What’s changing
We’re releasing a security update which will apply to some Drive files. This will make Google Drive files more secure by updating their links and may lead to some new file access requests. While we recommend that you apply the update, Google Workspace admins can choose how this update is applied in your organization.
Who’s impacted
Admins and end users
Why it’s important
This security update is being applied to some files in Google Drive to make sharing links more secure. The update will add a resource key to sharing links. Once the update has been applied to a file, users who haven't viewed the file before will have to use a URL containing the resource key to gain access, and those who have viewed the file before or have direct access will not need the resource key to access the file. Learn more about resource keys and how they might impact your files.
Getting started
Admins: You can use the Alert Center to see how many users, folders, shared drives, and files are affected in your organization. Look for an alert with the subject “Security update for Drive.” Before July 23, 2021, Admins should choose how the security update is applied for their organization. Use our Help Center to learn more about this update and how to manage it for your organization.
End users: Unless the admin chooses to opt their organization out of the security update, end users who own or manage impacted files will receive an email notification starting July 26, 2021 with their impacted files. End users will have until September 13 to determine how the update is applied to their files, if permitted by their admin. Use our Help Center to learn more about how this update will impact end users.
Users with personal accounts: Users who are not part of a Google Workspace domain will receive a notification from Google Drive to inform them of their impacted files starting July 26, 2021 and will have the option to remove the security update. These users will have until September 13, 2021 to determine how the update is applied to their files. Use our Help Center to learn more about how this update will impact end users.
Developers: Items that have a Drive API permission with type=domain or type=anyone, where withLink=true (v2) or allowFileDiscovery=false (v3), will be affected. In addition to the item ID, your application may now also need a resource key to access these items. Use our Developer resource to learn more about how this update will impact your projects.
Admins will see how many users, folders, shared drives, and files are affected in their organization in the Alert center
Admins can choose how the security update is applied for their organization at Admin Console Apps > Google Workspace > Drive and Docs > Sharing settings > Security update for links.
End users who own or manage impacted files will receive an email notification starting July 26, 2021 with their impacted files. Depending on the settings chosen by their admin, they may have the option to remove the security update from their impacted files.
Rollout pace
- Before July 23, 2021: Admins can choose how the update is applied in their organization.
- For non-education customers, by default the update will be applied and impacted end users will be notified, with the option to exclude their files from the update.
- For education customers, by default the update will be applied and impacted end users will be notified, without the option to exclude their files from the update.
- Starting July 26, 2021: Depending on admin settings, impacted end users will get notified about impacted files and the choices they can make.
- Starting September 13, 2021: Enforcement of the admin and user options will be made to selected files if settings have not been changed in advance.
Applicability
- Applicable to all Google Workspace customers, as well as G Suite Basic and Business customers. Also applicable to users with personal Google accounts.
Resources
Google is rolling out a security update to YouTube and Drive. More details on YouTube update here.