Netskope Help

Users

This section of the API Data Protection Policy page specifies the users and groups that can trigger a policy violation.

  1. Select all users, a subset of users, user profiles, user groups, subset of domains, all teams, or subset of team drives. You can search for and select specific users, user profiles, user groups, subset of domains, and subset of team drives. A list displays when you search for a subset of users (plus folders of users), user profiles, user groups, subset of domains, and subset of team drives. If you select All Users, User Profiles, User Groups, or Subset of Domains (Google Drive app only), additional options are available to exclude users and/or exclude user profiles.

    The Exclude Users and Exclude User Profiles options are available for All Users, User Profiles, User Groups, and Subset of Domains. The Exclude options excludes users or user profiles from triggering a policy.

    Important

    The exclude users feature checks the sharing attributes only. For example, if user x has shared a file with user y and z, then all three users need to be part of the exclude users list in order for the policy condition to trigger and skip processing the file any further for these three users. If you add user x only to the exclude users lists, then the policy condition would not trigger. So it is imperative to add the owner and shared parties in the exclude users list.

    Note

    User profiles must be added before they are listed here. To download a CSV file that contains your user profiles, go to Policies > Profiles > User, and then click New User Profile. Complete the steps in the Create User Profile wizard, and then select a user profile.

    Note

    To use the user groups option, you first need to install the Netskope Adapters Utility Tool. For more information, refer to Netskope Adapters.About Netskope Adapters

    Note

    The Subset of Domains, All Teams, and Subset of Team Drives options are applicable for Google Drive policy only. The Team Drive folders are populated after the Google Drive instance is created. The list of sub domains are available in the API Data Protection dashboard page of the UI.

    Important

    For files owned by email aliases such as "IT Support", "HR Group" that do not follow the valid email address format, Netskope does not process such notifications from Google Drive API. As a result, Netskope does not trigger a violation nor display the same in the SkopeIT page.

  2. When finished, click Next.