Moving My Drive files to a Shared Drive and retaining permissions

[Martin Hawksey]

Hello,

I had a search of the forum and didn't come across this exact scenario. Looking for a little sanity check on My Drive to Shared Drive single file moves and permission inheritance.

I found this documentation which states:

Moving files into a shared drive does not affect sharing permissions or user roles, such as Editor or Viewer, set directly on the file. However, file permissions inherited from the folder the file was in aren’t copied 

Testing with GAMADV-XTD3 6.67.18 with the following command:

gam user <userEmail> move drivefile <fileID> teamdriveparentid <sharedDrive>

The observed behaviour is the same as documented for the Drive UI, only ACLs directly added to the file are copied, any permissions applied to the parent folder are not copied.

Looking at the GAMADV wiki for moved file permissions my understanding is that there are no additional parameters to force the copying of the parent folder permissions for single file moves. Is this correct?  

Many thanks

Martin

[Ian Crew]

Hi Martin:

I can’t confirm definitively, but I’m guessing this is because Shared Drives use additive or “waterfall” permissions, so there are a lot of permissions that really couldn’t be mapped from myDrive in any sort of logical manner. Give that difference, I do think it’s generally sensible to rethink permissions as stuff is moved to a Shared Drive. 

Just my 2 cents, perhaps someone more knowledgeable than me can comment for sure.

Cheers,

Ian

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/6dbe35b7-4ee5-4754-9916-c0243f6ea120n%40googlegroups.com.

[Brian Kim]

In My Drive, Drive API cannot distinguish whether a permission of a file is set directly on a file or a parent folder. In Shared Drive, inherited permissions have a flag.

I think it may also something to do with difference between 4-permission model (Owner, Writer, Commenter, Viewer) for My Drive, and 5-permission model (Manager, Content Manager, Contributor, Commenter, and Viewer) for Shared Drive, and why it was such a challenge for Google to work out a way to allow folder sharing in Shared Drive, but unfortunately those details have not been shared (but I would be interested to learn about).

I think listing permissions of each file before the move is probably beneficial, so it can be re-applied if necessary if missing after the move, and why there aren't many commercially available tools that support "moving" of files from My Drive to Shared Drive. (unsure how folgo handles it)

[Martin Hawksey]

Thanks both for the input - it's helped with a direction on this.

As it's mainly inactive archived content it sounds like it will be more practical to record current acls, then move files to the shared drive and remove acls other than the Shared Drive members, then respond to any access requests as needed

Cheers

Martin