Skip to content

Field note

ChatGPT Business write actions checklist

App access, action access and approval prompts are different controls. Review all three before ChatGPT can change company systems.

ChatGPT Business apps are no longer only a search surface. OpenAI added write actions for Microsoft and Google apps in March 2026, including creating documents and spreadsheets, drafting email and setting up meetings where supported.

The important admin detail is that app access, action access and approval prompts are separate controls. An enabled app is not proof that its actions are appropriate, and an approved OAuth scope is not the same thing as enabling an action in ChatGPT.

Re-check Business workspace defaults

OpenAI's current admin documentation says apps and plugins are enabled by default for ChatGPT Business. Product defaults have also changed at different times: write actions for Microsoft and Google apps were initially disabled pending admin enablement on 13 March, while the unified Google Drive actions were described as on by default for Business workspaces on 25 March.

Do not settle this from a rollout email. Open Workspace settings > Apps and inspect the tenant's current state. Record which apps are enabled, which actions each app exposes and who can use them.

Repeat the check after major app updates. From 15 June 2026, OpenAI added Google Drive file, BigQuery and Google Meet actions that require additional Google OAuth scopes. OpenAI also warned that the actions could become available automatically where a workspace policy enables new actions by default. Review both the ChatGPT action policy and Google Workspace OAuth controls together.

Use the three-control model

For every enabled app, review three layers.

1. Access

Access answers: can a workspace member use this app at all?

ChatGPT Business does not have the same role-based connector model described for Enterprise and Edu, so do not copy an Enterprise deployment guide and assume the same controls exist. Use the controls actually shown in the Business workspace and keep the enabled set small.

2. Actions

Action control answers: what can the app do?

Where supported, OpenAI lets admins allow all actions, allow only read actions, or choose a custom set. There is also a policy for actions added later: enable all, enable only new read actions, or disable new actions.

For a first rollout, select only the named actions needed for the workflow and disable new actions by default. “Google Drive” is not a useful approval unit if the real requirement is only to create a draft in one team folder.

Some apps do not support granular action control. If the app's permission surface is too broad for the task, leave it disabled rather than treating an approval prompt as the security boundary.

3. Approval prompts

App permissions answer: when must ChatGPT ask the user before acting?

Options vary by app and workspace, but can include asking for any change or for important actions. Choose the strictest usable setting during a pilot. Test the actual prompt with the real action; do not assume a label in the admin page describes every edge case.

Review the provider scopes too

Microsoft Entra and Google Workspace administrators may need to approve updated OAuth scopes before users can connect. Review those scopes against the action list and remove authorisations for actions the business will not use.

For synced Google Drive, Business, Enterprise and Edu admins can restrict the source to specific Shared Drives or folders and exclude file types from indexing. Use a dedicated pilot location rather than indexing the entire company drive.

OpenAI says app access follows each user's existing permissions. That is useful, but it also means old oversharing in Drive, SharePoint or another system becomes part of the AI access problem. Fix the source permissions; ChatGPT cannot make a broadly shared folder private.

Run a write-action pilot

Choose one reversible action, such as creating a draft document in a test folder. Then test:

  1. the correct user can connect and an excluded user cannot;
  2. the app cannot read outside the approved source;
  3. only the named write action is available;
  4. the approval prompt appears at the expected point;
  5. cancelled approval causes no external change;
  6. the created item lands in the correct location with the correct owner; and
  7. a disabled app immediately blocks the workflow.

Keep screenshots of the admin settings and the test results. Assign an owner to review new app actions monthly during rollout.

Check the data path, not only the model policy

OpenAI states that data accessed from apps for Business, Enterprise and Edu is not used to train its models. The same admin page also notes that connected applications are third-party services with their own data-residency policies. Map both sides of the connection, especially if customer, staff or regulated data can be written to an external system.

Use an AI governance review to connect the app settings to named workflows, approved data and human approval. The useful output is a short app-and-action register, not a blanket “ChatGPT approved” decision.

Source basis

Keep reading

Related notes

11 Jul 2026 · 4 min

AI agents and UK consumer law

An AI supplier does not take responsibility away from the business. Customer-facing agents need truthful wording, tested rules, monitoring and a stop route.

11 Jul 2026 · 4 min

EU AI Act transparency checklist

The EU AI Act transparency date is close. UK businesses need an inventory of customer-facing AI, clear disclosures and evidence that each control works.