This section of the API Data Protection Policy page specifies the users and groups that can trigger a policy violation.
- Select all users, a subset of users, user profiles, user groups, subset of domains, all team drives, or subset of team drives. You can search for and select specific users, user profiles, user groups, subset of domains, and subset of team drives. A list displays when you search for a subset of users (plus folders of users), user profiles, user groups, subset of domains, and subset of team drives. If you select All Users, User Profiles, User Groups, All Team Drives, or Subset of Domains (Google Drive app only), additional options are available to exclude users, user profiles, or team drives.
The Exclude Users, Exclude User Profiles, and Exclude Team Drives options are available for All Users, User Profiles, User Groups, All Team Drives, and Subset of Domains. The Exclude options excludes users’ files or files in user profiles from triggering a policy if the files are shared between the users in the exclusion list.
- The exclude users feature checks the sharing attributes only. For example, if user x has shared a file with user y and z, then all three users need to be part of the exclude users list in order for the policy condition to trigger and skip processing the file any further for these three users. If you add user x only to the exclude users lists, then the exclude user condition for policy would not trigger. So it is imperative to add the owner and shared parties in the exclude users list.
- The Subset of Domains, All Teams, and Subset of Team Drives options are applicable for Google Drive policy only. The Team Drive folders are populated after the Google Drive instance is created. The list of sub domains are available in the API Data Protection dashboard page of the UI.
- For files owned by email aliases such as “IT Support”, “HR Group” that do not follow the valid email address format, Netskope does not process such notifications from Google Drive API. As a result, Netskope does not trigger a violation nor display the same in the Skope IT page.
- All Users, Subset of Users, User Profiles, User Groups, and Subset of Domains scan content in Google Drive’s ‘My Drive’ folders. All Team Drives and Subset of Team Drives scan content in Google Drive’s ‘Team Drive’ or ‘Shared Drive’ folders. If you need to scan ‘My Drive’ as well as ‘Team/Shared Drive’, create two separate policies.
- User profiles must be added before they are listed here. To download a CSV file that contains your user profiles, go to Policies > Profiles > User, and then click New User Profile. Complete the steps in the Create User Profile wizard, and then select a user profile.
To use the user groups option, you first need to install the Netskope Adapters Utility Tool. For more information, refer to Netskope Adapters.Netskope Adapters-OLD
- When finished, click Next.