Control: 3.1.2.1.2.3 (L1) Ensure shared drive file access is restricted to members only
Description
Shared drive file access should be restricted to that shared drive's members.
Preventing unauthorized users from access sensitive data is paramount in preventing unauthorized or unintentional information disclosures.
Remediation
To configure this setting via the Google Workspace Admin Console:
- Log in to
https://admin.google.com
as an administrator. - Select
Apps
. - Select
Google Workspace
. - Select
Drive and Docs
. - Select
Sharing settings
. - Under
Shared drive creation
, setAllow people who aren't shared drive members to be added to files
tounchecked
. - Select
Save
.
Default Value
Allow people who aren't shared drive members to be added to files
is checked
Usage
Run the control in your terminal:
powerpipe control run googleworkspace_compliance.control.cis_v120_3_1_2_1_2_3
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run googleworkspace_compliance.control.cis_v120_3_1_2_1_2_3 --share
SQL
This control uses a named query:
select name as resource, case when drive_members_only = true then 'ok' else 'alarm' end as status, case when drive_members_only = true then 'Shared drive "' || name || '" restricts access to members only.' else 'Shared drive "' || name || '" allows non-member access.' end as reasonfrom googleworkspace_drive;