GAM Drive ACL of a folder within Shared Drive.

2,130 views
Skip to first unread message

Maciej Latusek

unread,
Nov 9, 2022, 6:16:31 PM11/9/22
to GAM for Google Workspace
So I can find out the ACL of a shared drive e.g. using 
gam print drivefileacls 0AIMuZ2V9Axddsds9PVA oneitemperrow fields displayname,emailaddress,role todrive

But when I try to run the same for the folder inside that Shared Drive I get an error
 Shared drive not found: 1hzLtmkE_aOczn-wefetCTmgj_Rh3t3

I think the issue is that the owner of this sub folder is shareddrive and not superadmin. But I was not able to find any documentation to address this. Basically I need to find out the ACL of a folder located inside a shareddrive.

Ross Scroggs

unread,
Nov 9, 2022, 6:27:12 PM11/9/22
to google-ap...@googlegroups.com
Maciej,

The super admin can see the ACLs at the top of  Shared Drive but not the files and folders within unless the admin is also an organizer of the Shared Drive.
You need an organizer/manager of the Shared Drive.
gam user orga...@domain.com print drivefileacls 0AIMuZ2V9Axddsds9PVA oneitemperrow fields displayname,emailaddress,role todrive

Ross

Confidentiality Notice: 
This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED.  If you have received this transmission in error, please immediately notify the sender. Please destroy the original transmission and its attachments without reading or saving in any manner.

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/f221a7f6-185a-4761-b3aa-50d3446bbd0en%40googlegroups.com.


--

Maciej Latusek

unread,
Nov 9, 2022, 6:31:28 PM11/9/22
to GAM for Google Workspace
Thanks for Quick Answer when I run 
gam show ownership  0AIMuZ2V9Axddsds9PVA

I get the response that the owner of this folder is a Share Drive so how can I find who is the organizer?

When I go to GUI of Drive I can see in details the creator of this folder so I would assume this is the organizer? If yes, what to do if this guy is gone from the company? 

Ross Scroggs

unread,
Nov 9, 2022, 6:45:02 PM11/9/22
to google-ap...@googlegroups.com
gam show drivefileacls <PutSharedDriveIDHere>

Ross

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/b38f8e4e-9e89-4a3f-af14-4685116de02dn%40googlegroups.com.


--

Maciej Latusek

unread,
Nov 10, 2022, 10:55:17 AM11/10/22
to GAM for Google Workspace
So 

The Shared Drive (top level) has folders inside. I still didn't find a solution to find ACL of those folders inside.

So let's say I run
gam show drivefileacls 1hzLtmkE_aOczn-wefetCTmgj_Rh3t3 (sub folder of the Top Level Shared Drive)

I get 
 User: ad...@domain.com, Shared Drive: 1hzLtmkE_aOczn-CF2jrtCTmgj_Rh3tR5, Show Failed: Shared drive not found: 1hzLtmkE_aOczn-wefetCTmgj_Rh3t3

I understand that those folders are no controlled by ad...@domain.com, but should this be an issue? I mean superadmins over Domain Wide Delegation should have access to each drive file in the domain? If not, how can I get the ACL of those subfolders using GAM?

Regards
Maciej

Ross Scroggs

unread,
Nov 10, 2022, 10:59:03 AM11/10/22
to google-ap...@googlegroups.com
Super admins can not see the files/folders inside a Shared Drive unless they are an organizer/manager.


Ross

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/fe29cfac-3906-430f-8e0c-d2f755b37427n%40googlegroups.com.


--

Maciej Latusek

unread,
Nov 10, 2022, 11:03:49 AM11/10/22
to GAM for Google Workspace
Got it. 

Just a question about the script. 

FILE_NAME = 'name' >> this requires ID or name of the Shared Drive? Or work with both?

Ross Scroggs

unread,
Nov 10, 2022, 11:09:25 AM11/10/22
to google-ap...@googlegroups.com
Maciej,

Do not change that line. Here are the relevant notes:

# Specific Team Drives                                                                                                                                                                                                                               

# 7: If you want file ACLs for specific Team Drives make a CSV file TeamDrives.csv                                                                                                                                                                   

#    with three columns (organizer,id,name) that show an organizer, Team Drive ID and Team Drive Name                                                                                                                                                

# 8: Get ACLs for all team drive files                                                                                                                                                                                                               

#  $ gam redirect csv ./filelistperms.csv multiprocess csv ./TeamDrives.csv gam user "~organizer" print filelist select teamdriveid "~id" fields teamdriveid,id,title,permissions     


Send me a Meet/Zoom invitation and I'll help.


Ross                                                               


To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/f67827b8-dc96-499a-bbe0-dd2997676484n%40googlegroups.com.


--

Maciej Latusek

unread,
Nov 10, 2022, 11:38:19 AM11/10/22
to GAM for Google Workspace

When I run this code I get 
  File "GetTeamDriveOrganizers.py", line 79
    if NON_INHERITED_ACLS_ONLY and str(row.get(f'permissions.{permissions_N}.permissionDetails.0.inherited', False)) == 'True':
                                                                                                                                                                                                      ^
SyntaxError: invalid syntax

Maciej Latusek

unread,
Nov 10, 2022, 11:48:37 AM11/10/22
to GAM for Google Workspace
Syntax checker also reports it.
2022-11-10 17_46_04-Python Code Checker - Online syntax check.png

Ross Scroggs

unread,
Nov 10, 2022, 12:01:01 PM11/10/22
to google-ap...@googlegroups.com
That line should be:

      if NON_INHERITED_ACLS_ONLY and str(row.get(f'permissions.{permissions_N}.permissionDetails.0.inherited', False)) == 'True':


Ross


To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/4ec63fad-2edc-4997-9892-ac3a10e07c66n%40googlegroups.com.


--

Maciej Latusek

unread,
Nov 10, 2022, 12:14:08 PM11/10/22
to GAM for Google Workspace
2022-11-10 18_11_42-Python Code Checker - Online syntax check.png
Still the same

Ross Scroggs

unread,
Nov 10, 2022, 12:22:50 PM11/10/22
to google-ap...@googlegroups.com
What is your Python version?
python -V
python3 -V

Ross

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/927c516a-7909-4485-9327-5b8b05572befn%40googlegroups.com.


--

Maciej Latusek

unread,
Nov 10, 2022, 1:08:32 PM11/10/22
to GAM for Google Workspace
Python 2.7.13
and 
Python 3.5.3

Ross Scroggs

unread,
Nov 10, 2022, 1:10:24 PM11/10/22
to google-ap...@googlegroups.com
You need Python 3.6 or later, current is 3.11.

The line that is failing uses a f string which was introduced in 3.6

Ross

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/c5745e71-cc58-48ff-a9b6-24a0ea0dc37an%40googlegroups.com.


--

Maciej Latusek

unread,
Nov 10, 2022, 2:24:27 PM11/10/22
to GAM for Google Workspace
Heh, ok I am updating now. I am just wondering why the online checker was throwing an error? They didn't update their Python? :)

Maciej Latusek

unread,
Nov 10, 2022, 2:55:51 PM11/10/22
to GAM for Google Workspace
So I am on Python 3.10 now, and guess what? 

Maciej Latusek

unread,
Nov 10, 2022, 2:57:30 PM11/10/22
to GAM for Google Workspace

nvm... now i understand i need to run 
python3.10 GetTeamDriveOrganizers.py TeamDriveACLs.csv TeamDrives.csv TeamDriveOrganizers.csv instead

Maciej Latusek

unread,
Nov 10, 2022, 3:01:44 PM11/10/22
to GAM for Google Workspace
So now I get another error ... :(

g09:~$ python3.10 GetTeamDriveOrganizers.py TeamDriveACLs.csv TeamDrives.csv TeamDriveOrganizers.csv
Traceback (most recent call last):
  File "/home/maciej/GetTeamDriveOrganizers.py", line 92, in <module>
    'teamDriveId': row['driveId'],
KeyError: 'driveId'

Ross Scroggs

unread,
Nov 10, 2022, 7:24:59 PM11/10/22
to google-ap...@googlegroups.com
GetTeamDriveOrganizers.py only has 89 lines so there can't be an error on line 92.
The error message is referring to script GetTeamDriveFileACLs.py; somehow your scripts are mixed up.

Are you trying to get ACLs for all Shared Drive or a selected set?

I am in California (PST), if you will please send me a Meet/Zoom invitation we can get this cleared up quickly.

I would get original copies of the scripts, modify GetTeamDriveOrganizers.py as documented in GetTeamDriveFileACLs.py
and then execute the steps as documented in GetTeamDriveFileACLs.py.

Ross

----
Ross Scroggs



Reply all
Reply to author
Forward
0 new messages