Understanding Google Drive Trust Rules

Education Plus/Education Standard

Google Drive Trust Rules is a security feature designed to give you more control over how your files, sitting in Drive, are shared and accessed within your organization. With Trust Rules, you can define specific criteria that determine whether external users are allowed to access files shared with them. You can also define how internal users can share and receive with each other and when internal users can receive from external people. Trust Rules help prevent unauthorized access to sensitive information and ensure your data remains secure.

Organizations need to have Education Plus or Education Standard to use Trust Rules. Users do not have to be licensed.

Process

To start using Google Drive Trust Rules, follow these simple steps:

Preview Existing Rules

To view existing rules, you can filter rules for the Trust type.

Rules > Filter [Type} ~ Trust
OR
Rules > Collaborate securely card at the top ~ View list

    1. In the Admin console, go to Rules.
    2. Click Add Filter, then check the Trust checkbox.
      TrustFilterType.png
    3. Click Apply.

Note: Google created two default rules. The rules can be inactivated but not deleted. TrustDefaultRules.png  

Preview What Rules Your Current Settings Will Create

Apps > Google Workspace > Drive and Docs ~ Sharing settings ~ Sharing options - Sharing outside of [your domain]

Google Workspace creates initial Trust Rules from sharing settings. What is in your sharing settings is converted to Trust Rules.

  1. In the Admin console, go to Google Workspace > Drive and Docs.
  2. Click on the Sharing settings block.
  3. The piece that will move over when Trust Rules gets turned on is, Sharing options - Sharing outside of [your domain]. Click Edit to open that setting.
  4. To see how these will convert as trust rules go to
    Rules > Filter [Type} ~ Trust
    OR
    Rules > Collaborate securely card at the top ~ View list (automatically filters to Trust type)
  5. Rules created from your sharing settings appear in the list with an Inactive status.

    Caution: You will see the 2 Trust Rules created by Google in the list; these can be inactivated but not deleted.

  6. To see specific sharing settings, hover over a rule and click Quick View. You can see Scope, Triggers, Conditions, and Actions coming from what you have set in Sharing Settings.
Plan for Additional Rules

When planning for other rules, it's important to consider suggestions such as:

  • Implementing Internal Walled Gardens to control access within your organization.
  • Assessing any exceptions to the rules for comprehensive security measures.
  • Evaluate whether you have accounts already organized into groups or Organizational Units (OUs) you can utilize for rule implementation.
  • Determine if you have Shared Drives within separate OUs for better organization and management.

However, it's crucial to remember that the needs of each school board, district, and institution may vary, so tailor these suggestions accordingly.
 

Turn Trust Trust Rules On

Rules > Collaborate securely card at the top ~ Turn on for Drive

  1. Go to Rules.
  2. In the Collaborate securely card at the top, click Turn on for Drive.
    Your Tasks list opens automatically and shows the progress of activating trust rules.

    Warning: If you ever need to turn OFF Trust Rules, your sharing settings go back into effect and any custom rules you create get deleted.

Create New Trust Rules

Rules > Create rule

  1. In the Admin console, go to Rules.
  2. Click Create rule and select Trust. The stepper opens.
  3. Name and Scope:
    • In the Name block, give the rule a name and description.
    • In the Scope block, select who the rule applies to - either the domain or specific OUs or groups.

      Note: The lowest level this applies to is group. You can use conditions in step 3 to target individual users.  

    • For OUs or groups, click on the appropriate Include or Exclude box.
    • Find and select the OUs or groups, then click Done.
    • Click Continue.
  4. Triggers and conditions:
    • Select the activity that triggers this rule. Options are Shared files and Receiving files; you can select one or both.
    • In the Conditions block, click Add Condition.
    • Select the other party you want to allow or block from sharing and receiving with your Scope.
    • Click Continue.
  5. Actions:
    • Select what happens when the users in your Scope try to share or receive with the people in your condition. Select Allow, Allow with warning or Block.
    • Click Continue.
  6. Review: Provides a summary of the rule.
  7. Click Finish.
  8. You can start with the rule as Active or Inactive. By default, Active is selected. Click on Inactive to begin with the rule as inactive. 
  9. Click Complete. The page returns to the rules list with the new rule at the top.

 

Resources

Google: Create and Manage Rules

CDW Education Webinar: Drive Trust Rules - Secure Collaboration in Your School

CDW Education Support Stack: Drive Trust Rules - Getting Started 

 

Document Version Date Description of Change
1.0 1/26/24 Original publish, trimmed webinar
1.1 2/15/24 Updated webinar to include guests

 

Articles in this section