Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Rovo + Google Drive: Allow list is ignored?

Jiří Žaloudek
Jiří Žaloudek
Contributor
March 17, 2026

Hi,

I’m testing Atlassian Rovo with the Google Drive connector and I’m trying to enforce a very strict scope of indexed data:

  • Goal:

    • Index content from only one specific Google Shared Drive

    • Do not index any other Shared Drives

    • Do not index any “My Drive” (personal drives) at all

What I’ve done

  1. In the Google Drive allowlist for the connector, I configured:

    • Allowlist: contains only one Shared Drive URL (a single team/shared drive)

    • No blocklist entries

  2. In the Limit personal drives, I set a Google Group ID without any member

  3. Domain-wide delegation scopes in Google Workspace are standard for reading Drive + directory (drive.readonly, directory read, etc.).

I’m following the docs here:

My understanding of the documentation:

  • With an allowlist, Rovo should index and surface only content from the Shared Drives that are explicitly on the allowlist.

  • Other Shared Drives should not be indexed at all.

  • My Drive is not controlled by allowlist/blocklist, but I would like a way to turn off My Drive indexing completely.

Actual behavior

  • Even though the allowlist contains only one Shared Drive, Rovo Search still returns Google Drive documents that are clearly coming from other Shared Drives that are not on the allowlist.

  • I also don’t see any clear option in the UI to fully disable indexing of My Drive (personal drives).

Question

Is it currently possible in Rovo to:

  • enforce indexing of only a single Shared Drive (and no other Shared Drives), and

  • completely disable indexing of all My Drives?

Answer
Watch
Like Be the first to like this
103 views

2 answers

1 accepted

2 votes
Answer accepted
Jiří Žaloudek
Jiří Žaloudek
Contributor
March 18, 2026
Hi everyone,

After further testing and investigation, I’ve identified the cause of this behavior. It stems from the dual-access architecture of how Atlassian Rovo interacts with Google Drive:

  1. The Admin Connector (RAG Index): The Allowlist/Blocklist works correctly here. It controls what content is physically ingested into Atlassian’s index for Rovo Chat and AI agents. Content from Shared Drives outside the Allowlist is not indexed (Rovo cannot "read" or summarize it).
  2. User OAuth2 (Live Federated Search / Smart Links): When a user personally authorizes Google Drive in their Atlassian profile, Rovo gains the ability to perform live API calls under that user's identity. This bypasses the Admin’s Allowlist because it reflects the user's real-time permissions in Google Drive.

 

The Reality of the "Bypass": If a user asks Rovo Chat about a document located on a Shared Drive that is NOT on the Admin Allowlist, Rovo can still "reach out" via the live API under that user's identity, read the full text, and provide a summary.

Conclusion: The Admin Allowlist only controls what is proactively indexed for the general knowledge base. It does not prevent Rovo from reading other files if a user has granted personal OAuth2 permissions.

While Atlassian currently lacks a central "off" switch to disable these ad-hoc API calls or "My Drive" access, this can be strictly enforced on the Google Workspace side. As a Google Workspace Admin, you can mitigate this "shadow access" by:

Restricting the Atlassian Rovo app in the Google Admin Console (Security > API Controls > Manage Third-Party App Access).

Setting the app to "Restricted" status and only allowing specific, approved scopes (or blocking the drive.readonly scope for individual user grants entirely).

Revoking existing OAuth2 tokens for users who have already authorized the app outside of the managed Admin Connector.
View More Comments
Rebekka Heilmann _viadee_
Rebekka Heilmann _viadee_
Community Champion
March 19, 2026

That makes so much sense.

I keep forgetting about the weird direct access for Rovo. I believe that only works for documents where

- the link is provided directly to Rovo

- or that the user has previously opened/seen through Atlassian

Might be wrong here.

Like
Reply
0 votes
Rebekka Heilmann _viadee_
Rebekka Heilmann _viadee_
Community Champion
March 18, 2026

Hi @Jiří Žaloudek 

I've not yet set up the Google Drive connector and don't have a test environment where I could try. Instead, I went ahead and asked the support.atlassian.com Rovo Agent. Maybe that's helpful :)

You can access it yourself via Atlassian Support

 

Atlassian Rovo currently has limitations regarding the granular control of Google Drive indexing. Based on the current documentation and active feature requests, here is the status of your requirements:

Indexing a Single Shared Drive

While Rovo supports an allowlist for SharePoint, the Google Drive connector primarily uses a blocklist approach 1. Although you may see an allowlist option, there is an active feature request (https://jira.atlassian.com/browse/AI-1226) to fully support allowlists for Google Drive to ingest data from only specific folders or drives 2. Currently, Rovo indexes the entire workspace by default, and you must explicitly block the Shared Drives you do not want indexed 3.

Disabling "My Drive" Indexing

It is not currently possible to fully disable the indexing of personal "My Drives" while keeping the connector active.

  • Current Behavior: The connector uses domain-wide delegation to index all users' My Drive content to provide a complete search experience 1.

  • Feature Request: There is an open request (https://jira.atlassian.com/browse/ROVO-528) specifically asking for the ability to globally exclude all My Drive content or select specific users for indexing 3.

Would you like the links to these feature requests so you can vote on them and track their progress?

Reply

Suggest an answer

Log in or Sign up to answer
Rovo Atlassian Intelligence
Rovo
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security