Supported editions for this feature: Frontline Standard ; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus ; Enterprise Essentials Plus. Compare your edition
Drive DLP and Chat DLP are available to Cloud Identity Premium users who also have a Google Workspace license. For Drive DLP, the license must include the Drive log events .
When you create data loss prevention rules for DLP, you add conditions that trigger these rules. Conditions can nest in other conditions, using AND , OR , or NOT operators. This article describes some examples of common use cases for these operators in the conditions in DLP for Drive rules.
Functions of the AND , OR , and NOT operators
Operator | What it does |
---|---|
AND | An action occurs only when all the conditions that are combined with an AND operator are met. For example, a condition can block sharing if a document body contains the word Confidential AND Acme . Only documents containing both the keywords are blocked from sharing. If a document contains only the word Confidential , sharing is not blocked. |
OR | An action occurs if either of the conditions are met. For example, a condition can block sharing if the document contains the word Confidential or Acme . Documents containing either word or both words are blocked. |
NOT | This condition is excluded from evaluation before an action occurs. |
Tip: If you change your mind about about adding a condition, clickto remove it and start again.
DLP for Drive rule condition examples
Example 1: DLP rule condition with AND and OR operatorsIn this use case, the rule is triggered when a document title contains the word confidential , and the document body contains a United States passport number or a United States Social Security Number.
Here is a conceptual diagram of this use case:
To configure this use case:
- In the rule configuration flow, you have come to the Conditions section. Click Add Condition.
- Specify these values for the condition fields:
- Field—Title
- Value—Contains word
- Entercontents to match—confidential
- Click Add Condition.
- In the second condition, click Add condition group . This creates a group of two new conditions subordinate to the first condition.
- In the new group of conditions, change AND to OR .
- Specify these values for the first grouped condition:
- Field—Body
- Value—Matches default detector
- Default detector—Scroll and choose United States-Passport
- Likelihood Threshold—Possible
- Minimum unique matches—1
- Minimum match count—1
- Specify these values for the second grouped condition:
- Field—Body
- Value—Matches default detector
- Default detector—Scroll and choose United States--Social Security Number
- Likelihood Threshold—Possible
- Minimum unique matches—1
- Minimum match count—1
- Click Continueto continue configuring your rule.
In this use case, the rule is triggered when the document title contains the word confidential , but doesn’t contain the word published . And, the body of the document doesn’t contain the string safe to share.
Here is a conceptual diagram of this use case:
To configure this use case:
- In the rule configuration flow, you have come to the Conditions section. Click Add Condition.
- Specify these values for the condition fields:
- Field—Title
- Value—Contains word
- Enter contents to match—confidential
- Click Add Condition.
- Click Not in the new condition.
- Specify these values for the first Not operator:
- Field—Title
- Value—Contains
- Enter contents to match—published
- Click Add Condition.
- Click Not in the new condition.
- Specify these values for the second Not
operator:
- Field—Body
- Value—Contains
- Enter contents to match—safe to share
- Click Continueto continue configuring your rule.
In this use case, the rule is triggered when the document title doesn’t contain the words safe , published , or non-confidential .
Here is a conceptual diagram of this use case:
To configure this use case:
- In the rule configuration flow, you have come to the Conditions section. Click Add Condition.
- Click Not .
- Click Add condition group .
- Change AND to OR .
- Specify the values for the first OR
operator:
- Field—Title
- Value—Contains word
- Enter contents to match—published
- Specify the values for the second OR
operator:
- Field—Title
- Value—Contains word
- Enter contents to match—safe
- Click Add Condition.
- Specify these values for the third OR
operator:
- Field—Title
- Value—Contains
- Enter contents to match—non-confidential
- Click Continueto continue configuring your rule.