Roles & permissions

Stay organized with collections Save and categorize content based on your preferences.

A role is a collection of permissions that allows users to perform specific actions on Google Drive resources. To make permissions available to users, groups, and service accounts, you assign roles. When you assign a role, you grant all the permissions that the role contains.

Each permission in the Google Drive API has a role that defines what users can do with a file or folder. The following table shows the operations users can perform for each role, when the role isn't restricted to a view.

Permitted operation organizer/owner fileOrganizer writer commenter reader
Read the metadata (such as name, description) of the file or folder
Read the content of the file
Read the list of items in the folder
Add comments to the file
Modify the metadata of the file or folder
Modify the content of the file
Access historical revisions
Add items to the folder
Remove items from the My Drive folder
Share items from the My Drive folder
Share a shared drive item
Add files to shared drives
Can access detailed file permissions
Move items into the Trash
Reorganize items within a shared drive [1]
Move items outside of a shared drive [2]
Delete the file or folder
Delete items in shared drives [2]
Edit shared drive metadata
Add shared drive members
Delete an empty shared drive


A permission might be restricted to a view, in which case the role only applies to that particular view.

A permission with view=published and role=reader grants reader access to the published view of the file, but it doesn't grant reader access to the file.

Conversely, any permission that's not restricted to a particular view, grants reader access to the published view of the file.