1: Create ChromeOS data control rules

You can create and manage data control rules from the Rules section of the Google Admin console. The rule type is Chrome action.

Considerations

• Specify source and destination URLs for Chrome apps, extensions, and PWAs as URLs. For details, see Enterprise policy URL pattern format.
  • Chrome apps and extensions format: chrome-extension://[chrome web store id]
  • For PWAs, see Automatically install web apps.
• You can specify multiple sources and destinations using a comma delimited list. Asterisks are supported. For a full description of what can be defined, see URL filter format.
• Non URL-based destinations are supported using checkboxes. Per-app controls for Android apps are not supported.

• If rules have overlapping restrictions for the same source and destination URLs, the order of precedence is:

  • Allow
  • Block
  • Warn
  • Report
  • No policy set

• You can use Allow rules to create exceptions to restrictions. For example, block pasting to all websites but allow pasting between work-approved web apps.

See Example scenarios for examples of how rules can be created to address common use cases.

Create and manage data control rules

1. Sign in to your Google Admin console.

   Sign in using your administrator account (does not end in @gmail.com).

2. From the Admin console Home page, go to Rules, and then click Create rule Chrome action.
3. Enter a rule name—for example, External data sharing.
4. Enter a description—for example, Notify if documents are shared outside the company.
5. Define the scope of the rule.
   • Apply to the entire organization.
   • Apply to specific organizational units or groups by selecting organizational units and groups to include or exclude.
6. Click Continue.
7. Under Triggers, select one or more events or device features that trigger this rule.
8. Under Conditions, enter the URLs to which the rule is applied. This means when the user takes action or views content in any of those URLs, the rule is applied.
9. Under Actions, select what action is applied for each trigger.
10. Click Continue.
11. Review the rule and click Create.

12. Select Active and click Complete to enable the rule.

Note: You can select Inactive to turn off a rule without deleting it.