A role is a collection of permissions that allows users to perform specific actions on Google Drive resources. To make permissions available to users, groups, and service accounts, you assign roles. When you assign a role, you grant all the permissions that the role contains.
Each permission in the Google Drive API has a role that defines what users can do with a file or folder. The following table shows the operations users can perform for each role, when the role isn't restricted to a view.
Permitted operation | organizer/owner |
fileOrganizer |
writer |
commenter |
reader |
---|---|---|---|---|---|
Read the metadata (such as name, description) of the file or folder | ✔ | ✔ | ✔ | ✔ | ✔ |
Read the content of the file | ✔ | ✔ | ✔ | ✔ | ✔ |
Read the list of items in the folder | ✔ | ✔ | ✔ | ✔ | ✔ |
Add comments to the file | ✔ | ✔ | ✔ | ✔ | |
Modify the metadata of the file or folder | ✔ | ✔ | ✔ | ||
Modify the content of the file | ✔ | ✔ | ✔ | ||
Access historical revisions | ✔ | ✔ | ✔ | ||
Add items to the folder | ✔ | ✔ | ✔ | ||
Remove items from the My Drive folder | ✔ | ✔ | ✔ | ||
Share items from the My Drive folder | ✔ | ||||
Share a shared drive item | ✔ | ✔ | ✔ | ||
Add files to shared drives | ✔ | ✔ | ✔ | ||
Can access detailed file permissions | ✔ | ✔ | ✔ | ||
Move items into the Trash | ✔ | ✔ | |||
Reorganize items within a shared drive [1] | ✔ | ✔ | |||
Move items outside of a shared drive [2] | ✔ | ||||
Delete the file or folder | ✔ | ||||
Delete items in shared drives [2] | ✔ | ||||
Edit shared drive metadata | ✔ | ||||
Add shared drive members | ✔ | ||||
Delete an empty shared drive | ✔ |
Views
A permission might be restricted to a view
, in which case the role only applies
to that particular view.
A permission with view=published
and role=reader
grants reader
access to
the published view of the file, but it doesn't grant reader
access to the
file.
Conversely, any permission that's not restricted to a particular view, grants
reader
access to the published view of the file.