[Google Workspace] Restricting document sharing settings to within the organization

Tadashi Shigeoka ·  Wed, August 13, 2014

In Google Workspace (formerly G Suite), administrators can restrict document sharing settings to within the organization from the admin console.

G Suite | Google Apps

ドライブ ユーザーの共有権限を設定する - G Suite 管理者 ヘルプ

This time, I’ll document what I investigated when enabling the setting “Users cannot share documents with users outside this organization.”

Here, let’s assume the organizational domain is codenote.net.

First, the default Google Drive sharing options look like this:

Google Drive Sharing Options (Default)

google-drive-share-settings-default

I changed the settings as shown below:

Google Drive Sharing Options (After Change)

google-drive-share-settings-changed

As a result, it appears that even documents already shared with users outside the organization are affected by the sharing settings. So, for example, documents that were shared with @gmail.com addresses will show a “Permission required” page when this setting is enabled. In this case, you can still share with the organizational domain codenote.net.

For documents that were previously shared with @gmail.com, you need to migrate the sharing settings by creating a separate group and sharing with that group.

Even when added to a group, sharing with external email addresses like @gmail.com outside the organization was not possible.

It’s a bit more restrictive and troublesome, but it’s an important point to prevent leaking important company confidential information to the outside, so I want to configure this properly.

That’s all from the Gemba.