Script to remove all access to a user to all files in drive and shared drive?

[Mohamed Lrhazi]

Hello,

I could ask ChatGPT, but I don't trust robots :)

Anyone willing to share such a script?  Thank you so much.

- revoke all access granted (explicitly) to any file or folder in Drive, and in Shared/Team drive.

Thank you so much!

Mohamed.

[Mohamed Lrhazi]

I asked ChatGPT.... is it right?

[Mohamed Lrhazi]

To clarify, I am joking :) ChatGPT has no clue what it's talking about of course.

[Ross Scroggs]

Mohamed,

Here's the first part: files in drive

Advanced GAM solution

Get files explicitly shared with user

gam redirect csv ./TSUserSharedFiles.csv user us...@domain.com print filelist fields id,name,owners.emailaddress showownedby others

Delete ACLs for files shared by another user; ~owners.0.emailAddress is actual owner, ~Owner is target user

gam redirect stdout ./DeleteExplicitACLs.csv multiprocess redirect stderr stdout csv ./TSUserSharedFiles.csv gam user "~owners.0.emailAddress" delete drivefileacl "~id" "~Owner"

In the second part, are you talking about files that the user has access to as a member of a Shared Drive?

Ross

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAGF_jTCgHZFnM6Jbo09osb9F3vkV1m6mN59erZUa%2B0Zu75LR_Q%40mail.gmail.com.

--

Ross Scroggs

ross.s...@gmail.com

[Ross Scroggs]

Mohamed,

This will delete the user's access to all shared drives

Advanced GAM solution

Get Shared Drive which user can access

gam redirect csv ./UserSharedDrives.csv user us...@domain.com print shareddrives fields id,name

Delete user's Shared Drive access                                                                                                                                                                                                                               

gam redirect stdout ./DeleteSharedDriveAccess.csv multiprocess redirect stderr stdout csv ./UserSharedDrives.csv gam delete drivefileacl "~id" "~User"

Ross                                                                                                      

--

Ross Scroggs

ross.s...@gmail.com

[Mohamed Lrhazi]

Thank you so much Ross.

One thing am still missing, I think, is how to also remove any access excpilicity given to the user, on individual shared drives files or folders? 

Thanks,

Mohamed.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAJkvRS9rr_E4uG1%2BFpWiW5oDASZwLPqYXmpqPayLZON9gvP5jQ%40mail.gmail.com.

[Kim Nilsson]

Ross gave you that in the first response.

[Mohamed Lrhazi]

The command Ross gave me does not include files shared from shared drives, but even adding "corpora onlyteamdrives" results in different data and does not include "owners"...

It seems deleting ACLs on teamdrives  files/folders requires a different syntax....

On Sun, Feb 26, 2023 at 2:58 AM Kim Nilsson <there.is.no...@gmail.com> wrote:

Ross gave you that in the first response.

--

You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/d6faebff-2c67-417d-99df-0586d0a830een%40googlegroups.com.

[Mohamed Lrhazi]

Thanks a lot Ross. I think I can do what I need to do now.... which is: strip an account of all access to all drive/teamdrive objects, for which the user was granted access explicitly ( not via a group or via all-domain-users or any-one-with-link).

Still, am wondering if one could issue a single command, or maybe two, to return the list of such objects? meaning:

-- all objects for which the user has access

-- both in drive and shared drives (I also wonder if this includes any google docs, sheets, presentations..etc)

-- but only if access is granted explicitly to them.

Thanks,

Mohamed.

On Sun, Feb 26, 2023 at 2:58 AM Kim Nilsson <there.is.no...@gmail.com> wrote:

Ross gave you that in the first response.

--

You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/d6faebff-2c67-417d-99df-0586d0a830een%40googlegroups.com.

[Peter Smulders]

Hi Mohamed,

I think it should be possible to do what you are looking for. I couldn't readily make out a way to select for those specific permissions to use in a 'gam user Harry delete permissions etc' but in two steps you could:

1) list files for the whole corpora (which grabs EVERYTHING including orphans and whatnot) and list permissions. One of the permission fields is 'permissions.type', which according to the API is:

type
string
The type of the grantee. Valid values are:

• user
• group
• domain
• anyone

When creating a permission, if type is user or group, you must provide an emailAddress for the user or group. When type is domain, you must provide a domain. There isn't extra information required for the anyone type. : 

You can then use a script to filter the permissions.id where permissions.type = user --> delete that id.

I have posted a short while ago about a script mechanism to do exactly this kind of 'grab bunch of files and selectively do stuf to them". Look for it in the archive.

hth - Peter