caption: Sets a list of Data Controls rules.
desc: |-
Configures a list of Data Control rules to prevent data leaks.
Each rule consists of the following:
- Condition fields to trigger that rule. A rule will only trigger if a user action matches all the fields populated in its <ph name="DATA_CONTROLS_SOURCES">sources</ph>, <ph name="DATA_CONTROLS_DESTINATIONS">destinations</ph>, <ph name="DATA_CONTROLS_AND">and</ph>, <ph name="DATA_CONTROLS_OR">or</ph> and <ph name="DATA_CONTROLS_NOT">not</ph> fields. For list sub-fields, only one entry needs to be matched, for example only one URL pattern needs to match to trigger the rule.
- A list of restrictions to be applied. Depending on the restriction, only <ph name="DATA_CONTROLS_SOURCES">sources</ph> or <ph name="DATA_CONTROLS_DESTINATIONS">destinations</ph> conditions may be available.
Rules can be added to:
- Control the clipboard data shared between the sources and the destinations.
- Control blocking screenshots based on the source tabs.
If <ph name="ON_SECURITY_EVENT_ENTERPRISE_CONNECTOR">OnSecurityEventEnterpriseConnector</ph> policy is set to True, triggered rules are reported to the admin.
The restriction level can be set to BLOCK, WARN, or REPORT.
- If the restriction level is set to BLOCK, the action won't be allowed.
- If the restriction level is set to WARN, a user will be warned and may choose to proceed with or cancel the action.
- If the restriction level is set to REPORT, the user action will not be interrupted, but a report will be sent if <ph name="ON_SECURITY_EVENT_ENTERPRISE_CONNECTOR">OnSecurityEventEnterpriseConnector</ph> policy is enabled.
Notes:
- Format the URL patterns according to this format ( https://support.google.com/chrome/a?p=url_blocklist_filter_format ).
- For data leak prevention rules specific to <ph name="PRODUCT_OS_NAME">$2<ex>Google ChromeOS</ex></ph>, see also the <ph name="DATA_LEAK_PREVENTION_RULES_LIST">DataLeakPreventionRulesList</ph> policy.
If the policy is left not set, no restrictions will be applied.
example_value:
- description: Block copying from internal sites to the OS clipboard
name: Block copying from corp sites to OS
destinations:
os_clipboard: true
sources:
urls:
- salesforce.com
- gmail.com
- docs.google.com
- drive.google.com
- company.com
restrictions:
- class: CLIPBOARD
level: BLOCK
- description: Block copying from non-incognito to incognito between profiles or to the OS clipboard
name: Block copying between profiles
destinations:
os_clipboard: true
sources:
incognito: false
os_clipboard: false
other_profile: false
destinations:
incognito: true
os_clipboard: true
other_profile: true
restrictions:
- class: CLIPBOARD
level: BLOCK
- description: Block copying to an AI site to avoid data leaks
name: Block Cat GPT
destinations:
urls:
- cat.close.ai.com
restrictions:
- class: CLIPBOARD
level: BLOCK
- description: Block pasting in non corp sites using a not condition
not:
destinations:
urls:
- corp.com
restrictions:
- class: CLIPBOARD
level: BLOCK
- description: Block pasting to incognito with an exception of corp sites
and:
- destinations:
incognito: true
- not:
destinations:
urls:
- corp.com
restrictions:
- class: CLIPBOARD
level: BLOCK
- description: Block copying from non corp sites using a not condition
not:
sources:
urls:
- corp.com
restrictions:
- class: CLIPBOARD
level: BLOCK
- description: Block copying from incognito with an exception of corp sites
and:
- sources:
incognito: true
- not:
sources:
urls:
- corp.com
restrictions:
- class: CLIPBOARD
level: BLOCK
- description: Prevent clipboard data from leaving a specified set of corp sites
and:
- sources:
urls:
- corp1.com
- corp2.com
- or:
- not:
destinations:
urls:
- corp1.com
- corp2.com
- destinations:
os_clipboard: true
- destinations:
other_profile: true
restrictions:
- class: CLIPBOARD
level: BLOCK
features:
cloud_only: true
dynamic_refresh: true
per_profile: true
owners:
- file://chrome/browser/enterprise/data_controls/OWNERS
- [email protected]
- [email protected]
schema:
items:
properties:
and:
items:
$ref: DataControlsCondition
type: array
description:
type: string
destinations:
properties:
incognito:
type: boolean
os_clipboard:
type: boolean
other_profile:
type: boolean
urls:
items:
type: string
type: array
type: object
name:
type: string
not:
$ref: DataControlsCondition
or:
items:
$ref: DataControlsCondition
type: array
restrictions:
items:
properties:
class:
enum:
- CLIPBOARD
- SCREENSHOT
type: string
level:
enum:
- BLOCK
- WARN
- REPORT
type: string
type: object
type: array
rule_id:
type: string
sources:
properties:
incognito:
type: boolean
os_clipboard:
type: boolean
other_profile:
type: boolean
urls:
items:
type: string
type: array
type: object
type: object
type: array
future_on:
- android
supported_on:
- chrome.*:128-
- chrome_os:128-
tags: []
type: dict
Codebase Browser
chromium