Documentation
Start typing to search…

List Drives Shared Externally

Definition

The "List Drives Shared Externally" action allows administrators to retrieve a list of Google Shared Drives within their domain that are accessible by users outside of the specified internal domains. This action is particularly useful for maintaining data security and oversight by identifying drives that may pose a risk due to external access. Key capabilities include filtering results using advanced queries, specifying internal domains, and paginating large datasets, enabling IT teams to monitor external sharing activity across the organization efficiently.


Example Use Cases:

1. Security Audits

Identify shared drives accessible to external users to ensure sensitive company information isn't unintentionally exposed and that access permissions comply with internal security policies.

2. Compliance Monitoring

Use the action to review external sharing regularly and support compliance efforts with data protection regulations (e.g., GDPR, HIPAA) by confirming only authorized domains have access.

3. Domain Separation Checks

When your organization manages multiple internal domains, this helps to detect if data is being shared across domains improperly or with unauthorized external addresses.

4. External Collaboration Oversight

Track which shared drives are collaborating with partners or vendors outside your organization, helping you evaluate and manage third-party relationships securely.

5. Automated Reporting

Integrate into workflows that generate weekly or monthly reports of all externally shared drives, streamlining administrative oversight and reducing manual effort.


Input:

Connection

A Google Workspace Administration connection that authenticates and authorizes access to your domain's data.

📌

*You must upload a credentials JSON file for a service account with domain-wide delegation enabled.*Follow this guide to create the connection properly.

Internal Domains

A comma-separated list of domains that are considered internal to your organization.

For example: acme.com,test.acme.com. This field helps the system distinguish between internal and external users when determining which shared drives include external collaborators.

Execute as Domain Admin

A Boolean (true/false) value that determines whether to run the request using domain admin privileges.

Set to true to scan all shared drives where the service account is a domain admin, not just those directly owned by the service account or user.

Query

An optional search query string that filters shared drives based on specified criteria (e.g., name, creation date).

You can customize this to narrow down results to only drives matching your interest.Refer to Google’s query syntax guide for examples.

Max Results

The maximum number of shared drives to return in one response.

Value must be between 1 and 20,000. Use this to limit or increase the number of results retrieved per API call depending on your needs.

Page Token

A token used for pagination.

If you're handling large result sets, this token allows you to retrieve the next page of results.Leave it blank on the first run to get the initial page. Save the returned Next Page Token for use in subsequent requests.


Outputs:

Result Count

Indicates the total number of shared drives returned in the current response.

This is useful for understanding how many drives matched your criteria and were retrieved in this specific execution.

Drives

A list of shared drives that include at least one external member (someone not part of your internal domains). Each drive in the list contains the following details:

  • Id:The unique identifier of the shared drive.

    This is essential if you want to reference or take further actions on a specific drive (e.g., modify permissions, audit content).

  • Name:The display name of the shared drive.

    Helps to easily identify the drive in human-readable form without having to reference the ID.

  • Hidden:A Boolean value (true or false) indicating whether the drive is hidden from the default Drive view.

    Hidden drives are not displayed in Drive UI by default unless explicitly accessed or unhidden.

  • Created Time:The timestamp representing when the shared drive was created.

    Useful for tracking or filtering drives based on age or for audit logs.

  • Org Unit Id:The organizational unit ID of the user who created the drive or to which the drive belongs.

    Helps identify which department or team owns the drive in larger organizations.

  • Sharing Type:Specifies the type of sharing configured for the drive.

    Indicates if the drive is shared externally, publicly, or restricted, which is key to compliance and data control policies.

  • Shared to Domain:Lists the external domains to which the shared drive has been granted access.

    This helps IT admins track which partner companies or vendors have access to sensitive company drives.

  • Shared to Email Address:Shows the external user email addresses (outside of your internal domains) that have been granted access to the shared drive.

    Crucial for identifying potential data exposure points and revoking access if necessary.

Next Page Token

A token that can be used to fetch the next set of results if the number of shared drives exceeds the current page size (as defined by Max Results).

Store and reuse this token to retrieve paginated data in follow-up requests.


Example Scenario:

Auditing Shared Drives for External Access

**Situation:**An IT administrator at a mid-sized company wants to regularly audit all shared drives in their Google Workspace domain to ensure that no sensitive data is inadvertently accessible to users outside the organization.

How to Set It Up in a Flow:

  1. Start a Scheduled FlowSet the Zenphi flow to run weekly (e.g., every Friday at 6 PM).

  2. Add the "List Drives Shared Externally" Action

    • Connection: Select your Google Workspace Admin connection.
    • Internal Domains: Enter your company’s domains, e.g., acme.com,team.acme.com.
    • Execute as Domain Admin: Set to true so the action has access across the organization.
    • Query (Optional): Leave blank to fetch all externally shared drives, or use filters like name contains 'project' to narrow the scope.
    • Max Results: Set an appropriate number (e.g., 500).
    • Page Token: Leave blank for the first request.

  3. **Use a Loop or Table Action (Optional)**Use a loop to go through each drive returned and log or display key metadata like who it’s shared with externally.

  4. Notify or Take Action

    • If any drives are shared with unknown domains or external emails, send a Slack message or email notification to the IT security team.
    • Optionally, trigger follow-up actions such as removing external permissions using another Zenphi action.

**Outcome:**The admin has an automated, auditable process to regularly track and manage externally shared content, ensuring compliance with internal policies and minimizing risk of data leaks.

Updated about 5 hours ago