NYU will be introducing storage limits in response to Google’s decision to eliminate free, unlimited storage for higher education clients. 95% of the NYU community will be able to continue using Google services as usual, while 5% of users will be contacted directly to discuss their storage needs. Learn more about these changes. Show
Every Google Drive file, folder, and shared drive have associated permissions resources. Each resource identifies the permission for a specific { "requests": [ ]
}3 (user, group, domain, anyone) and { "requests": [ ]
}4, such as "commenter" or "reader." For example, a file might have a permission granting a specific user ( { "requests": [ ]
}
{ "requests": [ ]
}
{ "requests": [ ]
}
{ "requests": [ ]
}8). For a complete list of roles and the operations permitted by each, refer to Roles & permissions. Scenarios for sharing Drive resourcesThere are five different types of sharing scenarios:
Set an expiration date to limit file accessWhen you're working with people on a sensitive project, you might want to restrict their access to certain files in Drive after a period of time. For files in My Drive, you can set an expiration date to limit or remove access to that file. To set the expiration date:
The { "kind": "drive permissionList","permissions": [ # permission", ]
}5 field denotes when the permission expires using RFC 3339 date-time . Expiration times have the following restrictions:
For more information about expiration date, see the following articles:
Permission propagationPermission lists for a folder propagate downward, and all child files and folders inherit permissions from the parent. Whenever permissions or the hierarchy is changed, the propagation occurs recursively through all nested folders. For example, if a file exists in a folder and that folder is then moved within another folder, the permissions on the new folder propagate to the file. If the new folder grants the user of the file a new role, such as "writer," it overrides their old role. Conversely, if a file inherits { "requests": [ ]
}9 from a folder, and is moved to another folder that provides a "reader" role, the file now inherits { "requests": [ ]
}6. Inherited permissions can't be removed from a file or folder in a shared drive. Instead these permissions must be adjusted on the direct or indirect parent from which they were inherited. Inherited permissions can be removed from items under "My Drive" or "Shared with me." Conversely, inherited permissions can be overridden on a file or folder in My Drive. So, if a file inherits { "requests": [ ]
}9 from a My Drive folder, you can set { "requests": [ ]
}6 on the file to lower its permission level. CapabilitiesThe Permissions resource doesn't ultimately determine the current user's ability to perform actions on a file or folder. Instead, a Files resource contains a collection of boolean GET https://www.googleapis.com/drive/v3/files/ 0 fields used to indicate whether an action can be performed on a file or folder. The Google Drive API sets these fields based on the current user's permissions resource associated with the file or folder. For example, when Alex logs into your app and tries to share a file, Alex's role is checked for permissions on the file. If the role allows them to share a file, the GET https://www.googleapis.com/drive/v3/files/ 0 related to the file, such as GET https://www.googleapis.com/drive/v3/files/ 2, are filled in relative to the role. If Alex wants to share the file, your app checks the GET https://www.googleapis.com/drive/v3/files/ 0 to ensure GET https://www.googleapis.com/drive/v3/files/ 2 is set to GET https://www.googleapis.com/drive/v3/files/ 5. For an example of retrieving file GET https://www.googleapis.com/drive/v3/files/ 0, see . Create a permissionThe following two fields are necessary when creating a permission:
When you create a permission where { "requests": [ ]
}5 or { "requests": [ ]
}7, you must also provide an to tie the specific user or group to the permission. When you create a permission where { "capabilities": { }
}4, you must also provide a to tie a specific domain to the permission. To create a permission:
Show an exampleThe following code sample shows how to create a permission. The response returns an instance of a resource, including the assigned { "permissionDetails": [ ]
}7. Request POST https://www.googleapis.com/drive/v3/files/ { "requests": [ ]
}Response { # permission", }Use target audiencesTarget audiences are groups of people—such as departments or teams—that you can recommend for users to share their items with. You can encourage users to share items with a more specific or limited audience rather than your entire organization. Target audiences can help you improve the security and privacy of your data, and make it easier for users to share appropriately. For more information, see About target audiences . To use target audiences:
To view how users interact with target audiences, see . Retrieve all permissions for a file, folder, or shared driveUse the PATCH https://www.googleapis.com/drive/v3/files/ 2 method to retrieve all permissions for a file, folder, or shared drive. Show an exampleThe following code sample shows how to get all permissions. The response returns a list of permissions. Request GET https://www.googleapis.com/drive/v3/files/ Response { "kind": "drive permissionList","permissions": [ # permission", ]
}Verify user permissionsWhen your app opens a file, it should check the file's capabilities and render the UI to reflect the permissions of the current user. For example, if the user doesn't have a PATCH https://www.googleapis.com/drive/v3/files/ 3 capability on the file, the ability to comment should be disabled in the UI. For more information about GET https://www.googleapis.com/drive/v3/files/ 0, see the section above. To check the capabilities, call PATCH https://www.googleapis.com/drive/v3/files/ 5 with the GET https://www.googleapis.com/drive/v3/files/ 8 and the PATCH https://www.googleapis.com/drive/v3/files/ 7 parameter set to the GET https://www.googleapis.com/drive/v3/files/ 0 field. For further information on returning fields using the PATCH https://www.googleapis.com/drive/v3/files/ 7 parameter, see Return specific fields for a file. Show an exampleThe following code sample shows how to verify user permissions. The response returns a list of capabilities the user has on the file. Each capability corresponds to a fine-grained action that a user can take. Some fields are only populated for items in shared drives. Request GET https://www.googleapis.com/drive/v3/files/ Response { "capabilities": { }
}Determine the source of the role for shared drive files & foldersTo change the role on a file or folder, you must know the source of the role. For shared drives, the source of a role can be based on membership to the shared drive, the role on a folder, or the role on a file. To determine the source of the role for a shared drive, or items within that drive, call { "requests": [ ]
}00 with the GET https://www.googleapis.com/drive/v3/files/ 8, the { "permissionDetails": [ ]
}7, and the PATCH https://www.googleapis.com/drive/v3/files/ 7 parameter set to the { "requests": [ ]
}04 field. To find the { "permissionDetails": [ ]
}7, use PATCH https://www.googleapis.com/drive/v3/files/ 2 with the GET https://www.googleapis.com/drive/v3/files/ 8. To fetch the { "requests": [ ]
}04 field on the PATCH https://www.googleapis.com/drive/v3/files/ 2 request, set the PATCH https://www.googleapis.com/drive/v3/files/ 7 parameter to { "requests": [ ]
}11. This field enumerates all inherited and direct file permissions for the user, group, or domain. Show an exampleThe following code sample shows how to determine the role source. The response returns the { "requests": [ ]
}04 of a resource. The { "requests": [ ]
}14 field provides the ID of the item from which the permission is inherited. Request GET https://www.googleapis.com/drive/v3/files/ Response { "permissionDetails": [ ]
}Change permissionsTo change permissions on a file or folder, you can change the assigned role:
You can grant permissions on individual files or folders in a shared drive even if the user or group is already a member. For example, Alex has { "requests": [ ]
}8 as part of their membership to a shared drive. However, your app can grant Alex { "requests": [ ]
}9 for a file in a shared drive. In this case, because the new role is more permissive than the role granted through their membership, the new permission becomes the effective role for the file or folder. Show an exampleThe following code sample shows how to change permissions on a file or folder from commenter to writer. The response returns an instance of a { "permissionDetails": [ ]
}6 resource. Request PATCH https://www.googleapis.com/drive/v3/files/ { "requests": [ ]
}0 Response { "requests": [ ]
}1 Revoke access to a file or folderTo revoke access to a file or folder, call { "requests": [ ]
}25 with the GET https://www.googleapis.com/drive/v3/files/ 8 and the { "permissionDetails": [ ]
}7 to delete the permission. For items in "My Drive," it's possible to delete an inherited permission. Deleting an inherited permission revokes access to the item and child items, if any. For items in a shared drive, inherited permissions cannot be revoked. Update or revoke the permission on the parent file or folder instead. The { "requests": [ ]
}25 operation is also used to delete permissions directly applied to a shared drive file or folder. Show an exampleThe following code sample shows how to revoke access by deleting a { "permissionDetails": [ ]
}7. If successful, the response body is empty. To confirm the permission is removed, use PATCH https://www.googleapis.com/drive/v3/files/ 2 with the GET https://www.googleapis.com/drive/v3/files/ 8. Request { "requests": [ ]
}2 Transfer file ownership to another Google Workspace account in the same organizationOwnership of files existing in "My Drive" can be transferred from one to another account in the same organization. An organization that owns a shared drive owns the files within it. Therefore, ownership transfers are not supported for files and folders in shared drives. Organizers of a shared drive can move items from that shared drive and into their own "My Drive" which transfers the ownership to them. To transfer ownership of a file in "My Drive", do one of the following:
Transfer file ownership from one consumer account to anotherOwnership of files can be transferred between one consumer account to another. However, Drive doesn't transfer ownership of a file between two until the prospective new owner explicitly consents to the transfer. To transfer file ownership from one consumer account to another:
When a file is transferred, the previous owner's role is downgraded to { "requests": [ ]
}41. Change multiple permissions with batch requestsWe strongly recommend using to modify multiple permissions. The following is an example of performing a batch permission modification with a client library. JavaPythonNode.jsPHP.NETExcept as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates. Last updated 2023-12-13 UTC. [{ "type": "thumb-down", "id": "missingTheInformationINeed", "label":"Missing the information I need" },{ "type": "thumb-down", "id": "tooComplicatedTooManySteps", "label":"Too complicated / too many steps" },{ "type": "thumb-down", "id": "outOfDate", "label":"Out of date" },{ "type": "thumb-down", "id": "samplesCodeIssue", "label":"Samples / code issue" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }] Need to tell us more? |