Drive Inheritance

[Chris Curtin]

Hello,

I created a document storage solution using Google Drive for IEPs, 504s, and IHPs to automate deployment and apply permissions based on a csv from our SIS. It has been working well for the last 6 years or so, but unfortunately has recently broken. It would appear that Google has changed inheritance.

The way it worked is - the top level folder allows all staff to view, however, the files within are only visible to the correct staff members. This was achieved by breaking the inheritance.

I have been utilizing these two commands to remove the current ACLs. The top removed all of the current ACLs, and the second removed the "Anyone in this group with the link can view"

gam user $serviceAccount print drivefileacls $iepFileID oneitemperrow pm role owner em pma skip | gam csv - gam user $serviceAccount delete drivefileacl $iepfileID "~permission.emailAddress"

gam user $serviceAccount delete drivefileacl $iepFileID $PelhamSDUserID

Since the most recent update, I have been receiving this error -

 Delete Failed: The authenticated user cannot delete the permission. If the permission is inherited, limited access must be leveraged (https://developers.google.com/workspace/drive/api/guides/limited-expansive-access).

I see there are some additional flags, not sure if we have access to them? Any other ideas? I've had no luck so far in my testing. I understand that Google doesn't want us to break inheritance, but it has been working on standard drive files forever. 

capabilities.candisableinheritedpermissions

capabilities.canenableinheritedpermissions

Thanks,

Chris