caption: Sets a list of data leak prevention rules.
desc: |-
Configures a list of rules to prevent data leak on <ph name="PRODUCT_OS_NAME">$2<ex>Google ChromeOS</ex></ph>.
Data leak can happen by copying and pasting data, transferring files, printing, screensharing, or taking screenshots ...etc.
Each rule consists of the following:
- A list of sources defined as URLs. Any data in the sources will be considered confidential data, to which the restrictions will be applied.
- A list of destinations defined as URLs or components, to which the confidential data is either allowed or disallowed to be shared.
- A list of restrictions to be applied on the data of the sources.
Rules can be added to:
- Control the clipboard data shared between the sources and the destinations.
- Control taking screenshots of any of the sources.
- Control printing of any of the sources.
- Control the privacy screen when any of the sources is visible.
- Control screen sharing of any of the sources.
- Control files downloaded from any of the sources when they are transferred to the destination. Supported on <ph name="PRODUCT_OS_NAME">$2<ex>Google ChromeOS</ex></ph> version 108 and higher.
The restriction level can be set to BLOCK, ALLOW, REPORT, WARN.
- If the restriction level is set to BLOCK, the action won't be allowed. If <ph name="DATA_LEAK_PREVENTION_REPORTING_ENABLED">DataLeakPreventionReportingEnabled</ph> is set to True, the blocked action will be reported to the admin.
- If the restriction level is set to ALLOW, the action will be allowed.
- If the restriction level is set to REPORT and <ph name="DATA_LEAK_PREVENTION_REPORTING_ENABLED">DataLeakPreventionReportingEnabled</ph> is set to True, the action will be reported to the admin.
- If the restriction level is set to WARN, a user will be warned and may choose to proceed with or cancel the action. If <ph name="DATA_LEAK_PREVENTION_REPORTING_ENABLED">DataLeakPreventionReportingEnabled</ph> is set to True, showing the warning will be reported to the admin; proceeding with the action will also be reported.
Notes:
- PRIVACY_SCREEN restriction doesn't block the ability to turn on privacy screen, but enforces it when the restriction class is set to BLOCK.
- Destinations cannot be empty in case one of the restrictions is CLIPBOARD or FILES, but they don't make any difference for the remaining restrictions.
- DRIVE and USB destinations are ignored for CLIPBOARD restriction.
- Format the URL patterns according to this format ( https://support.google.com/chrome/a?p=url_blocklist_filter_format ).
If the policy is left not set, no restrictions will be applied.
example_value:
- description: Allow copy and paste for work purposes, block printing, enforce privacy
screen, report screen sharing, and warn on screenshots and video capture
destinations:
urls:
- salesforce.com
- gmail.com
- docs.google.com
- drive.google.com
- company.com
name: Support agent work flows
rule_id: rules/00examplerule
restrictions:
- class: CLIPBOARD
level: ALLOW
- class: SCREENSHOT
level: WARN
- class: PRINTING
level: BLOCK
- class: PRIVACY_SCREEN
level: BLOCK
- class: SCREEN_SHARE
level: REPORT
sources:
urls:
- salesforce.com
- gmail.com
- docs.google.com
- drive.google.com
- company.com
- description: Block copy and paste from work flows to other sites and external drives
destinations:
components:
- ARC
- CROSTINI
- PLUGIN_VM
urls:
- '*'
name: Non agent work flows
restrictions:
- class: CLIPBOARD
level: BLOCK
sources:
urls:
- salesforce.com
- gmail.com
- docs.google.com
- company.com
features:
can_be_recommended: false
dynamic_refresh: false
per_profile: false
owners:
- file://chrome/browser/ash/policy/dlp/OWNERS
- [email protected]
schema:
items:
properties:
description:
type: string
destinations:
properties:
components:
items:
enum:
- ARC
- CROSTINI
- PLUGIN_VM
- DRIVE
- USB
- ONEDRIVE
type: string
type: array
urls:
items:
type: string
type: array
type: object
name:
type: string
rule_id:
type: string
restrictions:
items:
properties:
class:
enum:
- CLIPBOARD
- SCREENSHOT
- PRINTING
- PRIVACY_SCREEN
- SCREEN_SHARE
- FILES
type: string
level:
enum:
- BLOCK
- ALLOW
- REPORT
- WARN
type: string
type: object
type: array
sources:
properties:
urls:
items:
type: string
type: array
type: object
type: object
type: array
supported_on:
- chrome_os:92-
tags: []
type: dict
Codebase Browser
chromium