As you probably know, Google Workspace allows you to share files and folders with specific users, groups, and domains, and even with anyone with the link.

Below, we look at each of the four types of access permissions and describe under which circumstances File Governance considers the permission eligible for cleanup. If just one permission on a shared file/folder is eligible for cleanup, then we consider the entire file/folder eligible for cleanup.

Anyone

With this permission, any account with the link can access the file/folder.

If a file/folder has this permission type, then the file/folder is considered eligible for cleanup.

User

With this permission, only the specified user account(s) can access the file/folder.

If the file/folder has a user permission and that user account is on an external domain, then the file/folder is considered eligible for cleanup. External domains are the ones that are not on your list of trusted domains under Global settings or are on the list, but toggled as "Include in cleanup".

Group

With this permission, only accounts that are members of the specified Google Group(s) can access the file/folder.

If the file/folder has a group permission, and at least one member of the group is on an external domain, then the file/folder is considered eligible for cleanup. External domains are the ones that are not on your list of trusted domains under Global settings or are on the list, but toggled as "Include in cleanup".

Remember that groups can contain other groups as members, so a member of an external domain may be found several groups deep.

One exception to this: If you have toggled on "Trust group shares from verified domains" in Advanced settings (either on My Drives or shared drives depending on where the file/folder is located), and the group is on a tenant domain, then the permission is not eligible for cleanup.

Tenant domains are your primary, secondary, or alias domains. Basically, the domains you can't delete in your list of trusted domains under Global settings.

Domain

With this permission, any account on the specified domain can access the file/folder.

If the file/folder has a domain permission and that domain is external, then the file/folder is considered eligible for cleanup. External domains are the ones that are not on your list of trusted domains under Global settings or are on the list, but toggled as "Include in cleanup".

One exception to this: If you have created a so-called target audience group, and the domain is included in this group, then the permission is not eligible for cleanup. Read more about target audiences here.

Okay, the file/folder is eligible for cleanup. What does that mean then?

Files eligible for cleanup are listed in the users' Files area and have the potential of being included in a cleanup cycle at some point if you have enabled the cleanup on the service that holds the file/folder (My Drives and/or shared drives).

At what point the eligible file/folder will be included in a cleanup cycle, depends on cleanup settings like Frequency, Files in each cleanup, and New files grace period in the global settings or any exception that may apply to the user owning the file/folder.