This controls who can edit and manage the website itself.
Site Ownership
Store the Google Sites file in a Shared Drive.
Ensures the organization owns the file. If the creator leaves, the site doesn't disappear or become inaccessible.
Editor Access
Share the Shared Drive only with a dedicated Google Group (e.g., site-editors@yourorg.com).
Simplifies management. Adding/removing a person from this group grants/revokes their ability to edit the site instantly.
Site Publishing
When publishing the site, set the "Who can view your site" visibility to "Public" (or "Anyone in the world can view").
This is essential for a public-facing site. You only set this to "Restricted" for an internal-only intranet.
This content is meant for the general public and should be accessible without a login.
Folder Sharing
Set the root 1. Public_Content folder to "Anyone with the link can view" (or "Public").
This forces all files within the folder to inherit public view access.
Linking Method
For Google Docs/Sheets/Slides, always use the Published-to-Web link for embedding, or ensure you are using the public sharing link from Drive.
Direct linking to the Drive file can sometimes prompt users for a login, even if permissions are set correctly. The "Published to Web" version is guaranteed public access.
File Review
Mandatory Review: Before any file is placed into this folder, it must be verified as non-sensitive and approved for public consumption.
Prevents accidental exposure of internal or confidential documents.
This content is meant for specific user groups (e.g., partners, clients) and requires login verification.
Access Control
Use Google Groups for every single access tier (e.g., client-a-access@yourorg.com, partners-group@yourorg.com).
This is the most efficient and secure way to manage permissions for a changing group of external users.
Folder Sharing
Each sub-folder (e.g., Project_A, Partner_Resources) should be shared only with its specific Google Group.
Access is instantly granted or revoked when a user is added to or removed from the corresponding Google Group.
Site Display
Use the Google Sites Audience Restriction features where possible, or link to a dedicated "Members Only" page that requires login.
When a user clicks a restricted link, Google Drive will automatically handle the login and permissions check, presenting an "Access Denied" page if the user is not in the shared group.
Principle of Least Privilege
Ensure users only have the minimal required access (e.g., Viewer access).
Never grant external users Editor access unless absolutely necessary for collaboration. Prevent viewers from downloading, printing, or copying if the content is highly sensitive.
Regular Audit
Schedule a quarterly review of all folders in the Controlled_Access section to ensure the sharing permissions are still correct and no outdated user groups remain.
Consistent Naming
Use a clear, standardized naming convention for all files and folders (e.g., 2.1. Partner_Resources or [ClientName]_Final_Report_2025).
Avoid Direct Email Sharing
Never share a folder or file with an individual external email address if you plan on using that access for multiple people. Always use a Google Group.
Shortcut Management
Use Google Drive Shortcuts rather than copying files. This ensures there is only one "Source of Truth" file, and any permission updates only need to be done once.