What's a resource key?
A resource key is an additional security measure in a file’s URL. It helps protect your file from unintended access. To see if a file URL has a resource key, look for resourcekey=.
Who's impacted, what to do, and when
If you don’t take any action, the security update impacts files, folders, and shared drives that don’t have a resource key. However, Google Docs, Sheets, and Slides files are not impacted by this change. By default, all users not in a Google Workspace for Education organization can remove the update from files that they own or manage.
Even if you have no impacted content, this update might affect your organization in the future. Impacted files can come to your organization through shared drives or a change in file ownership. Look for an email alert with the subject Security update for Drive. For details about impacted files, shared drives, and users in your organization, go to Use the alert center.
- On September 13, 2021, Drive applies a security update to make file sharing more secure. As an administrator, you can choose how to apply this update.
- This update changes the links used for some files. Access to impacted files won’t change for people who have already viewed them or who have direct access, but others might need to request access.
Important: For files and folders that you use in internal sites or documentation, make sure to update the links to the new links that include resource keys. You can get the new link from the item’s owner if it’s not shared directly with you.
Phase 1: Admin chooses how to apply the update—Prior to July 23, 2021
The setting you choose applies to the top-level organization. You can’t apply it to an individual organizational unit or group.
As an administrator, you need to decide how to apply the update to files in your organization. If you choose to apply the security update, impacted users get notified of any impacted items. You can change your selection after July 23, 2021. However, Drive won’t notify your users of your changes.
The default setting depends on your organization type:
- Google Workspace for Education—Apply the security update with no option for users to remove it.
- Non-education organizations—Apply the security update, but users can remove it for files that they own or manage.
To apply the security update:
From the Admin console Home page, go to AppsGoogle WorkspaceDrive and Docs.
Click Sharing settingsSecurity update for files.
Choose how to apply the update:
Apply the security update to all impacted files
Remove security update from all impacted files (not recommended)
(Optional if applying the update) To let users remove or apply the update to files that they own or manage, check the allow box.
If you made any changes, click Save.
- If your organization doesn’t have any impacted files, still choose whether this security update applies to impacted files that move into your organization in the future.
- If your organization has Google Workspace for Education and some users also have a non-education license, by default the Allow users to remove/apply the security update box is unchecked, but doesn’t apply to users with non-education licenses. They can still change the update status for a file unless you change the setting in the Admin console.
To keep the default behavior and ensure it applies to everyone in your organization, check the box, save, uncheck the box, and save again.
Phase 2: User is notified & chooses how to apply the update—From July 26 to August 25, 2021
Drive notifies impacted users of the update and any affected items that they own or manage. If you let them, your users can decide to remove the update from those items.
Phase 3: Drive enforces update—Beginning September 13, 2021
The update should finish by the end of September 2021.