Removing access via GAM

2,544 views
Skip to first unread message

Simon Lee

unread,
Mar 8, 2021, 10:32:42 AM3/8/21
to GAM for Google Workspace
I have a list of 1000 or so file IDs that I need to change, so I thought - great - GAM will do it.

I need to remove the 'Anyone in this group with this link can view', as there are some documents that have been shared with the entire organisation that shouldn't have been.

I ran a test on a document that I own and got the following output:

user@cloudshell:~$ gam user file....@domain.co.uk delete drivefileacl xxxfileIDxxx anyonewithlink
User: file....@domain.co.uk, Delete 1 Drive File/Folder ACL
  User: file....@domain.co.uk, Drive File/Folder ID: xxxfileIDxxx, Permission ID: anyoneWithLink, Does not exist

The file definitely exists. Is this the wrong parameter to be feeding in?

Ross Scroggs

unread,
Mar 8, 2021, 11:02:13 AM3/8/21
to google-ap...@googlegroups.com
Simon,

The error message is telling you that the ACL anyonewithlink doesn't exist.

# ACL does not exist                                                                                                                                                                                                                                 

$ gam user testsimple delete drivefileacl 123456iz7wpgUyL66ge4UhKQye3ZZWsitOssCZwrwB8o anyonewithlink

User: tests...@domain.com, Delete 1 Drive File/Folder ACL

  User: tests...@domain.com, Drive File/Folder ID: 123456iz7wpgUyL66ge4UhKQye3ZZWsitOssCZwrwB8o, Permission ID: anyoneWithLink, Does not exist

# File does not exist                                                                                                                                                                                                                                

$ gam user testsimple delete drivefileacl xxx123456iz7wpgUyL66ge4UhKQye3ZZWsitOssCZwrwB8o anyonewithlink

User: tests...@domain.com, Delete 1 Drive File/Folder ACL

  User: tests...@domain.com, Drive File/Folder ID: xxx123456iz7wpgUyL66ge4UhKQye3ZZWsitOssCZwrwB8o, Delete Failed: Does not exist


Ross


**********************************************************************
This email is confidential and may contain copyright material of the John Lewis Partnership.
If you are not the intended recipient, please notify us immediately and delete all copies of this message.
(Please note that it is your responsibility to scan this message for viruses). Email to and from the
John Lewis Partnership is automatically monitored for operational and lawful business reasons.
**********************************************************************

John Lewis plc
Registered in England 233462
Registered office 171 Victoria Street London SW1E 5NN

Websites: https://www.johnlewis.com
http://www.waitrose.com
https://www.johnlewisfinance.com
http://www.johnlewispartnership.co.uk

**********************************************************************

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/08ea3573-0c21-4d3e-aa69-1e9673700c3fn%40googlegroups.com.


--

Simon Lee

unread,
Mar 8, 2021, 11:19:09 AM3/8/21
to GAM for Google Workspace
Right... except it does, unless it's a different parameter... It's a document shared with everyone in the organisation.Annotation 2021-03-08 161704.png.

Ross Scroggs

unread,
Mar 8, 2021, 11:20:53 AM3/8/21
to google-ap...@googlegroups.com
Simon,

After applying more brain power, I see that you're getting the message because the file is shared with your domain, not anyone.
The phrase 'Anyone in this group with this link can view' doesn't refer to groups but to domains.
On any one of the files do the following and get the permission id (labelled id) for the domain ACL
gam user file....@domain.co.uk show drivefileacls xxxfileIDxxx
...

    Test School (2/3)

      id: 12316609197701968852k

      type: domain

      domain: testschool.org

      role: reader

      allowFileDiscovery: False

...


Then do:

gam user file....@domain.co.uk delete drivefileacl xxxfileIDxxx id:12316609197701968852k


Ross

--

Simon Lee

unread,
Mar 9, 2021, 9:20:59 AM3/9/21
to GAM for Google Workspace
That did the trick!
Well... for the most part.

Doesn't appear to work for files stored on a Shared Drive though. Do you know a way to do it?

Reply all
Reply to author
Forward
0 new messages