Remove all Drive ACLs when owner is a specific user
121 views
Skip to first unread message
Matt Broughton
Oct 4, 2024, 6:17:23 AM10/4/24
to GAM for Google Workspace
Hi all,
I want to remove all ACLs when the owner is a specific user (or better, a group of users). The command below works, but it is painfully slow and will take forever with a group of 10 users with 100 GB or more each.
Does anyone have an suggestions for speeding this up? Either though using multiple processes or streamlining the command?
gam group <email> print filelist allfields | tail -n +2 | awk -F, '{print $2}' | while read fileID; do
gam group <email> show drivefileacl $fileID | grep "id:" | awk '{print $2}' | while read permissionID; do
gam group <email> delete drivefileacl $fileID "id:$permissionID"
done
done
gam group <email> show drivefileacl $fileID | grep "id:" | awk '{print $2}' | while read permissionID; do
gam group <email> delete drivefileacl $fileID "id:$permissionID"
done
done
Cheers,
Matt
Ross Scroggs
Oct 4, 2024, 10:41:02 AM10/4/24
to google-ap...@googlegroups.com
# Get all of the non-owner ACLs for members of the group, do in parallel
gam config auto_batch_min 1 num_threads 10 redirect csv ./NonOwnerACLs.csv multiprocess redirect stderr - multiprocess group gr...@domain.com print filelist fields id,name,mimetype,basicpermissions pm not role owner em pmfilter oneitemperrow# Delete those ACLs. You will see errors because when a folder ACL is deleted Google deletes the ACL from its children and GAM gets as error
# when it tries to delete that ACLs.
gam config num_threads 25 redirect stdout ./DeleteNonOwnerACLs.csv multiprocess redirect stderr stdout csv NonOwnerACLs.csv gam user "~User" delete drivefileacl "~id" "id:~~permission.id~~"
# You can rerun the first command and should get an empty (except for header) output file
Ross
--2-100-1 Kominato-cho, Naka-ku, Yokohama, 231-0802 Japan
YOKOHAMA INTERNATIONAL SCHOOL
tel +81.45.622.0084 www.yis.ac.jp
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/1139f5dc-d88e-4314-928c-7f8c2bda6ec5n%40googlegroups.com.
Ross Scroggs
Dierk Polzin
Oct 4, 2024, 11:12:59 PM10/4/24
to GAM for Google Workspace
Perfect... this seems updated from the last few years..
for i, row in enumerate(my_list[start:stop]):
err = process.stderr.decode('ascii')
print(f" gam out = {out_gam}")
I was just running this today for my holding account and finding problems.
In a step before I move all files shared with others into a holding account.
cmd = f"create datatransfer {row} gdrive {target_acct} privacy_level shared"
args = [GAM_PATH] + shlex.split(cmd)
try:
process = subprocess.run(args, check=True, capture_output=True)
except subprocess.CalledProcessError as e:
print(f"error e.output -- {format(e.output)}")
out_gam = process.stdout.decode('utf8')try:
process = subprocess.run(args, check=True, capture_output=True)
except subprocess.CalledProcessError as e:
print(f"error e.output -- {format(e.output)}")
err = process.stderr.decode('ascii')
print(f" gam out = {out_gam}")
Dierk Polzin
Oct 4, 2024, 11:27:04 PM10/4/24
to GAM for Google Workspace
Should be ~Owner not ~User
gam config num_threads 25 redirect stdout ./DeleteNonOwnerACLs.csv multiprocess redirect stderr stdout csv NonOwnerACLs.csv gam user "~Owner" delete drivefileacl "~id" "id:~~permission.id~~"
~User is not a field in the NonOwnerACLs.csv file.
Ross Scroggs
Oct 5, 2024, 10:07:53 AM10/5/24
to google-ap...@googlegroups.com
My apologies.
Ross
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/d42fd264-f82d-4b6c-b26a-d0055c092642n%40googlegroups.com.
Ross Scroggs
Matt Broughton
Oct 7, 2024, 9:08:34 PM10/7/24
to google-ap...@googlegroups.com
Hello Ross and Dierk,
This is fantastic and exactly what we are looking for. Thank you very much.
Matt
You received this message because you are subscribed to a topic in the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/_Bd8XfTf-WY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAJkvRS90STVjr7kL7qTmNL4ELNzjQ3-8rd5upr04q6LwKY_1pQ%40mail.gmail.com.
Sebastian Porada
Oct 24, 2024, 7:21:07 AM10/24/24
to GAM for Google Workspace
Hello,
Enxoo sp. z o.o. may be the controller of personal data of the addressees of this message. Detailed information about the purposes and principles of processing and about your rights is available here.
thank you for sharing this script, I found it very helpful.
Do you have idea how to limit results to files located only on these users My Drives?
Seb
Enxoo sp. z o.o, with its registered office in Warsaw, ul, Al. Jerozolimskie 123A, (02-017) Warsaw, entered into the Register of Entrepreneurs of National Court Register, held by the District Court of the Capital City of Warsaw in Warsaw, XII Commercial Division of National Court Register, under the KRS number: 0000404111, Tax ID (NIP): 1132851882, National Business Registry Number (REGON) 145907609, share capital PLN 100 000, tel.+4822 1151500
Enxoo sp. z o.o. may be the controller of personal data of the addressees of this message. Detailed information about the purposes and principles of processing and about your rights is available here.
Reply all
Reply to author
Forward
0 new messages