Create and manage rules from the Rules page

Reporting rules are custom rules created by administrators from the Rules page. Previously called Custom reporting alerts, you can use these rules to create and manage custom alerts based on your organization’s log event data (previously called audit logs).

Your ability to create and view reporting rules depends on your Google Workspace edition and your administrative privileges. To create or view reporting rules, you need the Reports privilege. For details, go to Admin access to reporting rules & activity rules.

Activity rules are custom rules created by administrators from the security investigation tool or from the Rules page. With these rules, you can automate actions that happen in response to activity within your domain.

Your ability to create and view activity rules depends on your Google Workspace edition, your administrative privileges, and the data source. To create or view activity rules, you need the following privileges:

• Security Center > Activity Rules > View
• Security Center > Activity Rules > Manage

For details, go to Admin access to reporting rules & activity rules.

ChromeOS action rules are custom rules that are created by an administrator from the Rules page. You can use these rules to restrict users from defined ChromeOS actions, such as copying or pasting content from specific URLs, or blocking screen capture or screen sharing from endpoints in your domain using Chrome.

Your ability to create and view ChromeOS action rules depends on your Google Workspace edition, your administrative privileges, and the data source. To create or view ChromeOS action rules, you need the following privileges:

• Services > Chrome Management > Settings > Manage User Settings

Data protection rules are custom rules that are created by an administrator from the Rules page. You can use these rules to be notified of specific activity related to the use of Drive files within your domain.

To create or view data protection rules, you need the following privileges:

• DLP > View DLP rule
• DLP > Manage DLP rule

System defined rules are default rules supplied by Google. You can use these rules to be notified of specific activity within your domain.

To create or view system defined rules, you need the Reports privilege.

Trust rules give you more control over who your users collaborate with. You can control who users can share Drive files with, who they can receive Drive files from, who can be invited to a document, and who can add items to shared drives.

To understand which admin privileges you need to manage trust rules, see Create and manage trust rules for Drive sharing.

To access the Rules page, go to the Admin console Home page at admin.google.com, and then click Rules. From there, you'll see a list of the different rules that have been set up for your organization. You can change what's viewable on this page by clicking Add a filter, and then filtering by various criteria such as Rule type, Rule name, Rule status, and more.

Note: To find the rules that you're looking for more easily, you can sort columns on the Rules page. The Rules page includes the following details for each rule:

• Name—Name and description for the rule
• Status—Whether a rule is Active or Inactive
• Actions—Specifies the actions that are triggered if the conditions of a rule are met; for example, to quarantine a message, mark it as spam, delete the message, or send an email notification
• Alerts—Specifies whether an alert is on or off
• Rule type—Specifies the rule type; such as Activity rule, Data protection rule, Reporting rule, System defined rule, or Trust rule (see the section below for more details)
• Last modified—Date and time when the rules was created, or when changes were last made to the rule

Rule details

You can view information about a specific rule from the Rule details page, which you can access by clicking any row on the Rules page. The Rule details page includes the name and description for the rule, the scope (for example, Entire domain), the conditions for the rule, and the actions (for example, to email all super administrators if the rule conditions are met).

You can edit a rule from the Rule details page, which you can access by clicking any row on the Rules page. On the left side of the page, click Edit Rule, and then follow the instructions in the Edit rule wizard.

Note: You can't edit the filters for a rule. You can only edit the recipients of the alert. To use different filters, you need to create a new rule.

From the Rules page, you can download the rule details into a txt file. The txt file will include all of the rules related to a specific rule type.

1. Click Download.
2. From the Rule details window, choose the rule type—for example, Data protection rule or Activity rule.
3. Click Download.