Stay organized with collections
Save and categorize content based on your preferences.
Before you begin
To control data exfiltration, you must have the necessary identity and access roles:
Project Editor: has access to manage and delete projects. Ask your Organization IAM Admin to grant you the Project Editor (project-editor) role.
Prevent data exfiltration
You can prevent data exfiltration from a GDC project by
enabling data exfiltration protection when you create the project.
To enable data exfiltration protection, follow these steps when creating a project:
Within the GDC console, navigate to Projects.
Click the addAdd Project button to create a project.
Complete the required information for your project on the Project name and Attach clusters pages.
On the Network page, ensure the Enable data exfiltration protection checkbox is checked.
Click Next.
Review the details on the Review page.
Click Create.
Disable data exfiltration protection
By default, a project has data exfiltration protection enabled. The following are the default policies for a project with data exfiltration protection enabled:
Allow inbound traffic only from the same project. All other traffic is denied.
Allow outbound traffic to all destinations within the same organization. All other traffic is denied, which means that external traffic outside your organization is denied.
With data exfiltration protection enabled, you cannot create ProjectNetworkPolicy resources for outbound traffic.
If you disable data exfiltration protection by clearing the corresponding checkbox in the GDC console for a project, the default policies for the project are the following:
Allow inbound traffic only from the same project. All other traffic is denied.
Allow outbound traffic to all destinations, including external projects from other organizations.
Work through the following steps to disable data exfiltration protection for a project:
In the GDC console, go to Projects in the navigation menu.
Click the name of the project where you want to disable data exfiltration protection.
Click editEdit on the Data exfiltration protection field.
On the Edit data exfiltration protection page, clear the Enable data exfiltration protection checkbox.
Click Save. The Data exfiltration protection field changes its value to Disabled.
You must create ProjectNetworkPolicy egress policies for your projects to restrict the outbound traffic. For more information, see Configure project network policies.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eData exfiltration protection in GDC projects can be enabled during project creation to restrict outbound traffic to only destinations within the same organization.\u003c/p\u003e\n"],["\u003cp\u003eDisabling data exfiltration protection allows outbound traffic to all destinations, including external projects from other organizations, and requires the creation of \u003ccode\u003eProjectNetworkPolicy\u003c/code\u003e egress policies to restrict outbound traffic.\u003c/p\u003e\n"],["\u003cp\u003eTo enable data exfiltration protection, ensure the corresponding checkbox is selected on the network page when creating a project within the GDC console.\u003c/p\u003e\n"],["\u003cp\u003eTo disable data exfiltration protection, clear the "Enable data exfiltration protection" checkbox in the GDC console's project settings, which will then change its value to "Disabled".\u003c/p\u003e\n"],["\u003cp\u003eManaging data exfiltration protection requires the Project Editor role, allowing control over project management and deletion.\u003c/p\u003e\n"]]],[],null,["# Control data exfiltration\n\nBefore you begin\n----------------\n\nTo control data exfiltration, you must have the necessary identity and access roles:\n\n- Project Editor: has access to manage and delete projects. Ask your Organization IAM Admin to grant you the Project Editor (`project-editor`) role.\n\nPrevent data exfiltration\n-------------------------\n\nYou can prevent data exfiltration from a GDC project by\nenabling data exfiltration protection when you create the project.\n\nTo enable data exfiltration protection, follow these steps when creating a project:\n\n1. Within the GDC console, navigate to **Projects**.\n2. Click the add **Add Project** button to create a project.\n3. Complete the required information for your project on the **Project name** and **Attach clusters** pages.\n4. On the **Network** page, ensure the **Enable data exfiltration protection** checkbox is checked.\n5. Click **Next**.\n6. Review the details on the **Review** page.\n7. Click **Create**.\n\nDisable data exfiltration protection\n------------------------------------\n\nBy default, a project has data exfiltration protection enabled. The following are the default policies for a project with data exfiltration protection enabled:\n\n- Allow inbound traffic only from the same project. All other traffic is denied.\n- Allow outbound traffic to all destinations within the same organization. All other traffic is denied, which means that external traffic outside your organization is denied.\n\nWith data exfiltration protection enabled, you cannot create `ProjectNetworkPolicy` resources for outbound traffic.\n\nIf you disable data exfiltration protection by clearing the corresponding checkbox in the GDC console for a project, the default policies for the project are the following:\n\n- Allow inbound traffic only from the same project. All other traffic is denied.\n- Allow outbound traffic to all destinations, including external projects from other organizations.\n\nWork through the following steps to disable data exfiltration protection for a project:\n\n1. In the GDC console, go to **Projects** in the navigation menu.\n2. Click the name of the project where you want to disable data exfiltration protection.\n3. Click edit **Edit** on the **Data exfiltration protection** field.\n4. On the **Edit data exfiltration protection** page, clear the **Enable data exfiltration protection** checkbox.\n5. Click **Save** . The **Data exfiltration protection** field changes its value to **Disabled**.\n\nYou must create `ProjectNetworkPolicy` egress policies for your projects to restrict the outbound traffic. For more information, see [Configure project network policies](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/pnp/pnp-overview)."]]
