Is it possible to add (shared) Drive file ACL for external Google Workspace domain?

354 views
Skip to first unread message

Ron

unread,
Nov 19, 2021, 4:06:40 PM11/19/21
to GAM for Google Workspace
Using GAMADV-XTD3 6.10.01, I tried adding a Drive file ACL for an external Google Workspace domain on a Sheet:

$ gam user edi...@ourdomain.com add drivefileacl 7XYqU_wtkSivMAUoVwQMcmf32JdHLMfPhcdWUxuj4XbC domain externaldomain.com role editor

gam returns:
User: edi...@ourdomain.com, Add 1 Drive File/Folder ACL
    User: edi...@ourdomain.com, Drive File/Folder ID: 7XYqU_wtkSivMAUoVwQMcmf32JdHLMfPhcdWUxuj4XbC, Permission ID: externaldomain.com, Add Failed: Bad Request. User message: "invalidLinkVisibility"

Pseudo user address, file ID, and external domain shown above for privacy/anonymity.
All shared drive settings are enabled for the shared drive in question:
☑ People outside your organization can be added to files
☑ People who aren't shared drive members can be added to files
☑ Viewers and commenters can download, print, and copy files

The error message seems to suggest a problem with link sharing for the file. Initially, it was set to Anyone on the internet with this link can view. I temporarily changed the setting to Anyone on the internet with this link can edit, then Restricted - Only people added can open with this link, for the Google Workspace org: Anyone in this group with this link can view, and finally Anyone in this group with this link can edit. After each change, I retried the command to add a Drive file ACL, and each time gam returned the same error.

The Drive API offers little guidance for permissions of type domain other than specifying a domain string argument.

Adding ACLs to resource calendars for external Google Workspace domains works as expected/desired. It seems this doesn't work similarly for Drive files?

Thanks in advance,

-- 
Ron

Brian Kim

unread,
Nov 19, 2021, 8:38:14 PM11/19/21
to GAM for Google Workspace
You cannot add an external domain or external target audience to an ACL on a file in Shared Drive. Not really documented, but I have tested fairly recently. Limitation of Shared Drive, as the same restriction does not apply for internal target audience or primary domain.

If it's a specific file, you would have to move it to My Drive, and it should work (though not ideal)

Ron

unread,
Nov 20, 2021, 1:44:09 PM11/20/21
to GAM for Google Workspace
You cannot add an external domain or external target audience to an ACL on a file in Shared Drive. Not really documented, but I have tested fairly recently. Limitation of Shared Drive, as the same restriction does not apply for internal target audience or primary domain.

I'm not sure what you mean by "target audience," but I am able to create ACLs for external users and groups containing external users on shared Drive files...

Brian Kim

unread,
Nov 20, 2021, 6:58:56 PM11/20/21
to GAM for Google Workspace
My Drive:
user: yes
group: yes
domain: yes
anyone: yes

Shared Drive:
user: yes
group: yes
domain: yes (internal only)
anyone: yes (files only)

Target audiences are domain type of shares with alphanumeric_string[dot]audience[dot]googledomains[dot]com

Reply all
Reply to author
Forward
0 new messages