Skip to content

Google Drive Connector Overview

This connector enables you to use Data Access Security to access and analyze data stored in Google Drive and do the following:

  • Analyze the structure of your stored data.
  • Classify the data being stored.
  • Verify user permissions on the resources, including internal user folders, shared folders, and folders shared by external users to the organizational user.
  • Identity collector - collect IAM users, groups and roles and the connections between them.

Installation Flow Overview

To install the Google Drive connector:

  1. Configure the prerequisites.
  2. Add a new Google Drive application.

Permissions Collection Operation Principles

The Data Access Security Google Drive Permissions Collection task uses Google Drive APIs to retrieve information from Google Drive.

Data Access Security automatically creates a Google Drive Identity Collector (when the “Add New Application” wizard finishes), which collects the users and groups from the Google Apps Domain.

Google APIs

Data Access Security for Google Drive uses the following Google APIs:

  • Google Drive API for resource crawling and permissions collection
  • Google Admin SDK (Directory API) for domain identities (users, groups, and so on)

Google APIs are accessed via a Service Account, defined within the scope of the customer’s Google Apps Domain. The Service Account has Domain-wide delegation permission so that it can impersonate domain users and access their Google Drive files, folders, users, permissions, and data.