How to get notified when a user shares a document on Google Workspace

How to get notified when a user shares a document on Google Workspace

This is the first out of multiple articles about specific use cases with Google Workspace. Stay tuned for the next articles.

Following our article on the basics of Google Workspace security for employees, let us dig one step further. In this article, I will explain how you can get notified when documents are being shared publicly within your organization.

Step #1: Becoming familiar with the Audit & Investigation section

First things first, open your administration console. It is the central place that allows you to manage all your Google Workspace services. Let’s meet at

Frame 126.png

Then, go and find the Audit & Investigation panel.

Frame 127.png

You just have to click on any of the tabs to access the events related to that topic (eg. Admin log events).

Here you will find the exhaustive list of events that happened in your org, regarding the scope you selected. You can click on “Create reporting rule” to start building your own set of rules.

Frame 128.png

Let’s move to the use cases now! The following ones are just examples, thanks to the Console you will able to build any rule that passes through your mind.

Step #2: Creating the rule

The Basics


Regarding what your company is doing, you may want to take control over who is sharing what. Are the documents sensitive? Are they being shared with the proper setting? Can anyone with the link have easily access to the information contained within the document? You can get a view on these topics by properly setting up your own rule.

1. Go to Drive log events > Create reporting rule

2. Name your rule. Click Next.

3. Click on Add a filter > Visibility change

Frame 129.png

Now you will get notified every time that someone shares a document outside of your organization. Click Next.


Once you are happy with the conditions you've selected, you can now decide where you will be notified. Google gives you three options :

- Select severity. Allows you to decide how bad the behavior you track should be classified (High, Medium, Low).

- Send to alert center. Allows you to record the alert on another console, with advanced details about the events. Useful for events you want to keep a specific eye on.

- Send email notifications. Allows you to choose who will be notified when the event occurs. It can be all the super admin, or whoever you want. Useful for events that need a quick response.

Frame 131.png

Click Next.

You can now Review your rule before deploying it. Once you are satisfied with your settings, just click Create Rule.

Et voilà ! You will now be notified every time the specific behavior you set up is performed by a user.

Frame 132.png

You will receive that email if you selected the option “Send email notifications”.

To go even further

You want more? Google offers a Condition Builder on step #2 (“Conditions”). You are able to build complex rules with different variables. Here is an example of a very specific event:

- The user shares it externally

- The document is a PDF

- The title of the document contains the word “confidential”. One could think of other sensitive terms such as “password”, “private”…

- The owner of the document is… me

Frame 130.png

Your imagination is the only limit! Thanks to that builder you can create extremely personalised rules that fit your own context.

Mastering Google Worskspace

The Administration Console is a very powerful tool. Yet it suffers from some major flows:

  • The condition builder is quite simple (only AND or OR conditions, not both at the same time).
  • The alerts sometimes don’t work like configured, and appear often late.
  • The interface is complex to master.

This is why we are building Cyrius, the platform that helps you get the best out of your Google Workspace security -and more. Cyrius helps you configure the best security use cases on Workspace and go beyond the limitations of the Admin Console:

  • Quick and intuitive use case configuration,
  • Real-time notification of risky behaviors,
  • Resolution of security vulnerabilities directly created by users,
  • Visibility on solved and unsolved vulnerabilities,
  • Aggregation of the best use cases used by our customers

Sounds right to you? Feel free to reach out 👋

Nous utilisons des cookies, comme décrit dans notre politique de confidentialité.

Cookie Settings

We use cookies to improve user experience. Choose what cookie categories you allow us to use. You can read more about our Cookie Policy by clicking on Cookie Policy below.

These cookies enable strictly necessary cookies for security, language support and verification of identity. These cookies can’t be disabled.

These cookies collect data to remember choices users make to improve and give a better user experience. Disabling can cause some parts of the site to not work properly.

These cookies help us to understand how visitors interact with our website, help us measure and analyze traffic to improve our service.

These cookies help us to better deliver marketing content and customized ads.