Google Groups access permissions and security
When setting up Google groups it is important to ensure that they are correctly configured if access to the group and the group’s communications is to be restricted to only group members. If a group’s permission is incorrectly configured then the group can potentially be accessed by all Norfolk nsix users.
If you are the owner of any Google Groups you should check that you have configured the permissions correctly.
‘All organisation members’ Permissions: When setting group permissions it is important to understand that ‘All organisation members’ means all nsix account holders across all schools. Unless intended, groups should not include ‘All organisation members’ in the group permissions settings.
Shared Privately – This label next to the group name will be displayed for all of our groups as they can only be shared within the Norfolk NSIX domain. This does not mean that the group is only shared with the group members. A group can be configured to allow access to ‘All organisation members’ i.e. all nsix users, and still display ‘Shared Privately’.
New Group – Basic Permissions
When setting up a new group, certain Basic permissions are allocated default settings.
View topics – Previously this defaulted to ‘All organisation members’ but this has been changed so that the default is now set to only ‘All members of the group’. Previously, unless ‘All organisation members’ was removed, group access was open to all nsix users. This is why group owners should check this configuration on all the groups they own.
Post – normally a group would only require ‘All members of the group’ to have permission to post to the group. If this is the case then untick ‘All organisation members’ on the drop down.
Join the group – if this is a closed group then this should be set to ‘Only invited users’ so that the group owner can invite specific group members.
Google Group Directory
Previously the default Directory setting for new groups was set to allow groups to be listed in the directory. This means that all groups could be searched for via the group search facility. This setting has now been changed and all new groups will now be hidden from the groups directory. Group owners will now have the ability to update this setting and hide or show the groups they own in the Groups directory.
To configure this setting, on the group management page select ‘information’ > ‘Directory’ and tick or untick the ‘List this group in the directory’.
Existing Groups – Checking Permissions
View the group via the Google Groups application:
Click ‘My Groups’
Click on the ‘Manage’ link under the group name to access the group management view.
On the Group management view expand the ‘Permissions’ menu options:
Basic Settings –
View topics – should normally be set to only ‘All members of the group’
Post - should normally be set to only ‘All members of the group’
Join the group – if this is a closed group then this should be set to ‘Only invited users’
Allow members external to this organisation - Unless there is a need to include users other than nsix account holders, this option should not be selected.
You should also check all the other Permissions sections to ensure that ‘All organisation members’ is removed.
Group Directory Settings
If you don't want your group to be searchable in the Groups directory you need to check the Directory settings.
To show or hide the group in the directory select the following:
Select the required option from the drop down list and click Save. The options are either 'All members of the group' or 'All members of the organisation'. If you select 'All members of the organisation' then the group will be searchable by all logged in NSIX users.
All new groups that are created will only be searchable by group members unless this setting is changed by the owner.