Attribute Searchable Match files based on the searchability setting in Google Drive. Can find in search results or Must have link to access.
    Path Match files based on the path location within Google Drive. Enter the file path.
  5. Under Action, select the action to enforce when the policy condition is met:
    Table 3.
    Action Description
    Link-Only Access Restrict the file so that only users with the direct link can access it. Removes the file from Google Drive search results.
    Allow Permits the event with no change to the file. Use this action to log the activity without enforcement.
  6. Under Notifications, configure the email notifications to send when the policy is triggered:
    Table 4.
    Field Description
    Owner Email Select a notification template to send an email to the file owner.
    Group Email Select a notification template to send an email to a configured group.
    Actor Email Select a notification template to send an email to the user who triggered the policy action.
    Forcepoint Alert Select Generate Alert to create an alert in the App Security alert log.

    For information about creating notification templates, see Configuring notifications.

  7. Click Preview to review the policy configuration before saving.
  8. Click Ok on the Cloud Policy (API Google Attributes) dialog, then click Save on the Policies page.

Result

The API Google Attributes policy is created and active. App Security enforces the configured action when a file's searchability attribute matches the condition.