Shared drives overview

A shared drive is an organizational structure within Google Drive that lives parallel to My Drive. Shared drives support files owned by an organization rather than an individual user. An individual file may be organized within a shared drive or My Drive, but not both.

Access control

Shared drives use a similar permission model as other content in Drive. Unlike files in My Drive, content located within a shared drive is owned by a group of users. For more information about permissions, refer to Share files, folders, and drives.

Permission propagation

Like items in My Drive, permissions on parent items propagate downward to their children. However, within a shared drive, permissions are strictly expansive. For example, a user that has a role of commenter for a shared drive cannot have their access level reduced at another point within the folder hierarchy. However, their access can be increased for a certain set of files.

Shared drive files must have exactly one parent. This means that shared drive files belong to a single shared drive and are located in a single location within that shared drive. Having a single location simplifies permission rules for shared drive files.

Member vs. file access

There are two classes of permissions in shared drives:

  • Member permissions are for users who have been granted access to the shared drive itself, either directly or through a group. Members can view the shared drive metadata, such as the shared drive's name. Members have access to all files within the shared drive, with the access level depending on the role given to the member (e.g. reader, writer).
  • File access permissions are for users who have been granted access to a subset of the files in the shared drive. For example, sharing a single file to a user creates a file access permission.

An individual user may be a member of a shared drive and have file access permissions for files contained within the shared drive. A file access permission may be superseded if the user's membership in the shared drive grants them a greater level of access. These file permissions are revoked when the user is no longer a member of the shared drive, or their member access level is reduced.

Specific roles for shared drives

As with items in My Drive, each user is granted access with a specific role. Two additional roles have been added for shared drives:

  • The fileOrganizer role allows users to organize files within a shared drive and to move content into the Trash.
  • The organizer role grants the same privileges as the fileOrganizer and allows users to permanently remove content and modify shared drive name and membership.

The owner role is not allowed in shared drives.

For more information about the capabilities of different roles in a shared drive, refer to Share files, folders and drives.

Members and organizer rules

Shared drives have both an organizerCount and memberCount fields. The values for these fields can decide who can access the shared drive. Following are the rules for organizerCount and memberCount fields.

  • A shared drive with an organizerCount of zero can only be managed by an administrator.
  • A shared drive with a memberCount of zero can only be accessed by an administrator.
  • A shared drive with an organizerCount or memberCount greater than zero can only be accessed by an administrator if the remaining permissions are for empty groups, or external users that were added prior to disabling sharing outside the domain.
  • The organizerCount and memberCount fields do not distinguish between members of the organization and external members.
  • Files inside a shared drive with a memberCount of zero can be accessed by entities written on the file permission.

Enviar comentarios sobre…

¿Necesitas ayuda? Visita nuestra página de asistencia.