A role is a collection of permissions that allows users to perform specific actions on Google Drive resources. To make permissions available to users, groups, and service accounts, you assign roles. When you assign a role, you grant all the permissions that the role contains.
Each permission in the Google Drive API has a role that defines what users can do with a file or folder. For more information, see Scenarios for sharing Drive resources.
The following table shows the operations users can perform for each role, when the role isn't restricted to a view. For more information, see Views.
|Read the metadata (such as name, description) of the file or folder||✔||✔||✔||✔||✔||✔|
|Read the content of the file||✔||✔||✔||✔||✔||✔|
|Read the list of items in the folder||✔||✔||✔||✔||✔||✔|
|Add comments to the file||✔||✔||✔||✔||✔|
|Modify the metadata of the file or folder||✔||✔||✔||✔|
|Modify the content of the file||✔||✔||✔||✔|
|Access historical revisions||✔||✔||✔||✔|
|Add items to the folder||✔||✔||✔||✔|
|Remove items from the My Drive folder||✔||✔|
|Share items from the My Drive folder||✔||✔|
|Share a shared drive item||✔||✔||✔|
|Add files to shared drives||✔||✔||✔|
|Can access detailed file permissions||✔||✔||✔||✔|
|Move items into the Trash||✔||✔||✔|
|Reorganize items within a shared drive ||✔||✔|
|Move items outside of a shared drive ||✔|
|Delete a file or folder||✔||✔|
|Delete items in shared drives ||✔|
|Edit shared drive metadata||✔|
|Add shared drive members||✔|
|Delete an empty shared drive||✔|
|Add a content restriction to a file in a My Drive folder||✔||✔|
|Add a content restriction to a file in a shared drive||✔||✔||✔|
A permission might be restricted to a
view, in which case the role only
applies to that particular view.
A permission with
reader access to
the published view of the file, but it doesn't grant
reader access to the
Conversely, any permission that's not restricted to a particular view, grants
reader access to the published view of the file.