A role is a collection of permissions that allows users to perform specific actions on Google Drive resources. To make permissions available to users, groups, and service accounts, you assign roles. When you assign a role, you grant all the permissions that the role contains.
Each permission in the Google Drive API has a role that defines what users can do with a file or folder. The following table shows the operations users can perform for each role, when the role isn't restricted to a view.
|Read the metadata (such as name, description) of the file or folder||✔||✔||✔||✔||✔|
|Read the content of the file||✔||✔||✔||✔||✔|
|Read the list of items in the folder||✔||✔||✔||✔||✔|
|Add comments to the file||✔||✔||✔||✔|
|Modify the metadata of the file or folder||✔||✔||✔|
|Modify the content of the file||✔||✔||✔|
|Access historical revisions||✔||✔||✔|
|Add items to the folder||✔||✔||✔|
|Remove items from the My Drive folder||✔||✔||✔|
|Share items from the My Drive folder||✔|
|Share a shared drive item||✔||✔||✔|
|Add files to shared drives||✔||✔||✔|
|Can access detailed file permissions||✔||✔||✔|
|Move items into the Trash||✔||✔|
|Reorganize items within a shared drive ||✔||✔|
|Move items outside of a shared drive ||✔|
|Delete the file or folder||✔|
|Delete items in shared drives ||✔|
|Edit shared drive metadata||✔|
|Add shared drive members||✔|
|Delete an empty shared drive||✔|
A permission might be restricted to a
view, in which case the role only applies
to that particular view.
A permission with
reader access to
the published view of the file, but it doesn't grant
reader access to the
Conversely, any permission that's not restricted to a particular view, grants
reader access to the published view of the file.