Regex & Linting
Use these regex patterns to validate identifiers programmatically. All patterns assume the prv org prefix; adapt for other tenants by replacing prv with the appropriate org code.
Organization Token
Section titled “Organization Token”^(prv|ocs|pqx|pai|psl|pst|bgh)$Group Email Patterns
Section titled “Group Email Patterns”Departments
Section titled “Departments”^prv-(exec|fin|hr|legal|biz|ops|plt|it|eng|sec|mktg|sal|archive)-dept@[a-z0-9.-]+\.[a-z]{2,}$^prv-(exec|fin|hr|legal|biz|ops|plt|it|eng|sec|mktg|sal|archive)-team(-[a-z0-9-]{3,24})?@[a-z0-9.-]+\.[a-z]{2,}$^prv-(exec|fin|hr|legal|biz|ops|plt|it|eng|sec|mktg|sal|archive)-role-[a-z0-9]+(?:-[a-z0-9-]+)*(?:-(?:prd|stg|dev|sbx|qa)|-[a-z][a-z0-9]{2,5})?-(admin|owner|operator|manager|editor|maintainer|developer|read|viewer|publisher)@[a-z0-9.-]+\.[a-z]{2,}$People Rosters
Section titled “People Rosters”^prv-org-people-[a-z0-9-]{3,}@[a-z0-9.-]+\.[a-z]{2,}$Identity Rosters
Section titled “Identity Rosters”^prv-org-ident-[a-z0-9-]{3,}@[a-z0-9.-]+\.[a-z]{2,}$^prv-(team|collab)-mail-[a-z0-9-]{3,}@[a-z0-9.-]+\.[a-z]{2,}$Intake
Section titled “Intake”^prv-(exec|fin|hr|legal|biz|ops|plt|it|eng|sec|mktg|sal|archive)-intake-[a-z0-9-]{3,}@[a-z0-9.-]+\.[a-z]{2,}$Alerts
Section titled “Alerts”^prv-(exec|fin|hr|legal|biz|ops|plt|it|eng|sec|mktg|sal|archive|flt|org)-alerts-[a-z0-9-]{3,}@[a-z0-9.-]+\.[a-z]{2,}$^prv-(exec|fin|hr|legal|biz|ops|plt|it|eng|sec|mktg|sal|archive|flt)-infra-[a-z0-9-]{3,}@[a-z0-9.-]+\.[a-z]{2,}$Automation Accounts
Section titled “Automation Accounts”^prv-[a-z]+-auto-[a-z0-9]+-[a-z0-9-]+@[a-z0-9.-]+\.[a-z]{2,}$Admin Accounts
Section titled “Admin Accounts”^prv-plt-admin-[a-z0-9-]+@[a-z0-9.-]+\.[a-z]{2,}$Customer Umbrella
Section titled “Customer Umbrella”^prv-[a-z]+-cus-[a-z][a-z0-9]{2,5}-(prosrv|sales|mktg|cpoc|announce|all|archive)@[a-z0-9.-]+\.[a-z]{2,}$Project Triplet
Section titled “Project Triplet”^prv-[a-z]+-prj-[a-z][a-z0-9]{2,5}-[a-z0-9]+(?:-[a-z0-9]+){0,5}-(dri|delivery|client)@[a-z0-9.-]+\.[a-z]{2,}$Vendor
Section titled “Vendor”^prv-[a-z]+-vendor-[a-z0-9-]{3,12}@[a-z0-9.-]+\.[a-z]{2,}$Partner
Section titled “Partner”^prv-[a-z]+-partner-[a-z0-9-]{3,12}(-[a-z]+)?@[a-z0-9.-]+\.[a-z]{2,}$^prv-flt-[a-z0-9-]+@[a-z0-9.-]+\.[a-z]{2,}$Display Name Patterns
Section titled “Display Name Patterns”General Format
Section titled “General Format”^PRV – [A-Za-z0-9 /&-]+(?: – [A-Za-z0-9 /&-]+)*$En Dash Check
Section titled “En Dash Check”Display names must use en dashes (–, U+2013), not hyphens (-) or em dashes (—):
– ✅ en dash (U+2013)- ❌ hyphen (U+002D) — only in kebab-case identifiers— ❌ em dash (U+2014) — never usedDescription Lint Rules
Section titled “Description Lint Rules”- Must start with the exact display Name followed by
:(colon + space). - Must end with one of:
Security group ({purpose})Non-security group ({purpose})
- Optionally add:
| Locked group ({reason}) - CEL trailer (when applicable):
| CEL: {expression}
Structural Lint Rules
Section titled “Structural Lint Rules”| Rule | Target |
|---|---|
| Every group has >= 2 owners | 100% |
| No individuals in Department groups | 0 violations |
| Every Team nested in exactly 1 Department | 100% |
| No Teams in admin Role groups | 0 violations |
No people-* or mail-* on ACLs | 0 violations |
| Archive ON for all mail pipe groups | 100% |
| Security label OFF for mail pipe groups | 100% |
| Zero humans in Infra groups | 100% |
| Zero externals on TEAM/STRICT drives | 100% |
OU Path Validation
Section titled “OU Path Validation”^/(exec-team|w2|contractors|interns|partners|vendors|automation-accounts)(/[a-z0-9-]+)+$Allowed end-states:
(-active|-admins|-offboarded|-disabled|-probation|-breakglass-users)$Shared Drive Name Validation
Section titled “Shared Drive Name Validation”^(INT|EXT)_(PRV|OCS|PQX|PAI|PSL|PST)_[A-Za-z0-9-]+_(COLLAB|TEAM|STRICT|ARCH)_(Active|Archived)_(Public|Private|Confidential|Restricted)$File Name Validation (Inside Drives)
Section titled “File Name Validation (Inside Drives)”^[a-z0-9_-]+_\d{4}-\d{2}-\d{2}_(draft|review|final)_v\d{3}(\.[a-z0-9]+)?$