.jpg?sfvrsn=5e65774a_0)
This guide reflects KAUST IT policies as they stand today. If you need guidance specific to your situation, contact IT through VITA or the IT Contact Us page.
The data you create, store, and share during your time at KAUST belongs to KAUST. Think of yourself as its steward, not its owner. That shapes every decision you make about where to keep a file, who to share it with, and how carefully to protect it.
Know what you have
Not all KAUST data carries the same weight. Understanding classification is the foundation of handling it well.
Store it in the right place
Where a file lives determines who can access it and what happens when you leave.
Share with intention
The most restrictive option that still allows the work to get done is the right one.
Keep access current
Granting access and never reviewing it is not good stewardship.
I am:
Select a classification level to see what it means and how to handle it.
KAUST's Data Classification Procedure defines four levels. When in doubt, treat data as Restricted.
Practical rule: Research data, personnel info, financial records, and contractual documents are Restricted. Contact IT if unsure about a specific dataset before sharing.
Select a scenario on the left to see the right storage tools for your needs.
Personal work files
Drafts, files belonging to you
Team collaboration
Shared content for groups
Large research datasets
PIs, centers, core labs
Sensitive or regulated data
Encrypted, compliance-grade
External data sharing
Outside the KAUST network
Cloud and research computing
Azure and specialist infrastructure
Microsoft OneDrive
25 GB / upgradeable to 50 GBFor: All KAUST account holders, auto-provisioned
Personal work files and drafts. Access at m365.cloud.microsoft or via the desktop app. Contact IT for additional storage.
Google Drive
100 GB students/researchers | 5 GB staffFor: All KAUST account holders via Google Workspace
Personal files only. KAUST does not offer Google Shared Drives. All Google Drive at KAUST is personal.
Critical (Google Drive): When your KAUST account is removed, personal Google Drive content is permanently deleted immediately. No recovery window. Move team files to SharePoint before you leave.
OneDrive supports real-time co-authoring in Word, Excel, and PowerPoint. Multiple people can edit simultaneously.
Share only with people who need access. Use the most restrictive option. Review regularly.
| Link type | Who can access | Use when |
|---|---|---|
| Anyone | No sign-in. Forwardable. 90-day max. | Public content only. |
| People in KAUST | Requires KAUST account. | Internal content for the KAUST community. |
| Specific People | Named individuals. One-time passcode externally. | Right default for most sharing at KAUST. |
| Direct Access | No link. Via Manage Access only. | Restricted content requiring maximum control. |
Can edit
Open, change, save, delete.
Can review
Comments only. Word, Excel, PowerPoint.
Can view
Read only. Can download unless blocked.
View, no download
Browser only. No save or print.
In OneDrive on the web, go to Shared then Shared by Me. For a specific file, right-click and select Manage Access.
Owners (full control, two required), Members (edit), Visitors (read only). Break inheritance at library level only, not on individual files.
External SharePoint access is disabled by default. Contact IT. Site owners cannot enable it independently.
Viewer
Read and view only.
Commenter
Add comments. Cannot edit.
Editor
Make changes. Use when needed.
Use Share and enter specific people. Avoid sharing with Anyone with the link unless content is genuinely Public.
KAUST does not offer Google Shared Drives. All Google Drive at KAUST is personal. Team content that must persist belongs in SharePoint.
Access does not update automatically. Someone has to manage it.
What happens when someone leaves , by platform
M365: Add through Teams to update SharePoint, Planner, and Teams access simultaneously. For SharePoint read-only, add to Visitors group directly.
Google Workspace: Share files or folders directly. No Google Shared Drives at KAUST. Team content belongs in SharePoint.
DataWaha / SDataWaha: Folder owner manages access. Add at the appropriate level.
Google Drive: Permanently deleted when the account is removed. No recovery. Move all team files to SharePoint before account closes.
OneDrive: 60-day window. Move team content to SharePoint before departure, not during the window.
Move all M365 team files to SharePoint, not personal OneDrive.
Move all Google Drive files to SharePoint before account removal. No recovery after this.
Transfer ownership of Google Docs, Sheets, or Slides colleagues still need.
Update DataWaha and SDataWaha access lists.
Confirm any Teams or SharePoint site you owned has at least one remaining active owner.
Access does not update automatically. Review and remove previous role access before or immediately after the change.
Removing someone from Teams does NOT remove them from private channels. Manage private channel membership separately.
Review access lists for every workspace. Remove anyone whose involvement was temporary. Consider archiving or decommissioning unused workspaces.
An unused workspace with active membership and open permissions is a governance liability.
Before connecting any external tool to your KAUST accounts, check with IT.
Pasting Restricted or Highly Restricted content into a public or unapproved AI tool is not permitted under KAUST's Acceptable Use Policy. This includes research data, personnel info, financial data, and contractual content.
KAUST IT controls third-party add-ins and AI tools within Microsoft 365. Only IT-reviewed tools remain accessible. These controls are expanding to other KAUST platforms.
Not permitted
Pasting Restricted or Highly Restricted content into a public or unapproved AI interface.
Not permitted
Connecting third-party apps via "Sign in with Microsoft" or "Sign in with Google" without IT approval.
Not permitted
Personal AI tools capturing meeting audio or KAUST account content without IT approval.
Permitted
IT-approved AI tools within the scope of their approval. Most needs are covered by existing KAUST tools.
Need a tool not yet approved? Request it through VITA. IT will review and approve, suggest an alternative, or explain the concern.
All KAUST-issued devices have security controls, patch management, and compliance standards applied by IT.
SDataWaha is only accessible from KAUST IT-managed devices. This is a deliberate security control. Request a device through VITA.
Certain GPU models are subject to U.S. BIS export control regulations. KAUST has a formal review process for all such hardware procurement.
Data from export-controlled systems may carry export control obligations. Contact IT before storing or sharing in standard platforms.
KAUST uses Cisco Secure Client. Required for off-campus access to DataWaha, SDataWaha, and internal systems. M365 and Google Workspace accessible without VPN. DUO required for M365 off campus.
DataWaha, WahaDrive, and workstation home directories are backed up daily by KAUST IT Research Computing. No manual configuration needed.
M365 and Google Workspace version history are not substitutes for a research data backup strategy.
These apply to everyone at KAUST. Click a role to see what it means.
Identify, classify, and protect data according to its classification level.
Perform due diligence when sharing. Choosing a broad link type without checking who genuinely needs access is not due diligence.
Not share Restricted or Highly Restricted data with unapproved AI tools or personal cloud services.
Keep access current. Granting access and never reviewing it is not acceptable stewardship.
Secure team content before leaving KAUST. Critical for Google Drive: deleted immediately with no recovery.
Non-compliance can result in disciplinary action up to and including termination of employment.
The four data roles at KAUST
Click any role to see what it means and what is expected.
Data Owner
Senior leader accountable for a data category
See responsibilitiesData Steward
Manager or team lead applying Owner policies day-to-day
See responsibilitiesData Custodian
IT or systems team managing technical infrastructure
See responsibilitiesData User
Anyone accessing KAUST data as part of their role
See responsibilitiesSearch or filter by category.
20 questions
Every time you save, share, or access a file as part of your work at KAUST, you are making a data decision. Data responsibility is the everyday practice of knowing what kind of data you are working with, keeping it in the right place, sharing it only with people who need it, and reviewing access periodically.
Yes. Data created, collected, or processed as part of your work at KAUST belongs to KAUST. This includes research data, working documents, communications, and any output of your work here.
Public carries no risk if openly shared. Internal is for the KAUST community. Restricted could cause real harm if disclosed without authorisation, covering most research data, personnel info, and financial records. Highly Restricted has legal protections or significant security implications. When in doubt, treat data as Restricted.
Both Microsoft 365 and Google Workspace are approved. Staff and most faculty use M365 and Outlook as their primary environment. Students, researchers, and some faculty use Google Workspace and Gmail. Choose based on the content, who needs access, and how it will be managed over time.
Both are private by default. For OneDrive, if your account is removed, your manager has a 60-day window before permanent deletion. For personal Google Drive, deletion is immediate when the account is removed. There is no recovery window.
DataWaha is KAUST's research storage platform for large-scale datasets. Available to PIs, research centers, and core labs. Each allocation provides 20 TB active and 80 TB archive storage. Not for running compute jobs. Request through VITA.
SDataWaha is the secure version for research data requiring heightened protection including human genome datasets. Shares the same 100 TB quota with DataWaha. Adds full encryption and requires KAUST IT-managed devices exclusively. Request via VITA.
No. Personal cloud services outside KAUST's control are not approved for KAUST data. KAUST data belongs to KAUST. Keep KAUST work in KAUST systems.
Use Specific people as the link type and choose the lowest permission level that allows the work to get done. View-only unless editing is genuinely needed. Set an expiry date if access is temporary.
An Anyone link requires no sign-in and can be forwarded to anyone. Appropriate only for genuinely Public content. Not appropriate for Internal, Restricted, or Highly Restricted data.
Contact KAUST IT first. External access on SharePoint is disabled by default. Site owners cannot configure this independently. If they only need a meeting, send a meeting link instead.
Use ExRCSDrive for link-based external sharing of research data. For high-speed bulk transfers to another research institution, use the Scientific DMZ. Contact IT for guidance.
Yes. Every Team is backed by a Microsoft 365 Group. Adding someone to the Team grants access to the connected SharePoint site and Planner boards simultaneously. If they only need a meeting, send a meeting link.
Personal Google Drive is permanently deleted when your KAUST account is removed. No recovery window. No recovery path. KAUST does not offer Google Shared Drives. Any team files must be moved to SharePoint before your account is removed.
OneDrive is preserved for 60 days after account removal. Your manager receives notification and can move files during that window. After 60 days, permanent deletion. Team content should be in SharePoint before you leave.
IT-approved AI tools can be used within their approval scope. Before connecting any AI tool to your KAUST accounts, confirm with IT. For Restricted or Highly Restricted data, pasting into a public or unapproved AI interface is not permitted.
Export controls from the U.S. Department of Commerce's Bureau of Industry and Security restrict certain technologies. Most relevant to researchers working with specific GPU hardware and ECCN-listed technologies.
The named site owners. IT provisions the platform; governance belongs to owners. Owners maintain membership, manage permissions, and review access when the team changes. Every site must have at least two named owners.
Remove or restrict access immediately if you have permissions to do so. Then contact IT immediately through any channel on the IT Contact Us page.
KAUST IT-managed devices have security controls applied by IT. For SDataWaha, a managed device is required, not just recommended. Using an unmanaged device to access Restricted data creates risk that KAUST's controls cannot address.
No matching questions.
Select your situation and work through the checklist.
Open OneDrive on the web, go to Shared then Shared by Me. Look for Anyone links or stale access.
Remove or update shares no longer in active use.
Set expiry dates on any new temporary shares going forward.
Move files colleagues regularly access from OneDrive to a SharePoint site.
Review files you have shared and remove access no longer needed.
Move team or research files from personal Google Drive to SharePoint.
Transfer ownership of Google Docs, Sheets, or Slides others still need if you are leaving.
Review the access list and remove anyone who has left or changed role.
Confirm a data management plan is in place. Inactive data should move to Tier 2.
Review WahaDrive share links and remove any no longer in active use.
Confirm at least two named active owners. Add a second now if you are the only one.
Review Members and Visitors. Remove anyone who has left, changed role, or finished their project.
Check for Restricted content in general libraries. Create a dedicated library with unique permissions if needed.
Confirm all M365 team files are in SharePoint, not personal OneDrive.
Move all Google Drive team files to SharePoint before account removal. No recovery after this.
Transfer ownership of any Google files the team still needs.
Update DataWaha and SDataWaha access lists.
Know the classification of the data you work with most often.
Before connecting any new tool to your KAUST accounts, check with IT through VITA first.
If you are leaving KAUST, move team content before your last day.
Report any data concerns to IT immediately via it.kaust.edu.sa/about/contact-us.
Report a concern or get help , contact IT through any of these channels
Reporting early matters. Options to contain a potential data incident are much wider in the first hours than days later.
