Bulk permission change to "reader"?

[Jim Garrison]

As part of a bulk migration (copy) of files from MyDrive to Shared Drives, I need to first change all the ACLs on the source files to role:reader, to prevent users from modifying any files during and after the migration.

One wrinkle is that many (over 50%) of the files were created by non-domain users who were granted r/w access in the past, so moving (vs copying) is not really an option.  I realize I won't be able to modify the owner ACLs for those files but I want to at least reduce the chances that someone will modify a file.

I have a script that will update these one by one, but there are 31K+ permissions to be updated just at the folder level.  I plan to update folder permissions first and then make a second pass to catch any non-inherited file permissions.

My process is essentially:

    for f in folders:

        for p in f.permissions

            if p.role != 'reader'

                update drivefileacls id:{f.id} id:{p.id} role reader

Is there a way, via the API, to effect this change in a more efficient manner?

Ideally what I want to do could be summarized as

    for f in folders:

        update drivefileacls id:<folderId> allpermissions role reader