Afi Backup provides granular access management capabilities, including self-service access for the end-users to their backups. Self-service access can be enabled by account administrators at the Service → Settings → Access groups tab and, by default, grants users access to their mailbox and drive backup.
When Google Workspace domain users actively collaborate in Shared drives, they might need access not only to their own Google Drive backups but also to their Shared drive backups. To cover such scenarios, Afi Backup provides an extended end-user self-service mode that includes Shared drive access for data export and recovery.
Note: Please contact firstname.lastname@example.org to enable this feature.
Extended self-service access is provisioned based on Shared drive member roles. If a user is a Shared drive member with Manager role, then they can access this Shared drive backup when extended self-service access is enabled.
For example, the screenshot below shows a case when a self-service user Brian Johnson has access to three Shared drives through self-service and can export or recover the data from these drives through the Afi portal:
Self-service access permissions to Shared drive backups are configured at the Service→ Settings→ Access groups tab as a part of Self Service access group configuration. The same permissions are applied both to a user's own mailbox backup and to their Shared drives backups.
A list of Shared drives available to each self-service user is updated once per 24 hours during a periodic Afi resources synchronization with Google Workspace. So if a user is granted a Manager role in a Shared drive or is stripped from a Manager role then these changes will be reflected in the Afi portal during the next 24 hours. An out-of-schedule synchronization can be triggered by an Afi account administrator by clicking on the refresh icon in the top-right corner of the Service → Protection screen.
When a Shared drive is deleted on Google Workspace side, it is still available through self-service for users who were members of this Shared drive with Manager role right before the deletion.