I'm having a look at Google Drive and we have instances where we will need item level permissions on files. We have groups of people would would have write access to the file. I notice that the API allows you to set permissions on a file with a group id but am unsure how to setup the group in the first place?
Could someone please advise on how to do this?
The other alternative would be to send a permission for each user but this seems like a less ideal workaround.
Just share with a google group which has an email.
Related
I have a GSuite with user groups, every group is one department in the organisation. I got the following permissions now:
Every department can edit his own folder
Every department can view folders of the other departments
Only I want that every department who can view something, also can comment on GDoc files and Spreadsheet files. I know I can change this on every file indiviually, but our Drive has over 1000 GDoc files. I'm not going by every old (and new) file to change this permission everytime.
I tried to solve this with a script and tried
file.addCommenter(email); -> Invalid argument: permission.value
file.setSharing(DriveApp.Access.PRIVATE, DriveApp.Permission.COMMENT) -> No error, but also no result.
Does someone know a solution for this?
file.addCommenter(email); -> Invalid argument: permission.value
That's a tricky one. There is an open issue #4231 since July 2014 (!) about this. I have not personally encountered this, but apparently it is an issue, though may be a rare one. Is it a specific file type that this fails on? I have just tested file.addCommenter(email) on all Google file types, and it worked without an issue for me.
Is the account your script is executing under the OWNER of these files, or only has 'EDIT' access to them? Has the option 'Prevent editors from changing access and adding new people' been enabled for these files? These are some things I would start checking to pinpoint the cause of the issue.
If all else fails, I suggest you contact Google Support rep with this - there should be a link for this in your GSuite Admin Control Panel.
file.setSharing(DriveApp.Access.PRIVATE, DriveApp.Permission.COMMENT)
-> No error, but also no result.
I do not think this will do what you expect it to. setSharing() method sets the sharing properties of the file besides any individual users who have been explicitly given access. Basically, setSharing() method will not change the sharing access of users who have already been explicitly granted some level of access to the file.
The way you could potentially use it, is to grant COMMENT access to the file to any user in your domain using file.setSharing(DriveApp.Access.DOMAIN_WITH_LINK, DriveApp.Permission.COMMENT), provided you are GSuite for Business or EDU user.
Hope this helps!
I am using the Permissions: get endpoint to check if the user has permission the document.
while i am using this endpoint i came across strange behaviour. it was like this as i need to find out if a given user has permission to edit a given document.
1) if the document directly shared edit permission for that user the above endpoint gives me the correct permission object.
2) if the document is shared with the domain privileges (Anyone at who has the link can edit) . In this case every time it gives me a error response.
My view in this case in the google document view even its the domain level share permission or user level share permission the user get the correct set of workflow. But to check these permission levels from the API endpoints does not works as expected.
Is this a known issue? Is their a another way to check the file permission if it shared under the domain level?
Thanks
Given the fact that there is some missing information (i.e. error message, code snippet, screenshots etc.), I'll make an attempt to answer your question here :)
To check for the file permission, it can be achieved in the following ways:
via Drive API
The Permissions.get resource would be ideal for checking the
permission for a user or domain. You may also try using the
Permissions.list, which would lists all file's permissions.
Google Drive UI
Right click on the file, select "Share..."
Click Advanced
With that being said, I noticed in my testing, if the file (doc) is shared under the domain level and you are not performing this under the same domain, both the view and API resource will return an error response. I suggest making sure when you're calling through the API you're using the appropriate domain user. Hope this helps and Good luck!
The Permissions.Get operation can tell if you a file was shared directly to a user, but it can't tell you if a user has access to the file via a group permission, domain permission, or anyone permission.
Using a Permissions.List operation you might be able to tell if the file is shared to anyone or if it's shared to the user's domain (based on, for example, the user's email address).
In the Google Drive SDK documentation, I can't figure out how to access the root list of files/folders shared with me by others, any idea?
I tried to search for files not owned by me, meaning query files/list with the following parameter:
"q=not 'me' in owners"
But that returns all the files owned by others, not only the "root list" of those files.
Thanks for your help.
Apparently, there is a new search parameter, called sharedWithMe. Setting the Q to "sharedWithMe" is enough to receive the parent folders and files that were shared with the user. It can be combined with other parameters too - for example "sharedWithMe and trashed=false".
You have probably already found about it, but it might be useful to have an answer of this question.
Something more like:
"q=not 'me' in owners and 'root' in parents"
I have a web app in php mysql, I want to use one google drive account for my app.
Can I use my app's accounts instead of google users for privilages.
I read in SDK I can use service account to login without promting user, but I don't know how to share or give permissions files for custom users.
In api reference I found this:
"The user is not necessarily yet a Google user (e.g. if a file or folder is shared with an email address that does not yet have an associated Google account). Example: 1111459233037698895607".
How a custom user in my app should get a token for own privilages.
I am not exactly sure what you want to achieve here, but if you want to use your own permission system, you can't. You can, however, apply read/write/owner permissions to files to mirror your own permissions.
If I have totally got the wrong idea, please explain.
I am thinking of developing an application like this:
My application has a google-service-account
I let my users share their documents with my service account
While an user visits my application, he gets some reports based on the files he has shared.
For this, my application needs to uniquely identify the owner of the documents shared with it. I looked at the API but could not find how to do so. I found methods like File.getOwnerNames(), but they are plain strings containing the names, but not any unique key to identify the user.
Need help on how to achieve this. Thanks.
Sanjay
Use the permissions.list method and find the permission corresponding to the owner.