google-drive-apigoogle-apis-explorer

How to find out whether a GDrive (not Shared) file has inherited permissions, specifically shared to domain?


I'm looking to switch all domain-shared files from "Shared with Domain" to "Shared with group". I'm trying to identify whether a permission on a GDrive file (not from Shared Drive) is inherited or not. However Drive V3 API does not appear to expose permissions/permissionDetails attribute in same way as Shared Drives. Is there an efficient way to get the "inherited" status of a permissions? Trying to avoid having to walk the folder hierarchy.

Background on use case: We have decided that shared to domain is overly broad as the company grows. We have many consultants and contractors who should not see everything in the firm. We want to switch from Shared to domain to Shared with groups to better manage least privilege. We are aware that we cannot change UI at this time.


Solution

  • Answer:

    There's no direct way to get the inherited status of file permissions in Drive API.

    Explanation:

    permissionDetails is only available to shared drive items, and neither Permissions nor Files include any additional fields regarding inheritance.

    Therefore, I don't think you can use inheritance to filter out the files to update.

    Feature request:

    There's a feature request in Issue Tracker related to this:

    You could consider starring it in order to keep track of it and to help prioritizing it, but since it hasn't had much activity, I'd strongly suggest you to file a new one using this template.

    Related: