As a G Suite admin, you can control who in your organization can access the Vault service by turning Vault on or off for those people in your Google Admin console. For example, turn on Vault for accounts who have privileges to perform Vault functions and turn the service off for everyone else.
- Turning Vault on or off has no effect on which accounts are archived by Vault. All user accounts with Vault licenses can be archived.
- This setting has no effect on which accounts can change retention, search for data, or perform other Vault functions. Users must have appropriate Vault privileges to work with Vault.
- If you turn Vault on for everyone in your organization, the Vault icon appears in everyone’s list of apps. Users who don't have any Vault privileges may be confused by the presence of an app that seems to be nonfunctional. If your domain has organizational units, we recommend you restrict access to organizational units that have Vault privileges.
How to change who can sign in to Vault
Before you begin: To turn the service on or off for certain users: Put their accounts in an organizational unit (to control access by department) or put them in an access group (to control access for users across or within departments).
From the Admin console Home page, go to AppsG SuiteGoogle Vault.
Click Service status.
To turn on or off a service for everyone in your organization, click On for everyone or Off for everyone, and then click Save.
To turn on or off a service only for users in an organizational unit:
- At the left, select the organizational unit.
- Select On or Off.
- To keep the service turned on or off even when the service is turned on or off for the parent organizational unit, click Override.
- If the organization's status is already Overridden, choose an option:
- Inherit—Reverts to the same setting as its parent.
- Save—Saves your new setting (even if the parent setting changes).
Learn more about organizational structure.
To turn on a service for a set of users across or within organizational units, select an access group. For details, go to turn on a service for a group.