permissions
Creates, updates, deletes, gets or lists a permissions resource.
Overview
| Name | permissions |
| Type | Resource |
| Id | googleworkspace.drivev2.permissions |
Fields
The following fields are returned by SELECT queries:
- get
- list
| Name | Datatype | Description |
|---|---|---|
id | string | The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored. |
name | string | Output only. The name for this permission. |
additionalRoles | array | Additional roles for this user. Only commenter is currently allowed, though more may be supported in the future. |
authKey | string | Output only. Deprecated. |
deleted | boolean | Output only. Whether the account associated with this permission has been deleted. This field only pertains to user and group permissions. |
domain | string | Output only. The domain name of the entity this permission refers to. This is an output-only field which is present when the permission type is user, group or domain. |
emailAddress | string | Output only. The email address of the user or group this permission refers to. This is an output-only field which is present when the permission type is user or group. |
etag | string | Output only. The ETag of the permission. |
expirationDate | string (date-time) | The time at which this permission will expire (RFC 3339 date-time). Expiration dates have the following restrictions: - They can only be set on user and group permissions - The date must be in the future - The date cannot be more than a year in the future - The date can only be set on drive.permissions.update or drive.permissions.patch requests |
inheritedPermissionsDisabled | boolean | When true, only organizers, owners, and users with permissions added directly on the item can access it. |
kind | string | Output only. This is always drive#permission. (default: drive#permission) |
pendingOwner | boolean | Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive. |
permissionDetails | array | Output only. Details of whether the permissions on this item are inherited or directly on this item. |
photoLink | string | Output only. A link to the profile photo, if available. |
role | string | The primary role for this user. While new values may be supported in the future, the following are currently allowed: * owner * organizer * fileOrganizer * writer * reader |
selfLink | string | Output only. A link back to this permission. |
teamDrivePermissionDetails | array | Output only. Deprecated: Use permissionDetails instead. |
type | string | The account type. Allowed values are: * user * group * domain * anyone |
value | string | The email address or domain name for the entity. This is used during inserts and is not populated in responses. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored. |
view | string | Indicates the view for this permission. Only populated for permissions that belong to a view. published and metadata are the only supported values. - published: The permission's role is published_reader. - metadata: The item is only visible to the metadata view because the item has limited access and the scope has at least read access to the parent. Note: The metadata view is currently only supported on folders. |
withLink | boolean | Whether the link is required for this permission. |
| Name | Datatype | Description |
|---|---|---|
id | string | The ID of the user this permission refers to, and identical to the permissionId in the About and Files resources. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored. |
name | string | Output only. The name for this permission. |
additionalRoles | array | Additional roles for this user. Only commenter is currently allowed, though more may be supported in the future. |
authKey | string | Output only. Deprecated. |
deleted | boolean | Output only. Whether the account associated with this permission has been deleted. This field only pertains to user and group permissions. |
domain | string | Output only. The domain name of the entity this permission refers to. This is an output-only field which is present when the permission type is user, group or domain. |
emailAddress | string | Output only. The email address of the user or group this permission refers to. This is an output-only field which is present when the permission type is user or group. |
etag | string | Output only. The ETag of the permission. |
expirationDate | string (date-time) | The time at which this permission will expire (RFC 3339 date-time). Expiration dates have the following restrictions: - They can only be set on user and group permissions - The date must be in the future - The date cannot be more than a year in the future - The date can only be set on drive.permissions.update or drive.permissions.patch requests |
inheritedPermissionsDisabled | boolean | When true, only organizers, owners, and users with permissions added directly on the item can access it. |
kind | string | Output only. This is always drive#permission. (default: drive#permission) |
pendingOwner | boolean | Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive. |
permissionDetails | array | Output only. Details of whether the permissions on this item are inherited or directly on this item. |
photoLink | string | Output only. A link to the profile photo, if available. |
role | string | The primary role for this user. While new values may be supported in the future, the following are currently allowed: * owner * organizer * fileOrganizer * writer * reader |
selfLink | string | Output only. A link back to this permission. |
teamDrivePermissionDetails | array | Output only. Deprecated: Use permissionDetails instead. |
type | string | The account type. Allowed values are: * user * group * domain * anyone |
value | string | The email address or domain name for the entity. This is used during inserts and is not populated in responses. When making a drive.permissions.insert request, exactly one of the id or value fields must be specified unless the permission type is anyone, in which case both id and value are ignored. |
view | string | Indicates the view for this permission. Only populated for permissions that belong to a view. published and metadata are the only supported values. - published: The permission's role is published_reader. - metadata: The item is only visible to the metadata view because the item has limited access and the scope has at least read access to the parent. Note: The metadata view is currently only supported on folders. |
withLink | boolean | Whether the link is required for this permission. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | fileId, permissionId | supportsAllDrives, supportsTeamDrives, useDomainAdminAccess | Gets a permission by ID. |
list | select | fileId | maxResults, pageToken, supportsAllDrives, supportsTeamDrives, useDomainAdminAccess, includePermissionsForView | Lists a file's or shared drive's permissions. |
insert | insert | fileId | emailMessage, enforceSingleParent, moveToNewOwnersRoot, sendNotificationEmails, supportsAllDrives, supportsTeamDrives, useDomainAdminAccess, enforceExpansiveAccess | Inserts a permission for a file or shared drive. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied. |
patch | update | fileId, permissionId | removeExpiration, supportsAllDrives, supportsTeamDrives, transferOwnership, useDomainAdminAccess, enforceExpansiveAccess | Updates a permission using patch semantics. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied. |
update | replace | fileId, permissionId | removeExpiration, supportsAllDrives, supportsTeamDrives, transferOwnership, useDomainAdminAccess, enforceExpansiveAccess | Updates a permission. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied. |
delete | delete | fileId, permissionId | supportsAllDrives, supportsTeamDrives, useDomainAdminAccess, enforceExpansiveAccess | Deletes a permission from a file or shared drive. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
fileId | string | |
permissionId | string | |
emailMessage | string | |
enforceExpansiveAccess | boolean | |
enforceSingleParent | boolean | |
includePermissionsForView | string | |
maxResults | integer (int32) | |
moveToNewOwnersRoot | boolean | |
pageToken | string | |
removeExpiration | boolean | |
sendNotificationEmails | boolean | |
supportsAllDrives | boolean | |
supportsTeamDrives | boolean | |
transferOwnership | boolean | |
useDomainAdminAccess | boolean |
SELECT examples
- get
- list
Gets a permission by ID.
SELECT
id,
name,
additionalRoles,
authKey,
deleted,
domain,
emailAddress,
etag,
expirationDate,
inheritedPermissionsDisabled,
kind,
pendingOwner,
permissionDetails,
photoLink,
role,
selfLink,
teamDrivePermissionDetails,
type,
value,
view,
withLink
FROM googleworkspace.drivev2.permissions
WHERE fileId = '{{ fileId }}' -- required
AND permissionId = '{{ permissionId }}' -- required
AND supportsAllDrives = '{{ supportsAllDrives }}'
AND supportsTeamDrives = '{{ supportsTeamDrives }}'
AND useDomainAdminAccess = '{{ useDomainAdminAccess }}'
;
Lists a file's or shared drive's permissions.
SELECT
id,
name,
additionalRoles,
authKey,
deleted,
domain,
emailAddress,
etag,
expirationDate,
inheritedPermissionsDisabled,
kind,
pendingOwner,
permissionDetails,
photoLink,
role,
selfLink,
teamDrivePermissionDetails,
type,
value,
view,
withLink
FROM googleworkspace.drivev2.permissions
WHERE fileId = '{{ fileId }}' -- required
AND maxResults = '{{ maxResults }}'
AND pageToken = '{{ pageToken }}'
AND supportsAllDrives = '{{ supportsAllDrives }}'
AND supportsTeamDrives = '{{ supportsTeamDrives }}'
AND useDomainAdminAccess = '{{ useDomainAdminAccess }}'
AND includePermissionsForView = '{{ includePermissionsForView }}'
;
INSERT examples
- insert
- Manifest
Inserts a permission for a file or shared drive. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied.
INSERT INTO googleworkspace.drivev2.permissions (
data__id,
data__name,
data__type,
data__role,
data__additionalRoles,
data__authKey,
data__value,
data__kind,
data__withLink,
data__photoLink,
data__selfLink,
data__emailAddress,
data__domain,
data__etag,
data__expirationDate,
data__deleted,
data__view,
data__pendingOwner,
data__inheritedPermissionsDisabled,
fileId,
emailMessage,
enforceSingleParent,
moveToNewOwnersRoot,
sendNotificationEmails,
supportsAllDrives,
supportsTeamDrives,
useDomainAdminAccess,
enforceExpansiveAccess
)
SELECT
'{{ id }}',
'{{ name }}',
'{{ type }}',
'{{ role }}',
'{{ additionalRoles }}',
'{{ authKey }}',
'{{ value }}',
'{{ kind }}',
{{ withLink }},
'{{ photoLink }}',
'{{ selfLink }}',
'{{ emailAddress }}',
'{{ domain }}',
'{{ etag }}',
'{{ expirationDate }}',
{{ deleted }},
'{{ view }}',
{{ pendingOwner }},
{{ inheritedPermissionsDisabled }},
'{{ fileId }}',
'{{ emailMessage }}',
'{{ enforceSingleParent }}',
'{{ moveToNewOwnersRoot }}',
'{{ sendNotificationEmails }}',
'{{ supportsAllDrives }}',
'{{ supportsTeamDrives }}',
'{{ useDomainAdminAccess }}',
'{{ enforceExpansiveAccess }}'
RETURNING
id,
name,
additionalRoles,
authKey,
deleted,
domain,
emailAddress,
etag,
expirationDate,
inheritedPermissionsDisabled,
kind,
pendingOwner,
permissionDetails,
photoLink,
role,
selfLink,
teamDrivePermissionDetails,
type,
value,
view,
withLink
;
# Description fields are for documentation purposes
- name: permissions
props:
- name: fileId
value: string
description: Required parameter for the permissions resource.
- name: id
value: string
description: >
The ID of the user this permission refers to, and identical to the `permissionId` in the About and Files resources. When making a `drive.permissions.insert` request, exactly one of the `id` or `value` fields must be specified unless the permission type is `anyone`, in which case both `id` and `value` are ignored.
- name: name
value: string
description: >
Output only. The name for this permission.
- name: type
value: string
description: >
The account type. Allowed values are: * `user` * `group` * `domain` * `anyone`
- name: role
value: string
description: >
The primary role for this user. While new values may be supported in the future, the following are currently allowed: * `owner` * `organizer` * `fileOrganizer` * `writer` * `reader`
- name: additionalRoles
value: array
description: >
Additional roles for this user. Only `commenter` is currently allowed, though more may be supported in the future.
- name: authKey
value: string
description: >
Output only. Deprecated.
- name: value
value: string
description: >
The email address or domain name for the entity. This is used during inserts and is not populated in responses. When making a `drive.permissions.insert` request, exactly one of the `id` or `value` fields must be specified unless the permission type is `anyone`, in which case both `id` and `value` are ignored.
- name: kind
value: string
description: >
Output only. This is always `drive#permission`.
default: drive#permission
- name: withLink
value: boolean
description: >
Whether the link is required for this permission.
- name: photoLink
value: string
description: >
Output only. A link to the profile photo, if available.
- name: selfLink
value: string
description: >
Output only. A link back to this permission.
- name: emailAddress
value: string
description: >
Output only. The email address of the user or group this permission refers to. This is an output-only field which is present when the permission type is `user` or `group`.
- name: domain
value: string
description: >
Output only. The domain name of the entity this permission refers to. This is an output-only field which is present when the permission type is `user`, `group` or `domain`.
- name: etag
value: string
description: >
Output only. The ETag of the permission.
- name: expirationDate
value: string
description: >
The time at which this permission will expire (RFC 3339 date-time). Expiration dates have the following restrictions: - They can only be set on user and group permissions - The date must be in the future - The date cannot be more than a year in the future - The date can only be set on drive.permissions.update or drive.permissions.patch requests
- name: deleted
value: boolean
description: >
Output only. Whether the account associated with this permission has been deleted. This field only pertains to user and group permissions.
- name: view
value: string
description: >
Indicates the view for this permission. Only populated for permissions that belong to a view. published and metadata are the only supported values. - published: The permission's role is published_reader. - metadata: The item is only visible to the metadata view because the item has limited access and the scope has at least read access to the parent. Note: The metadata view is currently only supported on folders.
- name: pendingOwner
value: boolean
description: >
Whether the account associated with this permission is a pending owner. Only populated for `user` type permissions for files that are not in a shared drive.
- name: inheritedPermissionsDisabled
value: boolean
description: >
When true, only organizers, owners, and users with permissions added directly on the item can access it.
- name: emailMessage
value: string
- name: enforceSingleParent
value: boolean
- name: moveToNewOwnersRoot
value: boolean
- name: sendNotificationEmails
value: boolean
- name: supportsAllDrives
value: boolean
- name: supportsTeamDrives
value: boolean
- name: useDomainAdminAccess
value: boolean
- name: enforceExpansiveAccess
value: boolean
UPDATE examples
- patch
Updates a permission using patch semantics. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied.
UPDATE googleworkspace.drivev2.permissions
SET
data__id = '{{ id }}',
data__name = '{{ name }}',
data__type = '{{ type }}',
data__role = '{{ role }}',
data__additionalRoles = '{{ additionalRoles }}',
data__authKey = '{{ authKey }}',
data__value = '{{ value }}',
data__kind = '{{ kind }}',
data__withLink = {{ withLink }},
data__photoLink = '{{ photoLink }}',
data__selfLink = '{{ selfLink }}',
data__emailAddress = '{{ emailAddress }}',
data__domain = '{{ domain }}',
data__etag = '{{ etag }}',
data__expirationDate = '{{ expirationDate }}',
data__deleted = {{ deleted }},
data__view = '{{ view }}',
data__pendingOwner = {{ pendingOwner }},
data__inheritedPermissionsDisabled = {{ inheritedPermissionsDisabled }}
WHERE
fileId = '{{ fileId }}' --required
AND permissionId = '{{ permissionId }}' --required
AND removeExpiration = {{ removeExpiration}}
AND supportsAllDrives = {{ supportsAllDrives}}
AND supportsTeamDrives = {{ supportsTeamDrives}}
AND transferOwnership = {{ transferOwnership}}
AND useDomainAdminAccess = {{ useDomainAdminAccess}}
AND enforceExpansiveAccess = {{ enforceExpansiveAccess}}
RETURNING
id,
name,
additionalRoles,
authKey,
deleted,
domain,
emailAddress,
etag,
expirationDate,
inheritedPermissionsDisabled,
kind,
pendingOwner,
permissionDetails,
photoLink,
role,
selfLink,
teamDrivePermissionDetails,
type,
value,
view,
withLink;
REPLACE examples
- update
Updates a permission. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied.
REPLACE googleworkspace.drivev2.permissions
SET
data__id = '{{ id }}',
data__name = '{{ name }}',
data__type = '{{ type }}',
data__role = '{{ role }}',
data__additionalRoles = '{{ additionalRoles }}',
data__authKey = '{{ authKey }}',
data__value = '{{ value }}',
data__kind = '{{ kind }}',
data__withLink = {{ withLink }},
data__photoLink = '{{ photoLink }}',
data__selfLink = '{{ selfLink }}',
data__emailAddress = '{{ emailAddress }}',
data__domain = '{{ domain }}',
data__etag = '{{ etag }}',
data__expirationDate = '{{ expirationDate }}',
data__deleted = {{ deleted }},
data__view = '{{ view }}',
data__pendingOwner = {{ pendingOwner }},
data__inheritedPermissionsDisabled = {{ inheritedPermissionsDisabled }}
WHERE
fileId = '{{ fileId }}' --required
AND permissionId = '{{ permissionId }}' --required
AND removeExpiration = {{ removeExpiration}}
AND supportsAllDrives = {{ supportsAllDrives}}
AND supportsTeamDrives = {{ supportsTeamDrives}}
AND transferOwnership = {{ transferOwnership}}
AND useDomainAdminAccess = {{ useDomainAdminAccess}}
AND enforceExpansiveAccess = {{ enforceExpansiveAccess}}
RETURNING
id,
name,
additionalRoles,
authKey,
deleted,
domain,
emailAddress,
etag,
expirationDate,
inheritedPermissionsDisabled,
kind,
pendingOwner,
permissionDetails,
photoLink,
role,
selfLink,
teamDrivePermissionDetails,
type,
value,
view,
withLink;
DELETE examples
- delete
Deletes a permission from a file or shared drive. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied.
DELETE FROM googleworkspace.drivev2.permissions
WHERE fileId = '{{ fileId }}' --required
AND permissionId = '{{ permissionId }}' --required
AND supportsAllDrives = '{{ supportsAllDrives }}'
AND supportsTeamDrives = '{{ supportsTeamDrives }}'
AND useDomainAdminAccess = '{{ useDomainAdminAccess }}'
AND enforceExpansiveAccess = '{{ enforceExpansiveAccess }}'
;