0

I'm trying to get folder and file permissions which is located in Shared Drive. All I can get is permissions list for root Shared Drive but trying to run below code on any ID of file or folder inside throw error.

Relavant Facts

  1. We are using Google Workspace Business Plus subscription
  2. I am domain superadmin
  3. I have access to this file in Shared Drive but I expect to have access to every file as an domain admin.
  4. Right now I'm calling the below script from web IDE of Apps Script so it is working in my grant scope.
  5. I am the script owner
  6. Script is on My rive

Script


function getPermissions_(driveFileID, sharedDriveSupport){
  var thisDrivePermissions = Drive.Permissions.list(
    driveFileID,
    {
      useDomainAdminAccess: USE_DOMAIN_ADMIN_ACCESS,
      supportsAllDrives: sharedDriveSupport
    } 
  );
  return thisDrivePermissions;
}

Errors

GoogleJsonResponseException: API call to drive.permissions.list failed with error: Shared drive not found: xxxxxxxx

GoogleJsonResponseException: API call to drive.permissions.list failed with error: File not found:

How can I get the file permissions list in Google Shared Drive with Apps Script?

Rubén
  • 34,714
  • 9
  • 70
  • 166
Mistic92
  • 120
  • 3
  • 12
  • Do you have access to that particular folder or Drive file with the account that you are using to run the API? – Fernando Lara Oct 26 '22 at 18:14
  • Please add a [mcve] (are using a Google Workspace account? are you the domain admin? Are you able to see the Shared Drive in the Google Drive user interface? How do you get the parameter values? how is the function being called? Are you the script owner ? Is the script in a shared Drive?) – Rubén Oct 27 '22 at 01:57
  • @Rubén I have added answers to your questions – Mistic92 Oct 27 '22 at 12:21
  • Thanks Mistic92. Please don't add labels as "Edit" / "Update". If you need to divide your post content add an horizontal line (i.e. you might use HTML tag `
    `) or add headings. When adding new content, add it thinking on first time readers, ...and people with bad memory like me :)     – Rubén Nov 03 '22 at 17:11

2 Answers2

1

As superadminin you don't have access to all files by default through Google Drive user interface / Google Apps Script. In order to get access to all files in your domain throught Apps Script you have to make use of domain-wide deletegation of authority.

The "not found" errors might occur because the file or shared drive ids are wrong or you don't have access, do double check that the ids are correct and that you passing the parameters correctly. For this you could use Logger.log / console.log to print the variable values to the execution log or use the Apps Script debugger.

Related

Rubén
  • 34,714
  • 9
  • 70
  • 166
  • Yes, this might be the way! GAM tool is using domain-wide delegation so now I need to find a way to use it in Apps Script – Mistic92 Nov 03 '22 at 15:57
1

If I understand correctly, you need to list all the permissions that a drive file contained in a folder from a shared drive has. To do that, you may check the following script as an example:

function myFunction() {
  var driveFileID = "FILE ID";
  var sharedDriveSupport = true;
  var request = {
      "supportsAllDrives": sharedDriveSupport,
      "useDomainAdminAccess": true,
      "fields": "permissionIds"
    };

  var permissionsRequest = {
      "supportsAllDrives": sharedDriveSupport,
      "fields": "role"
    };
  var permissionsIDs = Drive.Files.get(driveFileID, request);
  
  for(var i=0; i<permissionsIDs.permissionIds.length; i++)
  {
    Logger.log((Drive.Permissions.get(driveFileID, permissionsIDs.permissionIds[i], permissionsRequest)).role);
  }
}

This is how it would display the information, by listing all the permission types from the specified file:

enter image description here

Note that this works because you mentioned you have access to the shared drive, however as Rubén mentioned in his answer Google Workspace admins do not have access to all the files, just to the ones that are shared with them, and if you want to have access you can do it using domain wide delegation and user impersonation.

References:

Rubén
  • 34,714
  • 9
  • 70
  • 166
Fernando Lara
  • 2,263
  • 2
  • 4
  • 14
  • 2
    It's better to add execution logs as text.... use images only when it's needed to show how a user interface looks. When making reference to another post, it's nice to include a link as the number of answers an their order could change over the time. By the way, thanks for the mention – Rubén Nov 03 '22 at 17:14
  • @Rubén you are completely right! Will make sure to add it that way next time, thanks for the advise! – Fernando Lara Nov 03 '22 at 17:46