Cloud SWG Admin trying to create a rule using Management Center allowing one specific user access to the Google drive folder at drive.google.com/drive/folders/#########?usp=sharing.

When accessing the page, the allowed user does not see any error but cannot view the folder content.

Allowing the same user access to drive.google.com and not the URL does render the info from the folder, but this is too open.

Can one user be allowed access to a specific folder?

Management Center.

WSS Agent access method into Cloud SWG.

Other dependent URLs called by this folder are blocked with existing policies.

Make sure that both the

- URL for the folder is allowed for the user as well as 
- all URLs with the Referer URL matching the above folder URL.

As an example, if we want to allow a user access  https://drive.google.com/drive/folders/#########, we must make sure that both this URL is allowed as well as the Referer  'request.header.Referer.url= https://drive.google.com/drive/folders/#########'.

HAR files are key to troubleshooting these type of issues. In the above case, we could see the actual request to the shared folder URL got the expected 403 response, but subsequent requests seemed to trigger 403s. Each of these blocked 403 responses were for another path on the Google drive folder (/_/drive_fe/_/ss/k as an example below).

Technically, we could have allowed this user access to the above /_/drive_fe/_/ss/k path but there were concerns about these URLs and implications. Looking at each blocked 403 request in mode detail, we could clearly see that the subsequent had a Referer HTTP header that matched the folder we wanted to grant access to. By adding the Referer check, with an allow to the specific folder, all security concerns were mitigated.