Object level authorisations or ACLs in Google Shared drive - google-drive-api

Does Google Shared drive have any object level authorizations or ACLs ?
Currently i only see that there are members of the shared drive and they get apply to all the files and folders in the shared drive.
How do i achieve the following scenario ?
Shared Drive 1
Folder 1
File 1
Folder 2
File 2
I want user A to have access to Folder 1 under Shared Drive 1 and user B to user access to Folder 2. But it seems its not possible in Google shared drive.
Best Regards,
Saurav

You can share a folder under a Shared Drive if you right click on that designated folder and click on the Share Button. Here are a list of scenarios that will happen once it is done:
The user will be notified via email that the folder has been shared.
The user will not have any visibility on the source Shared Drive where that designated folder is located. He will simply have access to the folder and all of its contents.
Another important note to consider for you to be able to achieve this:
Make sure that the Shared drive settings option is set to allow "People who aren't shared drive members can be added to files".
This can be done through the Google Workspace Admin Console under Apps > Google Workspace > Drives and Docs > Manage shared drives. And, on the list of Shared Drives, you should see the settings when you hover over the items on the Shared Drive list.
Reference:
https://support.google.com/a/answer/7662202?hl=en#zippy=%2Crestrict-access-for-an-existing-shared-drive
For further assistance regarding this matter I'd best advise you to contact Google Workspace Support

Related

Transfer files from Google Drive to a different domain

How can I transfer all my files from a google drive account to another google drive account, but from different domain and organisation.
I tried with Transfer Ownership, but I recieve an error when I choose to which user I want to transfer the files.
"Error: Select a user from search results"
Transfer of Ownership with Google Drive
It would be important to clarify at first what is possible and the workarounds. First we need to make sure that your organization has enabled the option to share files with outside users or make it public.
The [transfer of ownership][1] is only available or allowed between users from the same organization.
Method 1 (Make a Copy)
The first method that I suggest is to move all data to a folder from your Drive and share that folder directly with the other user. For example the folder would be under user "A" and you would share it with the user from another domain, the user "B".
Login to with user "B" and check under "Recent" option over, it should be on the left of the Drive UI.
You should be able to access the folder that was recently shared or with the link of the folder (I suggest having the user "B" account under an incognito window). You can start from there picking the files and making a copy, the copy would be under the ownership of user "B".
Method 2 (Shared Drives)
If your new organization or domain has Shared Drives, you should be able to add the external users as "Manager", you would need to add user "A". This way the user "A" would be able to move files directly to the Shared Drive, and due to the Shared drives not having owners but "Managers" or other permissions, the file becomes part of the new organization and is available to be moved by the users of the new organization.
Method 3 (Google Takeout)
If none of these options helps you, you can utilize Google Takeout to download all your Google Data.
You can review how it works below:
https://support.google.com/accounts/answer/3024190
References
https://support.google.com/a/answer/7374057
https://support.google.com/drive/answer/2375091?hl=en&co=GENIE.Platform%3DDesktop#zippy=%2Cmake-a-copy-of-a-file
[1]: https://support.google.com/a/answer/1247799?hl=en
In addition to Ricardo's full answer:
Method 2b (automated)
Even if your Google Workspace has no Shared Drives you might use this method with Google Drive add-on or web-app.

How to know through APIs who created the file in Shared Drive (Team Drive) in Google Drive

All the files in Shared drive (Team Drive) in google drive are accessible by all users who have access to Shared Drive (Team Drive).
When a new file is created in a Shared Drive(Team Drive) by default all the users with access to Shared Drive(Team Drive) will become owners as well.
Question : when we list the files using APIs inside a folder in Shared Drive (Team Drive), how to detect who created the file ?
You can use the Revisions API
So, if you list the revisions of a file specifying revisions/lastModifyingUser, revisions/id in parameter fields, you can retrieve the changes of the file and the corresponding user who modified the file.
Thereby, the first revision ("id": "1") should correspond to the creation / upload of the file and the related lastModifyingUser is the creator of the file.
Additional information:
Listing files, will return a files resource with the properties as specified here - The resource has properties like "owners" or "lastModifyingUser", but unfortunately not "creator"
There is already a feature request asking to implement the option to retrieve the user who added a file to a shared drive. - You can "star" it to increase visibility and thus hopefully sooner implementation
Until then unfortunately you cannot retrieve the file creator without the workaround with the Revisions API

Google Drive API - Override Owner in Shared Folder

When sharing a folder, is it possible for the owner to override permissions of the files other writers have created under the folder? Hopefully this can be done with a normal Google account, but requiring Google Apps access is also OK (as long as we only need the owner's, not an admin's credentials to do so)
As far as I know, files inside the shared folders inherits the sharing permissions set by the folder owner. Which means that, permissions set by file owners were overridden by the permissions set by the folder owner as demonstrated in this YouTube video - Steegle.com - Google Drive & Docs - Sharing.
However, please note that there are only certain operations which the folder owner can permit and this does not include change of ownership of files as given in Types, roles and values: how the permissions work.
This discussion on Sharing folders vs sharing files - which has priority in Google Docs Help Forum might also help.

After modification of Google Groups, permission is not reflected in google drive

I give READ permission to GROUP1 on FOLDER1
Already existing members in GROUP1 can find FOLDER1 in Shared Folder list (Good)
I add new member called JOHN in GROUP1
JOHN is not able to find FOLDER1 in Google Drive or using google drive sdk (VERY BAD)
I am creating an application that rely on groups for google drive permission. This is a blocker now.
Why is this happening and how can I fix this issue or is there a workaround.
As per resolution given in Resolve common Google Drive issues in Google Apps Administrator Help:
The Shared with Me view shows only items that have been shared with you explicitly. This includes items shared with you via a small group (with up to 200 members). If an item is shared with a larger group, it won’t automatically show in your Drive unless you click the link in the sharing invitation email.
With this, you must send a sharing invitation email to JOHN with the link to the shared folder/file. John can access the document through that link.
As teyman mentioned this is a known issue/feature of Google Drive. To workaround you could:
after adding member, remove group acl on Drive folder and re-add so new member is evaluated properly.
provide email, Google Site or other link to new member which direct user to folder so that they can find in Drive.
as the new member, add 'root' as a parent of the folder so that folder appears in new member's My Drive.

Add a shared folder to google drive using a share link

Newest Edit:
So here is what i want to accomplish:
1) User installs my application on his computer.
2) User grants my app access to his drive.
3) My app shares a folder from my drive with the user.
The problem in accomplishing part 3) is that my app actually needs write access to my drive, so it can share my folder with the current user. But for security reasons there is no way i can grant my app write acces to my drive.
Now im asking for a possibility to perform part 3) without granting my app write access for my drive.
I would like my installed application to add a shared folder to a users google drive account by only using a share link i generated manually for a folder i've created in my drive. Is it possible to accomplish this using google drive API?
Edit: What i actually want to do is to create a folder in the users drive and link this folder to a folder in my drive, so the user can access the files stored in my drive.
A shortcut to another's shared directory? Google Drive doesn't support it but, you can create an application to handle it.
Create a shortcut to your application.
Add the the link you want your user to be redirected as a custom property to the shortcut file.
When user opens the file from Drive and being redirected to your app, read the custom property you stored.
Redirect user to the the location on the retrieved custom property.