Check permissions before moving to a Shared Drive

In this article 

Permission model in My Drive and Shared Drives are different

In My Drive, permissions can be restrictive. This is not the case with Shared Drives, where permissions are strictly expansive.

In My Drive, you can completely revoke someone’s access to a specific folder and all of its descendants, like depicted in this picture:

The same applies to access levels.

In Shared Drive, if someone is a member of the Shared Drive, he will have access to its entire content. Same if someone has access only to a folder, he will necessarily have access to all of its content below. 

In My Drive, a user’s access can vary across subfolders. For example, someone may be a Commenter on the main folder, an Editor on some subfolders, and a Viewer on another.

However, Shared Drives do not support every permission variation. In particular, you cannot always reduce a user’s access on a subfolder if they already have higher access at the Shared Drive level.

To sum up: 

  • In Shared Drive, you can only increase the level of permission on a specific file or folder.
  • Managers can also share specific files or folders with people who are not members of the Shared Drive, also called guests. However, be careful when giving guests Contributor or Content Manager access: depending on your Shared Drive settings, they may be able to share those files with others.

Folgo helps you check these permission differences before moving content. It can scan a folder and show where access levels have been added, increased, reduced, or changed across its contents.

Use Folgo “Inspection” feature

When you run an inspection on a folder, you can select the option“List files permissions”. 

With this option activated, Folgo will allow you to identify files and folders that have different permissions from their parent.

You will get a full report in Google Sheet (sent by email at the end of the inspection), with the list of all files and folders inventoried and a specific column named “Permission changes from parent” where you will see when a specific file has different permissions from its direct parent folder 

This column has 4 possible values : 

  • HAS_INCREASED_PERMISSIONS: when a higher access has been given compared to its parent folder : someone has been added or someone's access has been increased (e.g. : from viewer to editor)
  • HAS_REDUCED_PERMISSIONS: when someone’s access has been revoked or decreased (e.g.: from editor to commenter) compared to its parent folder
  • HAS_DIFFERENT_PERMISSIONS: when you have the two previous cases at the same time : some permissions have been increased while others have been decreased. (e.g.: user A’s rights changed from editor to commenter while user B’s rights changed from viewer to editor)
  • NO_CHANGE: when the item has the exact same permissions as its parent folder.

Example

Below is an example of the different situations you might find yourself in: 

I am the owner of a folder named “Accounting documents”, located in My Drive. I want to transfer it to a new Shared Drive dedicated to accounting. I choose to run an Inspection before, so I can analyze all the permissions given to the items it contains.

The root folder “Accounting documents” is shared with all the employees and has 4 subfolders: 

  • “Knowledge base” which contains many information for the employees about compensation and benefits
  • “Payslips” which contains all the payslips of all the employees from the beginning of the financial year
  • “Balance sheets - CONFIDENTIAL” which contains sensitive information about the economic health of the company
  • “Templates for expenses claims” which contains several documents and presentations to guide employees and external partners in their reimbursement procedures

Below is the report sent by Folgo after the inspection:

  • The folder “Templates for expenses claims” is shared with all the employees but also with some external partners. It is flagged as “HAS_INCREASED_PERMISSIONS” since it has been shared with additional people compared to its parent folder. The move to the Shared Drive won’t change anything since the permissions have only increased. 

All of its content below is flagged as “NO_CHANGE” because no permissions modification has been made on them. 

  • Due to its sensitive nature, the folder “Balance sheets” is not shared with any employee but it has been shared with the accountant, who works for another company. Since some rights have been increased and others have been decreased, the folder is flagged as “HAS_DIFFERENT_PERMISSIONS”. This is going to be a problem during the move and I should definitely reconsider my “Accounting documents” folder’s organization before moving the folder if I don’t want sensitive data to be accessible by the wrong people.
  • The folder “Payslips” has the same permissions as its parent folder too, which is why it is marked as “NO_CHANGE”. However, each document in this subfolder is only shared with the person concerned. Therefore, they are labeled as “HAS_REDUCED_PERMISSIONS” and just like the previous case, this access restriction won’t be replicated in the Shared Drive. If I resume the move without making any change, all the employees will have access to every single document in the folder.

As you can see on the picture below, Folgo warns you directly in the report mail when you have reduced permissions in your folder.

  • Finally, the folder “Knowledge base” is shared with the same accounts as the root folder “Accounting documents”, that is, all the employees. It is flagged as “NO_CHANGE” because there are no modifications in the permissions inherited by the root folder.

Now you know how to use Folgo at its full potential by combining the “Move to Shared Drive” feature to the “Inspection” ! 

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.