Drive.google.ซ โอเอ ม drive mobile folders 10jp1xfq3d8elru3ofyltfinr1uylvaz9

Question

NYU will be introducing storage limits in response to Google’s decision to eliminate free, unlimited storage for higher education clients. 95% of the NYU community will be able to continue using Google services as usual, while 5% of users will be contacted directly to discuss their storage needs. Learn more about these changes.

สารบัญ Show

Scenarios for sharing Drive resources
Set an expiration date to limit file access
Permission propagation
Capabilities
Create a permission
Use target audiences
Retrieve all permissions for a file, folder, or shared drive
Verify user permissions
Determine the source of the role for shared drive files & folders
Change permissions
Revoke access to a file or folder
Transfer file ownership to another Google Workspace account in the same organization
Transfer file ownership from one consumer account to another
Change multiple permissions with batch requests

Every Google Drive file, folder, and shared drive have associated permissions resources. Each resource identifies the permission for a specific

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

3 (user, group, domain, anyone) and

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

4, such as "commenter" or "reader." For example, a file might have a permission granting a specific user (

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

read-only access (

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

while another permission grants members of a specific group (

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

the ability to add comments to a file (

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

8).

For a complete list of roles and the operations permitted by each, refer to Roles & permissions.

There are five different types of sharing scenarios:

To share a file in My Drive, the user must have { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 9 or {

"kind": "drive

# permission",

"id": "PERMISSION_ID",  
"type": "user",  
"role": "commenter"

}

If the {

   "kind": "drive

# permission",

   "id": "PERMISSION_ID",  
   "type": "user",  
   "role": "commenter"

} 1 boolean value is set to {

   "kind": "drive

# permission",

   "id": "PERMISSION_ID",  
   "type": "user",  
   "role": "commenter"

} 2 for the file, the user must have {

   "kind": "drive

# permission",

   "id": "PERMISSION_ID",  
   "type": "user",  
   "role": "commenter"

}

If the user with {

 "requests": [  
   {  
       "type": "user",  
       "role": "commenter",  
       "emailAddress": "[email protected]"  
   }  
 ]

} 9 has temporary access governed by an expiration date and time, they can't share the file. For more information, see .

To share a folder in My Drive, the user must have { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 9 or {

"kind": "drive

# permission",

"id": "PERMISSION_ID",  
"type": "user",  
"role": "commenter"

}

If the {

   "kind": "drive

# permission",

   "id": "PERMISSION_ID",  
   "type": "user",  
   "role": "commenter"

} 1 boolean value is set to {

   "kind": "drive

# permission",

   "id": "PERMISSION_ID",  
   "type": "user",  
   "role": "commenter"

} 2 for the file, the user must have the more permissive {

   "kind": "drive

# permission",

   "id": "PERMISSION_ID",  
   "type": "user",  
   "role": "commenter"

}

Temporary access (governed by an expiration date and time) isn't allowed on My Drive folders with {

 "requests": [  
   {  
       "type": "user",  
       "role": "commenter",  
       "emailAddress": "[email protected]"  
   }  
 ]

} 9. For more information, see .

To share a file in a shared drive, the user must have { "requests": [
```
{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}  
```
] } 9, GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions 2, or GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions
- The {
```
   "kind": "drive
```
  # permission",
```
   "id": "PERMISSION_ID",  
   "type": "user",  
   "role": "commenter"  
```
  } 1 setting doesn't apply to items in shared drives. It's treated as if it's always set to GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions 5.
To share a folder in a shared drive, the user must have GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions
- If the GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions 7 restriction on a shared drive is set to {
```
   "kind": "drive
```
  # permission",
```
   "id": "PERMISSION_ID",  
   "type": "user",  
   "role": "commenter"  
```
  } 2, users with GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions 2 can share folders in that shared drive.
To manage shared drive membership, the user must have GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions 3. Only users and groups can be members of shared drives.

Set an expiration date to limit file access

When you're working with people on a sensitive project, you might want to restrict their access to certain files in Drive after a period of time. For files in My Drive, you can set an expiration date to limit or remove access to that file.

To set the expiration date:

Use the
{ "kind": "drive
permissionList",
"permissions": [
```
{  
  "id": "PERMISSION_ID",  
  "type": "user",  
  "kind": "drive
```
# permission",
```
  "role": "commenter"  
}  
```
] } 1 method and set the { "kind": "drive
permissionList",
"permissions": [
```
{  
  "id": "PERMISSION_ID",  
  "type": "user",  
  "kind": "drive
```
# permission",
```
  "role": "commenter"  
}  
```
] } 2 field (along with the other required fields). For more information, see .
Use the
{ "kind": "drive
permissionList",
"permissions": [
```
{  
  "id": "PERMISSION_ID",  
  "type": "user",  
  "kind": "drive
```
# permission",
```
  "role": "commenter"  
}  
```
] } 3 method and set the { "kind": "drive
permissionList",
"permissions": [
```
{  
  "id": "PERMISSION_ID",  
  "type": "user",  
  "kind": "drive
```
# permission",
```
  "role": "commenter"  
}  
```
] } 2 field (along with the other required fields). For more information, see .

The

{ "kind": "drive

permissionList",

"permissions": [

{
  "id": "`PERMISSION_ID`",
  "type": "user",
  "kind": "drive

# permission",

  "role": "commenter"
}

] }

5 field denotes when the permission expires using RFC 3339 date-time . Expiration times have the following restrictions:

They can only be set on user and group permissions.
The time must be in the future.
The time cannot be more than a year in the future.

For more information about expiration date, see the following articles:

.

Permission propagation

Permission lists for a folder propagate downward, and all child files and folders inherit permissions from the parent. Whenever permissions or the hierarchy is changed, the propagation occurs recursively through all nested folders. For example, if a file exists in a folder and that folder is then moved within another folder, the permissions on the new folder propagate to the file. If the new folder grants the user of the file a new role, such as "writer," it overrides their old role.

Conversely, if a file inherits

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

9 from a folder, and is moved to another folder that provides a "reader" role, the file now inherits

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

6.

Inherited permissions can't be removed from a file or folder in a shared drive. Instead these permissions must be adjusted on the direct or indirect parent from which they were inherited. Inherited permissions can be removed from items under "My Drive" or "Shared with me."

Conversely, inherited permissions can be overridden on a file or folder in My Drive. So, if a file inherits

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

9 from a My Drive folder, you can set

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

6 on the file to lower its permission level.

Capabilities

The Permissions resource doesn't ultimately determine the current user's ability to perform actions on a file or folder. Instead, a Files resource contains a collection of boolean

GET https://www.googleapis.com/drive/v3/files/FILE_ID?fields=capabilities

0 fields used to indicate whether an action can be performed on a file or folder. The Google Drive API sets these fields based on the current user's permissions resource associated with the file or folder.

For example, when Alex logs into your app and tries to share a file, Alex's role is checked for permissions on the file. If the role allows them to share a file, the

GET https://www.googleapis.com/drive/v3/files/FILE_ID?fields=capabilities

0 related to the file, such as

GET https://www.googleapis.com/drive/v3/files/FILE_ID?fields=capabilities

2, are filled in relative to the role. If Alex wants to share the file, your app checks the

GET https://www.googleapis.com/drive/v3/files/FILE_ID?fields=capabilities

0 to ensure

GET https://www.googleapis.com/drive/v3/files/FILE_ID?fields=capabilities

2 is set to

GET https://www.googleapis.com/drive/v3/files/FILE_ID?fields=capabilities

5.

For an example of retrieving file

GET https://www.googleapis.com/drive/v3/files/FILE_ID?fields=capabilities

0, see .

Create a permission

The following two fields are necessary when creating a permission:

—The { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 3 identifies the scope of the permission ( GET https://www.googleapis.com/drive/v3/files/FILE_ID?fields=capabilities 9, { "capabilities": {

"canAcceptOwnership": false,  
"canAddChildren": false,  
"canAddMyDriveParent": false,  
"canChangeCopyRequiresWriterPermission": true,  
"canChangeSecurityUpdateEnabled": false,  
"canComment": true,  
"canCopy": true,  
"canDelete": true,  
"canDownload": true,  
"canEdit": true,  
"canListChildren": false,  
"canModifyContent": true,  
"canModifyContentRestriction": true,  
"canModifyLabels": true,  
"canMoveChildrenWithinDrive": false,  
"canMoveItemOutOfDrive": true,  
"canMoveItemWithinDrive": true,  
"canReadLabels": true,  
"canReadRevisions": true,  
"canRemoveChildren": false,  
"canRemoveMyDriveParent": true,  
"canRename": true,  
"canShare": true,  
"canTrash": true,  
"canUntrash": true

} } 0, { "capabilities": {

"canAcceptOwnership": false,  
"canAddChildren": false,  
"canAddMyDriveParent": false,  
"canChangeCopyRequiresWriterPermission": true,  
"canChangeSecurityUpdateEnabled": false,  
"canComment": true,  
"canCopy": true,  
"canDelete": true,  
"canDownload": true,  
"canEdit": true,  
"canListChildren": false,  
"canModifyContent": true,  
"canModifyContentRestriction": true,  
"canModifyLabels": true,  
"canMoveChildrenWithinDrive": false,  
"canMoveItemOutOfDrive": true,  
"canMoveItemWithinDrive": true,  
"canReadLabels": true,  
"canReadRevisions": true,  
"canRemoveChildren": false,  
"canRemoveMyDriveParent": true,  
"canRename": true,  
"canShare": true,  
"canTrash": true,  
"canUntrash": true

} } 1, or { "capabilities": {

"canAcceptOwnership": false,  
"canAddChildren": false,  
"canAddMyDriveParent": false,  
"canChangeCopyRequiresWriterPermission": true,  
"canChangeSecurityUpdateEnabled": false,  
"canComment": true,  
"canCopy": true,  
"canDelete": true,  
"canDownload": true,  
"canEdit": true,  
"canListChildren": false,  
"canModifyContent": true,  
"canModifyContentRestriction": true,  
"canModifyLabels": true,  
"canMoveChildrenWithinDrive": false,  
"canMoveItemOutOfDrive": true,  
"canMoveItemWithinDrive": true,  
"canReadLabels": true,  
"canReadRevisions": true,  
"canRemoveChildren": false,  
"canRemoveMyDriveParent": true,  
"canRename": true,  
"canShare": true,  
"canTrash": true,  
"canUntrash": true

} } 2). A permission with { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 5 applies to a specific user whereas a permission with { "capabilities": {

"canAcceptOwnership": false,  
"canAddChildren": false,  
"canAddMyDriveParent": false,  
"canChangeCopyRequiresWriterPermission": true,  
"canChangeSecurityUpdateEnabled": false,  
"canComment": true,  
"canCopy": true,  
"canDelete": true,  
"canDownload": true,  
"canEdit": true,  
"canListChildren": false,  
"canModifyContent": true,  
"canModifyContentRestriction": true,  
"canModifyLabels": true,  
"canMoveChildrenWithinDrive": false,  
"canMoveItemOutOfDrive": true,  
"canMoveItemWithinDrive": true,  
"canReadLabels": true,  
"canReadRevisions": true,  
"canRemoveChildren": false,  
"canRemoveMyDriveParent": true,  
"canRename": true,  
"canShare": true,  
"canTrash": true,  
"canUntrash": true

} } 4 applies to everyone in a specific domain.

—The { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 4 field identifies the operations that the { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 3 can perform. For example, a permission with { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 5 and { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 6 grants a specific user read-only access to the file or folder. Or, a permission with { "capabilities": {

"canAcceptOwnership": false,  
"canAddChildren": false,  
"canAddMyDriveParent": false,  
"canChangeCopyRequiresWriterPermission": true,  
"canChangeSecurityUpdateEnabled": false,  
"canComment": true,  
"canCopy": true,  
"canDelete": true,  
"canDownload": true,  
"canEdit": true,  
"canListChildren": false,  
"canModifyContent": true,  
"canModifyContentRestriction": true,  
"canModifyLabels": true,  
"canMoveChildrenWithinDrive": false,  
"canMoveItemOutOfDrive": true,  
"canMoveItemWithinDrive": true,  
"canReadLabels": true,  
"canReadRevisions": true,  
"canRemoveChildren": false,  
"canRemoveMyDriveParent": true,  
"canRename": true,  
"canShare": true,  
"canTrash": true,  
"canUntrash": true

} } 4 and { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 8 lets everyone in the domain add comments to a file. For a complete list of roles and the operations permitted by each, refer to Roles & permissions.

When you create a permission where

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

5 or

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

7, you must also provide an to tie the specific user or group to the permission.

When you create a permission where

{ "capabilities": {

"canAcceptOwnership": false,
"canAddChildren": false,
"canAddMyDriveParent": false,
"canChangeCopyRequiresWriterPermission": true,
"canChangeSecurityUpdateEnabled": false,
"canComment": true,
"canCopy": true,
"canDelete": true,
"canDownload": true,
"canEdit": true,
"canListChildren": false,
"canModifyContent": true,
"canModifyContentRestriction": true,
"canModifyLabels": true,
"canMoveChildrenWithinDrive": false,
"canMoveItemOutOfDrive": true,
"canMoveItemWithinDrive": true,
"canReadLabels": true,
"canReadRevisions": true,
"canRemoveChildren": false,
"canRemoveMyDriveParent": true,
"canRename": true,
"canShare": true,
"canTrash": true,
"canUntrash": true

} }

4, you must also provide a to tie a specific domain to the permission.

To create a permission:

Use the
{ "kind": "drive
permissionList",
"permissions": [
```
{  
  "id": "PERMISSION_ID",  
  "type": "user",  
  "kind": "drive
```
# permission",
```
  "role": "commenter"  
}  
```
] } 1 method with the GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID?fields=permissionDetails&supportsAllDrives=true 8 for the associated file or folder.

In the request body, specify the { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 3 and { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 4.

If { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 5 or { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 7, provide an GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID?fields=permissionDetails&supportsAllDrives=true 4. If { "capabilities": {

"canAcceptOwnership": false,  
"canAddChildren": false,  
"canAddMyDriveParent": false,  
"canChangeCopyRequiresWriterPermission": true,  
"canChangeSecurityUpdateEnabled": false,  
"canComment": true,  
"canCopy": true,  
"canDelete": true,  
"canDownload": true,  
"canEdit": true,  
"canListChildren": false,  
"canModifyContent": true,  
"canModifyContentRestriction": true,  
"canModifyLabels": true,  
"canMoveChildrenWithinDrive": false,  
"canMoveItemOutOfDrive": true,  
"canMoveItemWithinDrive": true,  
"canReadLabels": true,  
"canReadRevisions": true,  
"canRemoveChildren": false,  
"canRemoveMyDriveParent": true,  
"canRename": true,  
"canShare": true,  
"canTrash": true,  
"canUntrash": true

} } 4, provide a { "capabilities": {

"canAcceptOwnership": false,  
"canAddChildren": false,  
"canAddMyDriveParent": false,  
"canChangeCopyRequiresWriterPermission": true,  
"canChangeSecurityUpdateEnabled": false,  
"canComment": true,  
"canCopy": true,  
"canDelete": true,  
"canDownload": true,  
"canEdit": true,  
"canListChildren": false,  
"canModifyContent": true,  
"canModifyContentRestriction": true,  
"canModifyLabels": true,  
"canMoveChildrenWithinDrive": false,  
"canMoveItemOutOfDrive": true,  
"canMoveItemWithinDrive": true,  
"canReadLabels": true,  
"canReadRevisions": true,  
"canRemoveChildren": false,  
"canRemoveMyDriveParent": true,  
"canRename": true,  
"canShare": true,  
"canTrash": true,  
"canUntrash": true

} } 1.

Show an example

The following code sample shows how to create a permission. The response returns an instance of a resource, including the assigned

{ "permissionDetails": [

{
  "permissionType": "member",
  "role": "commenter",
  "inheritedFrom": "`INHERITED_FROM_ID`",
  "inherited": true
},
{
  "permissionType": "file",
  "role": "writer",
  "inherited": false
}

] }

7.

Request

POST https://www.googleapis.com/drive/v3/files/FILE_ID/permissions

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

Response

{

"kind": "drive

# permission",

"id": "`PERMISSION_ID`",
"type": "user",
"role": "commenter"

}

Use target audiences

Target audiences are groups of people—such as departments or teams—that you can recommend for users to share their items with. You can encourage users to share items with a more specific or limited audience rather than your entire organization. Target audiences can help you improve the security and privacy of your data, and make it easier for users to share appropriately. For more information, see About target audiences .

To use target audiences:

In the Google Admin console, go to Menu\> Directory\> Target audiences. Go to Target audiences You must be signed in using an account with privileges for this task.
In the Target audiences list, click the name of the target audience. To create a target audience, see Create a target audience

Copy the unique ID from the target audience URL: { "permissionDetails": [

{  
  "permissionType": "member",  
  "role": "commenter",  
  "inheritedFrom": "INHERITED_FROM_ID",  
  "inherited": true  
},  
{  
  "permissionType": "file",  
  "role": "writer",  
  "inherited": false  
}

] } 8.

with { "capabilities": {

"canAcceptOwnership": false,  
"canAddChildren": false,  
"canAddMyDriveParent": false,  
"canChangeCopyRequiresWriterPermission": true,  
"canChangeSecurityUpdateEnabled": false,  
"canComment": true,  
"canCopy": true,  
"canDelete": true,  
"canDownload": true,  
"canEdit": true,  
"canListChildren": false,  
"canModifyContent": true,  
"canModifyContentRestriction": true,  
"canModifyLabels": true,  
"canMoveChildrenWithinDrive": false,  
"canMoveItemOutOfDrive": true,  
"canMoveItemWithinDrive": true,  
"canReadLabels": true,  
"canReadRevisions": true,  
"canRemoveChildren": false,  
"canRemoveMyDriveParent": true,  
"canRename": true,  
"canShare": true,  
"canTrash": true,  
"canUntrash": true

} } 4, and set the { "capabilities": {

"canAcceptOwnership": false,  
"canAddChildren": false,  
"canAddMyDriveParent": false,  
"canChangeCopyRequiresWriterPermission": true,  
"canChangeSecurityUpdateEnabled": false,  
"canComment": true,  
"canCopy": true,  
"canDelete": true,  
"canDownload": true,  
"canEdit": true,  
"canListChildren": false,  
"canModifyContent": true,  
"canModifyContentRestriction": true,  
"canModifyLabels": true,  
"canMoveChildrenWithinDrive": false,  
"canMoveItemOutOfDrive": true,  
"canMoveItemWithinDrive": true,  
"canReadLabels": true,  
"canReadRevisions": true,  
"canRemoveChildren": false,  
"canRemoveMyDriveParent": true,  
"canRename": true,  
"canShare": true,  
"canTrash": true,  
"canUntrash": true

} } 1 field to PATCH https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID 1.

To view how users interact with target audiences, see .

Retrieve all permissions for a file, folder, or shared drive

Use the

PATCH https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID

2 method to retrieve all permissions for a file, folder, or shared drive.

Show an example

The following code sample shows how to get all permissions. The response returns a list of permissions.

Request

GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions

Response

{ "kind": "drive

permissionList",

"permissions": [

{
  "id": "`PERMISSION_ID`",
  "type": "user",
  "kind": "drive

# permission",

  "role": "commenter"
}

] }

Verify user permissions

When your app opens a file, it should check the file's capabilities and render the UI to reflect the permissions of the current user. For example, if the user doesn't have a

PATCH https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID

3 capability on the file, the ability to comment should be disabled in the UI.

For more information about

GET https://www.googleapis.com/drive/v3/files/FILE_ID?fields=capabilities

0, see the section above.

To check the capabilities, call

PATCH https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID

5 with the

GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID?fields=permissionDetails&supportsAllDrives=true

8 and the

PATCH https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID

7 parameter set to the

GET https://www.googleapis.com/drive/v3/files/FILE_ID?fields=capabilities

0 field. For further information on returning fields using the

PATCH https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID

7 parameter, see Return specific fields for a file.

Show an example

The following code sample shows how to verify user permissions. The response returns a list of capabilities the user has on the file. Each capability corresponds to a fine-grained action that a user can take. Some fields are only populated for items in shared drives.

Request

GET https://www.googleapis.com/drive/v3/files/FILE_ID?fields=capabilities

Response

{ "capabilities": {

"canAcceptOwnership": false,
"canAddChildren": false,
"canAddMyDriveParent": false,
"canChangeCopyRequiresWriterPermission": true,
"canChangeSecurityUpdateEnabled": false,
"canComment": true,
"canCopy": true,
"canDelete": true,
"canDownload": true,
"canEdit": true,
"canListChildren": false,
"canModifyContent": true,
"canModifyContentRestriction": true,
"canModifyLabels": true,
"canMoveChildrenWithinDrive": false,
"canMoveItemOutOfDrive": true,
"canMoveItemWithinDrive": true,
"canReadLabels": true,
"canReadRevisions": true,
"canRemoveChildren": false,
"canRemoveMyDriveParent": true,
"canRename": true,
"canShare": true,
"canTrash": true,
"canUntrash": true

} }

Determine the source of the role for shared drive files & folders

To change the role on a file or folder, you must know the source of the role. For shared drives, the source of a role can be based on membership to the shared drive, the role on a folder, or the role on a file.

To determine the source of the role for a shared drive, or items within that drive, call

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

00 with the

GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID?fields=permissionDetails&supportsAllDrives=true

8, the

{ "permissionDetails": [

{
  "permissionType": "member",
  "role": "commenter",
  "inheritedFrom": "`INHERITED_FROM_ID`",
  "inherited": true
},
{
  "permissionType": "file",
  "role": "writer",
  "inherited": false
}

] }

7, and the

PATCH https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID

7 parameter set to the

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

04 field. To find the

{ "permissionDetails": [

{
  "permissionType": "member",
  "role": "commenter",
  "inheritedFrom": "`INHERITED_FROM_ID`",
  "inherited": true
},
{
  "permissionType": "file",
  "role": "writer",
  "inherited": false
}

] }

7, use

PATCH https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID

2 with the

GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID?fields=permissionDetails&supportsAllDrives=true

8. To fetch the

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

04 field on the

PATCH https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID

2 request, set the

PATCH https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID

7 parameter to

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

11.

This field enumerates all inherited and direct file permissions for the user, group, or domain.

Show an example

The following code sample shows how to determine the role source. The response returns the

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

04 of a resource. The

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

14 field provides the ID of the item from which the permission is inherited.

Request

GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID?fields=permissionDetails&supportsAllDrives=true

Response

{ "permissionDetails": [

{
  "permissionType": "member",
  "role": "commenter",
  "inheritedFrom": "`INHERITED_FROM_ID`",
  "inherited": true
},
{
  "permissionType": "file",
  "role": "writer",
  "inherited": false
}

] }

Change permissions

To change permissions on a file or folder, you can change the assigned role:

Call
{ "kind": "drive
permissionList",
"permissions": [
```
{  
  "id": "PERMISSION_ID",  
  "type": "user",  
  "kind": "drive
```
# permission",
```
  "role": "commenter"  
}  
```
] } 3 with the { "permissionDetails": [
```
{  
  "permissionType": "member",  
  "role": "commenter",  
  "inheritedFrom": "INHERITED_FROM_ID",  
  "inherited": true  
},  
{  
  "permissionType": "file",  
  "role": "writer",  
  "inherited": false  
}  
```
] } 7 of the permission to change and the GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID?fields=permissionDetails&supportsAllDrives=true 8 for the associated file, folder, or shared drive. To find the { "permissionDetails": [
```
{  
  "permissionType": "member",  
  "role": "commenter",  
  "inheritedFrom": "INHERITED_FROM_ID",  
  "inherited": true  
},  
{  
  "permissionType": "file",  
  "role": "writer",  
  "inherited": false  
}  
```
] } 7, use PATCH https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID 2 with the GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID?fields=permissionDetails&supportsAllDrives=true 8.

In the request, identify the new { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 4.

You can grant permissions on individual files or folders in a shared drive even if the user or group is already a member. For example, Alex has

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

8 as part of their membership to a shared drive. However, your app can grant Alex

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

9 for a file in a shared drive. In this case, because the new role is more permissive than the role granted through their membership, the new permission becomes the effective role for the file or folder.

Show an example

The following code sample shows how to change permissions on a file or folder from commenter to writer. The response returns an instance of a

{ "permissionDetails": [

{
  "permissionType": "member",
  "role": "commenter",
  "inheritedFrom": "`INHERITED_FROM_ID`",
  "inherited": true
},
{
  "permissionType": "file",
  "role": "writer",
  "inherited": false
}

] }

6 resource.

Request

PATCH https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

0

Response

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

1

Revoke access to a file or folder

To revoke access to a file or folder, call

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

25 with the

GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID?fields=permissionDetails&supportsAllDrives=true

8 and the

{ "permissionDetails": [

{
  "permissionType": "member",
  "role": "commenter",
  "inheritedFrom": "`INHERITED_FROM_ID`",
  "inherited": true
},
{
  "permissionType": "file",
  "role": "writer",
  "inherited": false
}

] }

7 to delete the permission.

For items in "My Drive," it's possible to delete an inherited permission. Deleting an inherited permission revokes access to the item and child items, if any.

For items in a shared drive, inherited permissions cannot be revoked. Update or revoke the permission on the parent file or folder instead.

The

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

25 operation is also used to delete permissions directly applied to a shared drive file or folder.

Show an example

The following code sample shows how to revoke access by deleting a

{ "permissionDetails": [

{
  "permissionType": "member",
  "role": "commenter",
  "inheritedFrom": "`INHERITED_FROM_ID`",
  "inherited": true
},
{
  "permissionType": "file",
  "role": "writer",
  "inherited": false
}

] }

7. If successful, the response body is empty. To confirm the permission is removed, use

PATCH https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID

2 with the

GET https://www.googleapis.com/drive/v3/files/FILE_ID/permissions/PERMISSION_ID?fields=permissionDetails&supportsAllDrives=true

8.

Request

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

2

Transfer file ownership to another Google Workspace account in the same organization

Ownership of files existing in "My Drive" can be transferred from one to another account in the same organization. An organization that owns a shared drive owns the files within it. Therefore, ownership transfers are not supported for files and folders in shared drives. Organizers of a shared drive can move items from that shared drive and into their own "My Drive" which transfers the ownership to them.

To transfer ownership of a file in "My Drive", do one of the following:

a file permission granting a specific user ( { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] }

owner access ( {

"kind": "drive

# permission",

"id": "PERMISSION_ID",  
"type": "user",  
"role": "commenter"

} 0).

Update an existing file's permission with {

"kind": "drive

# permission",

"id": "PERMISSION_ID",  
"type": "user",  
"role": "commenter"

} 0 and transfer ownership to the specified user ( { "requests": [

{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}

] } 35).

Transfer file ownership from one consumer account to another

Ownership of files can be transferred between one consumer account to another. However, Drive doesn't transfer ownership of a file between two until the prospective new owner explicitly consents to the transfer. To transfer file ownership from one consumer account to another:

The current owner initiates an ownership transfer by creating or updating the prospective new owner's file permission. The permission must include these settings: { "requests": [
```
{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}  
```
] } 9, { "requests": [
```
{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}  
```
] } 5, and { "requests": [
```
{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}  
```
] } 38. If the new owner is creating a permission for the prospective owner, an email notification is sent to the prospective new owner indicating that they're being asked to assume ownership of the file.
The new owner accepts the ownership transfer request by creating or updating their file permission. The permission must include these settings: {
```
"kind": "drive
```
# permission",
```
"id": "PERMISSION_ID",  
"type": "user",  
"role": "commenter"  
```
} 0 and { "requests": [
```
{  
    "type": "user",  
    "role": "commenter",  
    "emailAddress": "[email protected]"  
}  
```
] } 35. If the new owner is creating a new permission, an email notification is sent to the previous owner indicating that ownership has been transferred.

When a file is transferred, the previous owner's role is downgraded to

{ "requests": [

{
    "type": "user",
    "role": "commenter",
    "emailAddress": "[email protected]"
}

] }

41.

Change multiple permissions with batch requests

We strongly recommend using to modify multiple permissions.

The following is an example of performing a batch permission modification with a client library.

Java

Python

Node.js

PHP

.NET

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2023-12-13 UTC.

[{ "type": "thumb-down", "id": "missingTheInformationINeed", "label":"Missing the information I need" },{ "type": "thumb-down", "id": "tooComplicatedTooManySteps", "label":"Too complicated / too many steps" },{ "type": "thumb-down", "id": "outOfDate", "label":"Out of date" },{ "type": "thumb-down", "id": "samplesCodeIssue", "label":"Samples / code issue" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }] Need to tell us more?

Drive google comhttps Google Drive