How to get a list of Shared Drives and their ACL?

[Richard Cooke]

My users have been busy!  I just realised we have gone from zero to 40 Shared Drives almost over night!

This is great. But now I need to produce a list of them, who created them (and when), plus their top level ACL (who has what level of access to them). It seems some have just a few users on them.  Some use group names like "everyone@" for view access.

I tried digging through previous posts and found a link to :

https://github.com/taers232c/GAM-Scripts3/blob/master/GetTeamDriveFileACLs.py

Am I going in the right direction?  At first glance this script does not appear to produce what I'm looking for - it seems to be about the files on the shared drives.

I thought there would be a command or example or script for exactly what I'm looking for.  Surely I am not the only person who needs to monitor security on Shared Drives?

Thanks in Advance!

[Gabriel Clifton]

Have you looked at just printing them out without the Python script?

https://github.com/taers232c/GAMADV-XTD3/wiki/Shared-Drives#examples-2

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/9e817f15-896c-409b-a180-4a4c4a55e3ecn%40googlegroups.com.

--

Gabriel Clifton | Network Administrator

Fort Stockton ISD | Technology Center

gabriel...@fsisd.net | http://www.fsisd.net

Office (432) 336-4055 Ext 2

Fax (432) 336-4050

1204 W. Second St., Fort Stockton, TX 79735

Please note: Although we sometimes respond to email, text, and phone calls instantly at all hours, our regular support hours are 8:00 AM - 5:00 PM, Monday through Friday.

We may need to wait until the next school day to address your issue. All issues are taken care of on a first-come, first-served basis, depending on severity, and problems with proper work orders submitted are handled first.

Confidentiality notice: The contents of this email message and any attachments are intended solely for the addressee(s), may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited.

[Maj Marshall Giguere]

Richard;

First and foremost. I never, ever advise granting users permission to create shared drives.  It can, as you're finding out, explode into a management nightmare in short order.

To just get a list of all of your share/team drives you can use this simple advanced GAM command:

gam redirect csv ./allmyshareddrives.csv print teamdrives fields id,name

To get a list of all your shared drives and their acls try this advanced gam command 

gam config csv_output_header_filter "id,name,permission.emailaddress,permission.role,createdtime" redirect csv ./allmydrives.csv print teamdriveacls oneitemperrow

The above will give you a csv file with all the shared drives and the roles (acls) one acl per row.

Hope this is helpful,

Maj Marshall E Giguere
NH Wing Director of IT
Civil Air Patrol, U.S. Air Force Auxiliary
(M)  978.842.1547
GoCivilAirPatrol.com
nhwg.cap.gov

Volunteers serving America's communities, saving lives, and shaping futures.

Maj Marshall E Giguere
NH Wing Director of IT
Civil Air Patrol, U.S. Air Force Auxiliary
GoCivilAirPatrol.com
nhwg.cap.gov
Volunteers serving America's communities, saving lives, and shaping futures.

[Richard Cooke]

@Garbirel - thanks for that wiki page!  I could not find it!  I knew there had to be one for the Team Drive commands someplace...

I was playing with the teamdrives command first.  

Then as @Marsh posted I found the method to list all Shared Drives in the top of the scirpt file.  But not how to get/sort the ACLs.

Marsh's suggested command is 90% of what I need!  

The only thing I still have not figured out is how to get the "created by" name in the output too.  I see "created date".  so close...

I also have to make a "translation" list for he role names.

organizer = manager

read = view only

etc.

[Maj Marshall Giguere]

Rich;

The only way to see who created the drive would be to look in the drive events log using the created time and the appropriate event name.  Looks like a "create" event and the docType would be "Share drive".  You also need to keep in mind Google only keeps the previous 180 days of events in the logs.  So I'm thinking something like this:

gam config csv_output_row_filter "doc_type:regex:'^shared_'" report drive event create

You can limit the search by date.  The fields of interest for you would be the "actor.email" , "doc_id" and "doc_title"

Note this is not a fast process.

Maj Marshall E Giguere
NH Wing Director of IT
Civil Air Patrol, U.S. Air Force Auxiliary
GoCivilAirPatrol.com
nhwg.cap.gov
Volunteers serving America's communities, saving lives, and shaping futures.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/ac8039c7-85d6-47bb-8823-6d9710159cb0n%40googlegroups.com.

[Maj Marshall Giguere]

Rich;

A more refined version of the previous

gam config csv_output_row_filter "doc_type:regex:'^shared'" csv_output_header_filter "name,actor.email,doc_id,doc_title" report drive event create

Maj Marshall E Giguere
NH Wing Director of IT
Civil Air Patrol, U.S. Air Force Auxiliary
GoCivilAirPatrol.com
nhwg.cap.gov
Volunteers serving America's communities, saving lives, and shaping futures.