Improved Group filtering- Google Workspace
Google Groups are super useful whether they are used for email distribution lists or providing access to files and services to a large cohort of users. However, with Google Groups there also comes the risk of oversharing internal information.
With Google Workspace, it’s easy for users to share information with a Group, however, the membership of that group is often hidden or difficult to find. It is generally the responsibility of the IT administrator to maintain and manage Google Groups, although Google Workspace does support the ability for users to create and manage Google Groups. As Google Groups supports both internal and external users, it’s possible for users to be sharing information externally without realising it.
It is therefore important that Google Workspace administrators correctly manage and monitor their Google Groups. We recommend that where possible organisations implement Dynamic Google Groups and move away from manually adding and removing members, as more often than not members are rarely removed, creating the risk of sharing information to the wrong people.
Google Group Filtering
To help combat oversharing with a Google Group, Patronum now includes enhanced filtering. With Patronum you can now filter Google Groups to quickly show you which Google Groups contain external members. The filter also helps locate Orphaned Google Groups that no longer have members.
This feature is the first in a series of security audit capabilities that Patronum is bringing to Google Workspace administrators, and all based on feedback and feature requests from our amazing Patronum user community If you have a feature request or enhancement you’d like to see in Patronum make sure you register it within the customer community portal.
Dynamic Google Groups
Dynamic Google Groups are Google Groups whose memberships are automatically managed using a membership query or a query on employee attributes, such as job title or department. For example, a membership query might be “all users whose job title is Developer.” Dynamic groups are only available natively to Google Workspace Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud Identity premium customers. However, if you are not using these editions of Google Workspace, Patronum can automatically manage Google Group membership via a policy. Simply define a filter that best describes the cohort of employees you want to add to the Google Group. For example “all users whose job title contains the word Marketing”.
Patronum also supports the ability to dynamically create dynamic groups, so that organisations can create one simple policy that is responsible for creating Google Groups based on attributes within the user’s profile.
Example: For a custom attribute called GeoCode, could contain values of LATAM, EMEA, NORAM etc. You can then define a rule in Patronum, to create groups based on GeoCode attribute. You can specify a prefix and suffix, and also a limiting filter such as “Include only: EMPLOYEETYPE (another custom attribute) = FULL’ or similar. The output is a group automatically generated for each GeoCode, and the groups include only full-time employees. Ex. EMEAfirstname.lastname@example.org; NORAMemail@example.com etc.
For those unfamiliar with Google Groups, below is a brief explanation can be found below:-
Google Group Types
The following types of groups can be created:
|Email List||This is the most common type of Google Group and is used when the group is mainly used for communication e.g. an email distribution list.|
|Security||A security group is similar to a Google Group but is used specifically for controlling access to organizational resources. A security group is created by updating a Google Group to a security group.|
|Collaborative Inbox||This type of group allows the distribution and tracking of messages e.g. for a customer services or help desk forum. Responsibility for topics can be assigned to specific group members and topics can be marked as resolved once they have been completed successfully.|
Sharing Google Docs, Sheets and Slides with a Group
If you are a Google Group user, you can share Google Docs, Sheets, Slides and Forms with all members of the group in one step, allowing everyone in the group access to the document. This is often the most secure way to share information as access can be removed for an individual to all resources by removing them from the Google Group.
Permissions are linked to the Google group rather than the individual members. When a user joins a Google group, they are automatically given permission to access the document, and if they leave the group, those permissions will be revoked automatically.