This configuration should be discussed with your RecordPoint Account team or Customer Experience team to understand the impact on disposals prior to changing the connector permissions.
For customers requiring additional security restrictions, the Google Drive connector can be operated in read-only mode. This change prevents the standard Automated Disposal process from being used. Instead, disposals can be performed manually, or alternatively the connector can be switched back to Read/Write mode temporarily while the disposal is being processed. This mode uses the same connector, requires changing the permissions of the connector in the Google Admin Console.
To switch to read-only mode, change the OAuth scopes associated with service account in the Google Admin Console by doing the following:
- Go to the Google Admin Console
- Navigate to Main menu > Security > Access and data control > API Controls > Manage Domain Wide Delegation > Select the API Client and Edit
-
Update the permissions:
- Revoke the https://www.googleapis.com/auth/drive permissions
- Add the https://www.googleapis.com/auth/drive.readonly permissions
When read-only mode is utilised, there are two ways to perform disposals:
- Manual Disposals: Records eligible for disposal can be reported on and reviewed by an authorised user from the RecordPoint platform. The records can then be manually removed from the source system outside of the RecordPoint platform. This option requires only read access permissions for the connector in the source system.
- Periodic Disposals: When disposals are planned to be initiated, the customer can enable the delete permissions for the connector from within the source system. An authorised user can initiate a disposal from within the RecordPoint platform and, once approved, the connector will securely dispose of the records from within the source system. Once the disposal is complete, the customer can revoke the delete permissions assigned to the connector in the source system.