Custom Shared Drive folder permissions

[Temple Rodgers]

We have around 40 shared drives which have top-level folders that can be accessed by specific individuals. Is it possible to give permission to allow that user to move a file but not to delete it? I realise that "move" can be "copy and delete" sometimes - but my understanding is that "move" in the context of a shared drive just changes its owner.

Anyway, in sum:

1. I would like to grant a permission to a user so that they can move a file from <shared drive 1/folder 1> to <shared drive 2/folder 2> 
2. If 1 is successful then the file will not be present in <drive 1/folder 1> after the operation
3. but they cannot delete the file on <shared drive/folder 1> ... is that possible?

Thank you as always!

[Brian Kim]

Both moving from Shared Drive to another or trashing a file require manager access. Moving items from root of Shared Drive to another Shared Drive (internal or external) is as simple as updating a parent of a file as a manager. If you don't want to give your users Manager access, you can get a list of items they need moved, and use GAM to do it in bulk. 

https://groups.google.com/g/google-apps-manager/c/27Fj9p1PwXE/m/lEnGN718BwAJ

https://support.google.com/a/answer/7337554?hl=en

[Temple Rodgers]

thank you @the.br.... yes, agreed, we could use GAM. I was hoping that there would be some kind of custom permission we might be able to apply using GAM, so that we could allow the users to move but not to delete. 
Temple

[Maj Marshall Giguere]

FWIW when faced with this situation I created a new admin role "Mover" which has only one privilege: the ability to move files and folders to shared drives.  I assign the role to whoever needs it, usually with a specified time limit.  I would just go right to the admin console, create the role and assign as necessary.  Doing this with GAM is probably possible: https://github.com/taers232c/GAMADV-XTD3/wiki/Administrators but I'm not sure and you would really have to get into the weeds with the BNF and API doc's to try and sus it out. There is no admin level privilege, that I'm aware of, that restricts a user from deleting files, those privileges are managed based on membership on a particular drive.

That's my 2 cents worth.  Your mileage may vary.

-Marsh

--

Maj Marshall E Giguere

NH Wing Director of IT

Nashua Composite Squadron IT Officer

Civil Air Patrol, U.S. Air Force Auxiliary

GoCivilAirPatrol.com

nhwg.cap.gov

Volunteers serving America's communities, saving lives, and shaping futures.

Disclaimers apply, for full details see: https://hackney.gov.uk/email-disclaimer

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/b86436d7-616e-449c-809a-54d839b95cccn%40googlegroups.com.

[Temple Rodgers]

Thank you Major! That's spot on! I'll ask one of our supers to create the role. Ross concurs with your advice - not sure of his rank but I'll bet he's got a few stars and I owe him several medals!!

Great job

Temple

You received this message because you are subscribed to a topic in the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/_XsKfttDhCM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CADSK1vt4%3DuvUqoiHbZ16yC6GafF-ziqLUoLjJwAL0LfY%2B3iU4A%40mail.gmail.com.

[Maj Marshall Giguere]

Please, just "Marsh", CAP has certain requirements for a sigblock.  In the GAM world Ross outranks me, I'm guessing  GAM Lt Gen at least :D

You might be interested to know that CAP has an active cadet exchange program with British CAP, and our wing has hosted cadets from the UK several times.

-Marsh

--

Maj Marshall E Giguere

NH Wing Director of IT

Nashua Composite Squadron IT Officer

Civil Air Patrol, U.S. Air Force Auxiliary

GoCivilAirPatrol.com

nhwg.cap.gov

Volunteers serving America's communities, saving lives, and shaping futures.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CACsN1_PO6iuxXwu5cVM%2BTj0r9wfrHrTx1RZ%2B6x80c9G%2B-uc3Og%40mail.gmail.com.

[Temple Rodgers]

we've created the single permission as described but the "move" option on the context menu is still grayed out. I tried with the users' permissions set to "Contributor" at a folder level and also a drive level but still no joy.

The "migration settings" are Checked and all boxes on the shared drive settings in Admin console are checked.

Any thoughts?

[Maj Marshall Giguere]

Have you assigned the role to an actual user, also I think the user must be an organizer/manager on the drive in question.  I did this a few years ago when teamdrives were a new thing.

-Marsh

Maj Marshall E Giguere

NH Wing Director of IT

Nashua Composite Squadron IT Officer

Civil Air Patrol, U.S. Air Force Auxiliary

(M) 978.842.1547

GoCivilAirPatrol.com

nhwg.cap.gov

Volunteers serving America's communities, saving lives, and shaping futures.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/308b686b-caf7-4e3a-b6aa-df48d14c9fccn%40googlegroups.com.