From creating team mailing lists to processing support tickets to hosting internal discussions, many organizations use Google Groups to connect and collaborate in the workplace. But as with any communication tool, it’s important that your settings deliver the right balance between sharing and security.
By default, Google Groups are set to private; there have been a small number of instances, however, where customers have accidentally shared sensitive information as a result of misconfigured Google Groups privacy settings. That’s why it’s important to understand how you can tailor the privacy configurations of Google Groups to align with your organization’s policies. Details of how to do this are part of our comprehensive
security best practices for G Suite, which we’ve discussed in previous
blog posts.
Default protections against accidental misconfigurationsTo help prevent data from being accidentally shared, by default Google Groups’ sharing settings are set to best protect privacy:
- Viewing groups: By default, no one outside your domain can view or search groups in your domain.
- Posting to groups: By default, no one outside your domain can post to your groups.
- Joining groups: By default, no one outside your domain can become a group member.
- Creating groups: By default, only those within your domain can create groups.
G Suite admins can adjust each of these default settings individually. They can
review and update the sharing permissions for their domains from the Admin console, while end users can
review and update Google Groups permissions in group settings. Admins can also manage groups
using the Directory API, and group settings can be managed
using the Groups Settings API.
Viewing groups: configuring settings at the domain levelAdmins can control who can view groups at the domain level, under “access to groups.” There are two options:
- Private, the default setting, means no one outside of your domain can access your groups, and your users and domain admins do not have the ability to create public groups.
- Public on the Internet means users can create public groups, and individuals outside your domain can access content discussed in these groups.
You should carefully consider whether to change the access to groups from
Private to
Public on the Internet. If you give your users the ability to create public groups, you can always change the domain-level setting back to private. This will prevent anyone outside of your domain from accessing any of your groups, including any groups previously set to public by your users.
Viewing groups: configuring the default view for new groupsEven if you turn on the
ability to create public groups, all new groups will be private by default and users will need to proactively change individual group settings to make them public. As an admin, you can change this default setting so that view access for new groups is limited to all members of your domain or a subset of group members.
We recommend you choose the setting that makes the most sense based on how your organization uses Google Groups. Remember, this is the
default setting for new groups—group owners can still change settings at the group level (although if admins set “access to groups” to private, users won’t be able to allow anyone on the internet to view the group).
Posting to groups: configuring who can contact group membersBy default, external users cannot post to groups. In some instances, however, you may want external individuals to be able to contact a group—for example, when handling incoming sales or support requests. This can be done without making the ability to view topics in a group public.
As an admin, you can allow posts from outside your domain to specific groups within the settings for that individual group (by selecting “Public” under Post). This setting applies regardless of whether group topics are set to public or private.
As an admin, you can also give group owners the ability to authorize external posts via the Admin console setting under “Member & email access.”
Joining groups: configuring group membershipBy default, only users in the group’s domain can be group members. Admins, however, can
add external members directly to groups, and they can also enable group owners to add external members—for example, if they need to communicate with a vendor organization. Admins can also to add external members regardless of the status of the setting.
Creating groups: configuring who can create new groupsAs an admin, you can also decide who can create groups within your organization. By default, anyone in your domain can create groups.
If you allow users in your domain create public Google Groups
and give anyone in your domain the ability to create groups, you’re trusting your users to manage their settings and use these groups appropriately. It’s worth carefully considering whether this configuration makes the most sense for your organization.
For more information on securing your Google Groups, visit our
Help Center. You may also want to review our
security best practices across G Suite.
More InformationHelp Center: Google Groups securityLaunch release calendarLaunch detail categoriesGet these product update alerts by emailSubscribe to the RSS feed of these updates