Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Enterprise Essentials Plus. Compare your edition
Drive DLP and Chat DLP are available to Cloud Identity Premium users who also have a Google Workspace license. For Drive DLP, the license must include the Drive log events.
When you create data loss prevention rules for DLP, you add conditions that trigger these rules. Conditions can nest in other conditions, using AND, OR, or NOT operators. This article describes some examples of common use cases for these operators in the conditions in DLP for rules.
Functions of the AND, OR, and NOT operators
Operator | What it does |
---|---|
AND | An action occurs only when all the conditions that are combined with an AND operator are met. For example, a condition can block sharing if a document body contains the word Confidential AND Acme. Only documents containing both the keywords are blocked from sharing. If a document contains only the word Confidential, sharing is not blocked. |
OR | An action occurs if either of the conditions are met. For example, a condition can block sharing if the document contains the word Confidential or Acme. Documents containing either word or both words are blocked. |
NOT | This condition is excluded from evaluation before an action occurs. |
Tip: If you change your mind about about adding a condition, click to remove it and start again.
DLP for rule condition examples
Example 1: DLP rule condition with AND and OR operatorsIn this use case, the rule is triggered when a document title contains the word confidential, and the document body contains a United States passport number or a United States Social Security Number.
Here is a conceptual diagram of this use case:
To configure this use case:
- In the rule configuration flow, you have come to the Conditions section. Click Add Condition.
- Specify these values for the condition fields:
- Field—Title
- Value—Contains word
- Enter contents to match—confidential
- Click Add Condition.
- In the second condition, click Add condition group . This creates a group of two new conditions subordinate to the first condition.
- In the new group of conditions, change AND to OR.
- Specify these values for the first grouped condition:
- Field—Body
- Value—Matches default detector
- Default detector—Scroll and choose United States-Passport
- Likelihood Threshold—Possible
- Minimum unique matches—1
- Minimum match count—1
- Specify these values for the second grouped condition:
- Field—Body
- Value—Matches default detector
- Default detector—Scroll and choose United States--Social Security Number
- Likelihood Threshold—Possible
- Minimum unique matches—1
- Minimum match count—1
- Click Continue to continue configuring your rule.
In this use case, the rule is triggered when the document title contains the word confidential, but doesn’t contain the word published. And, the body of the document doesn’t contain the string safe to share.
Here is a conceptual diagram of this use case:
To configure this use case:
- In the rule configuration flow, you have come to the Conditions section. Click Add Condition.
- Specify these values for the condition fields:
- Field—Title
- Value—Contains word
- Enter contents to match—confidential
- Click Add Condition.
- Click Not in the new condition.
- Specify these values for the first Not operator:
- Field—Title
- Value—Contains
- Enter contents to match—published
- Click Add Condition.
- Click Not in the new condition.
- Specify these values for the second Not operator:
- Field—Body
- Value—Contains
- Enter contents to match—safe to share
- Click Continue to continue configuring your rule.
In this use case, the rule is triggered when the document title doesn’t contain the words safe, published, or non-confidential.
Here is a conceptual diagram of this use case:
To configure this use case:
- In the rule configuration flow, you have come to the Conditions section. Click Add Condition.
- Click Not .
- Click Add condition group .
- Change AND to OR.
- Specify the values for the first OR operator:
- Field—Title
- Value—Contains word
- Enter contents to match—published
- Specify the values for the second OR operator:
- Field—Title
- Value—Contains word
- Enter contents to match—safe
- Click Add Condition.
- Specify these values for the third OR operator:
- Field—Title
- Value—Contains
- Enter contents to match—non-confidential
- Click Continue to continue configuring your rule.