Shared Drive reset all file sharing permissions for docs and folders inside drive
517 views
Skip to first unread message
Scott Lahney
Nov 8, 2023, 8:38:07 PM11/8/23
to GAM for Google Workspace
We have moved documents and folder from personal drives to a shared drive.
Disclaimer: This email message (and attachments) may contain information that is confidential to EXP. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. EXP accepts no liability for any damage caused by this email or its attachments due to viruses, interferences, interception, corruption or unauthorised access.
Please consider the environment before printing this email.
But want to remove the sharing permissions recursively from the individual files, so it pulls from the ACL attached to the root of that shared drive.
Is there a way to do this recursively using GAM to effecticly reset al lthe sharing permissions?
Cheers
Scott Lahney
Cheers
Scott Lahney
Disclaimer: This email message (and attachments) may contain information that is confidential to EXP. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. EXP accepts no liability for any damage caused by this email or its attachments due to viruses, interferences, interception, corruption or unauthorised access.
Please consider the environment before printing this email.
Ross Scroggs
Nov 9, 2023, 12:08:06 AM11/9/23
to google-ap...@googlegroups.com
Scott,
# Get list of non-inherited ACLs; this is slow as you have to get the ACLs on a file by file basis
gam redirect csv ./NonInheritedACLs.csv user orga...@domain.com print filelist select teamdriveid <TeamDriveID> fields id,name,mimetype,basicpermissions pm inherited false em pmfilter oneitemperrow
# Delete those ACLs
gam redirect stdout ./DeleteNonInheritedACLs.txt multiprocess redirect stderr stdout csv NonInheritedACLs.csv gam user "~Owner" delete drivefileacl "~id" "id:~~permission.id~~"
Send me a Meet/Zoom invitation on Thursday to discuss, I'm in California (PST) and am generally available starting at 7:30AM
Ross
--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/97ebf1c4-1a1e-4a72-8dc9-3a44c116ca3an%40googlegroups.com.
David Lee
Nov 30, 2023, 4:44:33 AM11/30/23
to GAM for Google Workspace
Just to say I found this useful. Did exactly what I was looking for. Many thanks.
David.
David.
Daniel Hawkins
Mar 26, 2024, 12:58:55 PM3/26/24
to GAM for Google Workspace
Thank you! Super helpful.
Jesvin George
May 9, 2024, 8:31:37 PM5/9/24
to GAM for Google Workspace
We have a similar situation.
We want to remove all internal and external sharing of files and folders in users' personal Drives so that only the user has access to them.
How to achieve this?
How to achieve this?
Jesvin
Ross Scroggs
May 10, 2024, 12:08:43 AM5/10/24
to google-ap...@googlegroups.com
# Get user's owned files in My Drive that are shared, i.e., have an ACL other that owner
gam redirect csv ./UserSharedFilePerms.csv user us...@domain.com print filelist fields id,name,mimetype,basicpermissions filepath orderby folder descending pm not role owner em pmfilter oneitemperrow
# Inspect UserSharedFilePerms.csv, verify that it has what you want
# Delete the ACLs
gam redirect stdout ./DeleteUserSharedFilePerms.txt multiprocess redirect stderr stdout csv ./UserSharedFilePerms.csv gam user "~Owner" delete drivefileacl "~id" "id:~~permission.id~~"
# There may be some errors when deleting an ACL from a folder if the same ACL was deleted from the containing folder.
# These are expected.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/98b654ef-2086-41e9-929b-5abcedd23ffcn%40googlegroups.com.
Message has been deleted
Ross Scroggs
May 10, 2024, 11:00:54 PM5/10/24
to google-ap...@googlegroups.com
You're runnimg Standard GAM, you'll need Adavnced GAM.
Ross
On May 10, 2024, at 7:23 PM, 'Jesvin George' via GAM for Google Workspace <google-ap...@googlegroups.com> wrote:Thank you, Ross.I got the below error.ERROR: redirect is not a valid argument for "gam"
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/85d629a0-930e-4483-ad27-e12546d3b61fn%40googlegroups.com.
Jesvin George
Jun 4, 2024, 5:43:05 AM6/4/24
to GAM for Google Workspace
Thank you, Ross.
I have come up till generating the csv file. However, I am not sure how to remove the sharing of all these folder/files.
# Delete the ACLs
gam redirect stdout ./DeleteUserSharedFilePerms.txt multiprocess redirect stderr stdout csv ./UserSharedFilePerms.csv gam user "~Owner" delete drivefileacl "~id" "id:~~permission.id~~"
There are numerous "~id" on the 30,000 rows in my csv. Does permission.id in the cmd line means I keep it as is or replace the and permission.id with the numbers in the csv? Then there are even more of that :)
To remove the sharing of all files and folders in the Drive, what is the best solution?
Regards
Jesvin
On Friday, May 10, 2024 at 2:08:43 PM UTC+10 Ross Scroggs wrote:
Ross Scroggs
Jun 4, 2024, 10:15:43 AM6/4/24
to google-ap...@googlegroups.com
Jesvin,
Each row should have one id column which is the file Id and one column permission.id whcih identifies the ACL.
Do you see something different?
Send me a Meet/Zoom invitation and I'll help.
Ross
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/6ba767fa-5067-49aa-a2fe-d80f68cdcd38n%40googlegroups.com.
Jesvin George
Jun 19, 2024, 10:27:42 PM6/19/24
to GAM for Google Workspace
Update:
With exceptional help from Ross, I could remove users' sharing ACLs for tens of thousands of files. I could not have done it without Advanced GAM.
I am sharing the commands here for others.
Problem: The Google Admin console does not have an inbuilt solution to remove end users' Drive sharings. Users may have shared many files internally and externally over the years. Since Google do not have facilitate expiry links for external sharing, the security risk is high.
Solution: Use the commands below in Advanced GAT for individual users.
The first step is to generate a CSV file listing the target user's shared files. Depending on the number of shared files, this can take minutes to days.
gam redirect csv ./JohnSmithUserSharedFilePerms.csv user john...@contoso.com print filelist fields id,name,mimetype,basicpermissions filepath orderby folder descending pm not role owner em pmfilter oneitemperrow
Discuss the security risk and ACL removal implications with the end user, get permission to remove the sharings, and then delete the ACLs based on the above-generated CSV.
After running the below command is successful, only the endusers will have access to all the files in their Drive.
gam config num_threads 20 redirect stdout ./JohnSmithdeleteacl.txt multiprocess redirect stderr stdout csv ./JohnSmithUserSharedFilePerms.csv gam user "~Owner" delete drivefileacl "~id" "id:~~permission.id~~"
Once the ACLs are deleted as per the above command, run the below command to verify the sharings. It is the same as the first command except for the CSV name change to keep a history.
gam redirect csv ./JohnSmith2UserSharedFilePerms.csv user john...@contoso.com print filelist fields id,name,mimetype,basicpermissions filepath orderby folder descending pm not role owner em pmfilter oneitemperrow
Repeat for other users.
On a few occasions, the ACL delete command was not successful or partially successful. In that case, I had to keep running the above commands two or three times.
I hope this will be helpful for someone.
Cheers
Jesvin
Zbigniew Noszka
Oct 1, 2024, 6:39:41 AM10/1/24
to GAM for Google Workspace
Hi Ross,
I would like to use the command below, but I'm having trouble with the syntax, could you take a look?
# Get list of non-inherited ACLs; this is slow as you have to get the ACLs on a file by file basis
gam redirect csv ./NonInheritedACLs.csv user orga...@domain.com
print filelist select teamdriveid <TeamDriveID> fields
id,name,mimetype,basicpermissions pm inherited false em pmfilter
oneitemperrow
C:\gamadv-xtd3>gam redirect csv ./NonInheritedACLs.csv user zbig...@xyz.com print filelist select teamdriveid 123456789 fields id,name,mimetype,basicpermissions pm inherited false em pmfilter oneitemperrow
Command: gam redirect csv ./NonInheritedACLs.csv user zbig...@xyz.com print filelist select teamdriveid 123456789 fields "id,name,mimetype,basicpermissions" pm >>>inherited<<< false em pmfilter oneitemperrow
Command: gam redirect csv ./NonInheritedACLs.csv user zbig...@xyz.com print filelist select teamdriveid 123456789 fields "id,name,mimetype,basicpermissions" pm >>>inherited<<< false em pmfilter oneitemperrow
Ross Scroggs
Oct 1, 2024, 9:59:02 AM10/1/24
to google-ap...@googlegroups.com
What is gam verwion?
Ross
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/077a3a76-80cb-48cf-8f5e-86161600fd1cn%40googlegroups.com.
Zbigniew Noszka
Oct 1, 2024, 10:06:24 AM10/1/24
to google-ap...@googlegroups.com
GAMADV-XTD3 6.32.00 - https://github.com/taers232c/GAMADV-XTD3 - pyinstaller
Ross Scroggs <ross.s...@gmail.com>
Python 3.11.2 64-bit final
Windows 10 10.0.20348 SP0 Multiprocessor Free AMD64
Ross Scroggs <ross.s...@gmail.com>
Python 3.11.2 64-bit final
Windows 10 10.0.20348 SP0 Multiprocessor Free AMD64
You received this message because you are subscribed to a topic in the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/7n12Ro0njQE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/4F384DEE-C434-41D4-A53F-637A5CC2F218%40gmail.com.
--
--
Pozdrawiam,Ross Scroggs
Oct 1, 2024, 10:24:52 AM10/1/24
to google-ap...@googlegroups.com
That's about 200 versions out of date, you need to update to the current version 7.00.10.
Ross
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CANE3VmtaKdp_Ctn9OS%2BLWX5iz9TtzeOF1KCjFqto9BZvSCMcPw%40mail.gmail.com.
Zbigniew Noszka
Oct 2, 2024, 6:26:48 AM10/2/24
to GAM for Google Workspace
Scott, everything is working as it should!
I mixed up the environments and I'm using a very old version of GAM.
Simple mistake on my part. Sorry.
Reply all
Reply to author
Forward
0 new messages