Roles & permissions

A role is a collection of permissions that allows users to perform specific actions on Google Drive resources. To make permissions available to users, groups, and service accounts, you assign roles. When you assign a role, you grant all the permissions that the role contains.

Each permission in the Google Drive API has a role that defines what users can do with a file or folder. The following table shows the operations users can perform for each role, when the role isn't restricted to a view.

Permitted operation	organizer/owner	fileOrganizer	writer	commenter	reader
Read the metadata (such as name, description) of the file or folder	✔	✔	✔	✔	✔
Read the content of the file	✔	✔	✔	✔	✔
Read the list of items in the folder	✔	✔	✔	✔	✔
Add comments to the file	✔	✔	✔	✔
Modify the metadata of the file or folder	✔	✔	✔
Modify the content of the file	✔	✔	✔
Access historical revisions	✔	✔	✔
Add items to the folder	✔	✔	✔
Remove items from the My Drive folder	✔	✔	✔
Share items from the My Drive folder			✔
Share a shared drive item	✔	✔	✔
Add files to shared drives	✔	✔	✔
Can access detailed file permissions	✔	✔	✔
Move items into the Trash	✔	✔
Reorganize items within a shared drive [1]	✔	✔
Move items outside of a shared drive [2]	✔
Delete the file or folder	✔
Delete items in shared drives [2]	✔
Edit shared drive metadata	✔
Add shared drive members	✔
Delete an empty shared drive	✔

Views

A permission might be restricted to a view, in which case the role only applies to that particular view.

A permission with view=published and role=reader grants reader access to the published view of the file, but it doesn't grant reader access to the file.

Conversely, any permission that's not restricted to a particular view, grants reader access to the published view of the file.