Issue removing domain link shared ACLs

[Simon Smart]

Hi Folks

Having an issue using GAM to remove link sharing permissions. Here's the setup:

An 'Examp...@example.com' has 3 files that are domain link shared:
1 x Anyone in the domain can view

1 x Anyone in the domain can comment

1 x Anyone in the domain can comment

First step... find all the user's domain linkshared files:
gam redirect csv DomainWithLink.csv user ExampleUser print filelist fields id,name,permissions pm type domain withlink true

Side note: The above command only works writing to .csv for some reason...
Using the following results in an error: 
gam user ssmart print filelist fields id,name,permissions pm type domain withlink true todrive

Error: 
Command: /home/ssmart/bin/gamadv-xtd3/gam user ExampleUser print filelist fields "id,name,permissions" pm type domain withlink true >>>todrive<<<

ERROR: Invalid argument
Help: Syntax in file /home/ssmart/bin/gamadv-xtd3/GamCommands.txt
Help: Documentation is at https://github.com/taers232c/GAMADV-XTD3/wiki

Anyway... so we have the .csv with all the domain link shared files now. (view, comment and edit). We now want to remove all the domain link shared ACLs. So I've used the following command:
gam csv DomainWithLink.csv gam user ExampleUser delete drivefileacl ~id domainwithlink

GAM Accepts the command and begins to run however for each attempt at removing the permission it results in the following error:
User: Examp...@example.com, Delete 1 Drive File/Folder ACL

  User: Examp...@example.com, Drive File/Folder ID: 1Jg-jHg93z-9UXue2Rv-8SEljOV1Y-1z17g2PU3g8MiU, Permission ID: 14446376714780686973i, Does not exist

GAM is looking for the permission ID '14446376714780686973i' on every file but not finding it. Checking the output from the CSV earlier it looks like the permission ID across all the files is actually '14950697747332164386k'

Think Google might have changed this value at some point and GAM is using the older one?

Anyway any insight on the error otherwise guidance on best practice moving forward if I'm doing this wrong would be appreciated.

Thanks in advance

Simon

[Ross Scroggs]

Simon,

There are several issues here.

<PermissionMatch> ::=

        permissionmatch|pm [not]

            [type anyone|user|group|domain] [role|notrole <DriveFileACLRole>] [allowfilediscovery|withlink <Boolean>]

            [emailaddress <RegularExpression>] [name|displayname <String>]

            [domain|notdomain <RegularExpression>] [domainlist|notdomainlist <DomainNameList>]

            [expirationstart <Time>] [expirationend <Time>]

            [deleted <Boolean>]

        endmatch|em

gam redirect csv DomainWithLink.csv user ExampleUser print filelist fields id,name,permissions pm type domain withlink true

gam user ssmart print filelist fields id,name,permissions pm type domain withlink true todrive

You have left off the closing endmatch|em in both commands; you get away with it in the first command as there

are no more parameters; you get an error in the second command as there are additional parameters.

You aren't deleting the correct id.

gam csv DomainWithLink.csv gam user ExampleUser delete drivefileacl ~id domainwithlink

domainwithlink is not a valid permission id

You want something like this to references the actual permission id.

gam csv DomainWithLink.csv gam user ExampleUser delete drivefileacl ~id "id:~~permissions.x.id~~"

As the file may have multiple ACLs (permissions) you don't know what x is.

For a complete solution see: https://github.com/taers232c/GAM-Scripts3/blob/master/GetSharedWithDomainDriveACLs.py

Ross

--

ross.s...@gmail.com

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/53504135-eed8-42f6-9181-dca6edcfb99cn%40googlegroups.com.

[Simon Smart]

Hey Ross

Ledge as always. Thanks for the assist.