permissions

Creates, updates, deletes, gets or lists a permissions resource.

Overview

Name	`permissions`
Type	Resource
Id	`googleworkspace.drivev3.permissions`

Fields

The following fields are returned by SELECT queries:

get
list

Name	Datatype	Description
`id`	`string`	Output only. The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as `permissionId`. IDs should be treated as opaque values.
`allowFileDiscovery`	`boolean`	Whether the permission allows the file to be discovered through search. This is only applicable for permissions of type `domain` or `anyone`.
`deleted`	`boolean`	Output only. Whether the account associated with this permission has been deleted. This field only pertains to user and group permissions.
`displayName`	`string`	Output only. The "pretty" name of the value of the permission. The following is a list of examples for each type of permission: * `user` - User's full name, as defined for their Google account, such as "Joe Smith." * `group` - Name of the Google Group, such as "The Company Administrators." * `domain` - String domain name, such as "thecompany.com." * `anyone` - No `displayName` is present.
`domain`	`string`	The domain to which this permission refers.
`emailAddress`	`string`	The email address of the user or group to which this permission refers.
`expirationTime`	`string (date-time)`	The time at which this permission will expire (RFC 3339 date-time). Expiration times have the following restrictions: - They can only be set on user and group permissions - The time must be in the future - The time cannot be more than a year in the future
`inheritedPermissionsDisabled`	`boolean`	When true, only organizers, owners, and users with permissions added directly on the item can access it.
`kind`	`string`	Output only. Identifies what kind of resource this is. Value: the fixed string `"drive#permission"`. (default: drive#permission)
`pendingOwner`	`boolean`	Whether the account associated with this permission is a pending owner. Only populated for `user` type permissions for files that are not in a shared drive.
`permissionDetails`	`array`	Output only. Details of whether the permissions on this item are inherited or directly on this item.
`photoLink`	`string`	Output only. A link to the user's profile photo, if available.
`role`	`string`	The role granted by this permission. While new values may be supported in the future, the following are currently allowed: * `owner` * `organizer` * `fileOrganizer` * `writer` * `commenter` * `reader`
`teamDrivePermissionDetails`	`array`	Output only. Deprecated: Output only. Use `permissionDetails` instead.
`type`	`string`	The type of the grantee. Valid values are: * `user` * `group` * `domain` * `anyone` When creating a permission, if `type` is `user` or `group`, you must provide an `emailAddress` for the user or group. When `type` is `domain`, you must provide a `domain`. There isn't extra information required for an `anyone` type.
`view`	`string`	Indicates the view for this permission. Only populated for permissions that belong to a view. published and metadata are the only supported values. - published: The permission's role is published_reader. - metadata: The item is only visible to the metadata view because the item has limited access and the scope has at least read access to the parent. Note: The metadata view is currently only supported on folders.

Name	Datatype	Description
`id`	`string`	Output only. The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as `permissionId`. IDs should be treated as opaque values.
`allowFileDiscovery`	`boolean`	Whether the permission allows the file to be discovered through search. This is only applicable for permissions of type `domain` or `anyone`.
`deleted`	`boolean`	Output only. Whether the account associated with this permission has been deleted. This field only pertains to user and group permissions.
`displayName`	`string`	Output only. The "pretty" name of the value of the permission. The following is a list of examples for each type of permission: * `user` - User's full name, as defined for their Google account, such as "Joe Smith." * `group` - Name of the Google Group, such as "The Company Administrators." * `domain` - String domain name, such as "thecompany.com." * `anyone` - No `displayName` is present.
`domain`	`string`	The domain to which this permission refers.
`emailAddress`	`string`	The email address of the user or group to which this permission refers.
`expirationTime`	`string (date-time)`	The time at which this permission will expire (RFC 3339 date-time). Expiration times have the following restrictions: - They can only be set on user and group permissions - The time must be in the future - The time cannot be more than a year in the future
`inheritedPermissionsDisabled`	`boolean`	When true, only organizers, owners, and users with permissions added directly on the item can access it.
`kind`	`string`	Output only. Identifies what kind of resource this is. Value: the fixed string `"drive#permission"`. (default: drive#permission)
`pendingOwner`	`boolean`	Whether the account associated with this permission is a pending owner. Only populated for `user` type permissions for files that are not in a shared drive.
`permissionDetails`	`array`	Output only. Details of whether the permissions on this item are inherited or directly on this item.
`photoLink`	`string`	Output only. A link to the user's profile photo, if available.
`role`	`string`	The role granted by this permission. While new values may be supported in the future, the following are currently allowed: * `owner` * `organizer` * `fileOrganizer` * `writer` * `commenter` * `reader`
`teamDrivePermissionDetails`	`array`	Output only. Deprecated: Output only. Use `permissionDetails` instead.
`type`	`string`	The type of the grantee. Valid values are: * `user` * `group` * `domain` * `anyone` When creating a permission, if `type` is `user` or `group`, you must provide an `emailAddress` for the user or group. When `type` is `domain`, you must provide a `domain`. There isn't extra information required for an `anyone` type.
`view`	`string`	Indicates the view for this permission. Only populated for permissions that belong to a view. published and metadata are the only supported values. - published: The permission's role is published_reader. - metadata: The item is only visible to the metadata view because the item has limited access and the scope has at least read access to the parent. Note: The metadata view is currently only supported on folders.

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
`get`	`select`	`fileId`, `permissionId`	`supportsAllDrives`, `supportsTeamDrives`, `useDomainAdminAccess`	Gets a permission by ID.
`list`	`select`	`fileId`	`pageSize`, `pageToken`, `supportsAllDrives`, `supportsTeamDrives`, `useDomainAdminAccess`, `includePermissionsForView`	Lists a file's or shared drive's permissions.
`create`	`insert`	`fileId`	`emailMessage`, `enforceSingleParent`, `moveToNewOwnersRoot`, `sendNotificationEmail`, `supportsAllDrives`, `supportsTeamDrives`, `transferOwnership`, `useDomainAdminAccess`, `enforceExpansiveAccess`	Creates a permission for a file or shared drive. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied.
`update`	`update`	`fileId`, `permissionId`	`removeExpiration`, `supportsAllDrives`, `supportsTeamDrives`, `transferOwnership`, `useDomainAdminAccess`, `enforceExpansiveAccess`	Updates a permission with patch semantics. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied.
`delete`	`delete`	`fileId`, `permissionId`	`supportsAllDrives`, `supportsTeamDrives`, `useDomainAdminAccess`, `enforceExpansiveAccess`	Deletes a permission. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
`fileId`	`string`
`permissionId`	`string`
`emailMessage`	`string`
`enforceExpansiveAccess`	`boolean`
`enforceSingleParent`	`boolean`
`includePermissionsForView`	`string`
`moveToNewOwnersRoot`	`boolean`
`pageSize`	`integer (int32)`
`pageToken`	`string`
`removeExpiration`	`boolean`
`sendNotificationEmail`	`boolean`
`supportsAllDrives`	`boolean`
`supportsTeamDrives`	`boolean`
`transferOwnership`	`boolean`
`useDomainAdminAccess`	`boolean`

`SELECT` examples

get
list

Gets a permission by ID.

SELECT
id,
allowFileDiscovery,
deleted,
displayName,
domain,
emailAddress,
expirationTime,
inheritedPermissionsDisabled,
kind,
pendingOwner,
permissionDetails,
photoLink,
role,
teamDrivePermissionDetails,
type,
view
FROM googleworkspace.drivev3.permissions
WHERE fileId = '{{ fileId }}' -- required
AND permissionId = '{{ permissionId }}' -- required
AND supportsAllDrives = '{{ supportsAllDrives }}'
AND supportsTeamDrives = '{{ supportsTeamDrives }}'
AND useDomainAdminAccess = '{{ useDomainAdminAccess }}'
;

Lists a file's or shared drive's permissions.

SELECT
id,
allowFileDiscovery,
deleted,
displayName,
domain,
emailAddress,
expirationTime,
inheritedPermissionsDisabled,
kind,
pendingOwner,
permissionDetails,
photoLink,
role,
teamDrivePermissionDetails,
type,
view
FROM googleworkspace.drivev3.permissions
WHERE fileId = '{{ fileId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND supportsAllDrives = '{{ supportsAllDrives }}'
AND supportsTeamDrives = '{{ supportsTeamDrives }}'
AND useDomainAdminAccess = '{{ useDomainAdminAccess }}'
AND includePermissionsForView = '{{ includePermissionsForView }}'
;

`INSERT` examples

create
Manifest

Creates a permission for a file or shared drive. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied.

INSERT INTO googleworkspace.drivev3.permissions (
data__id,
data__displayName,
data__type,
data__kind,
data__photoLink,
data__emailAddress,
data__role,
data__allowFileDiscovery,
data__domain,
data__expirationTime,
data__deleted,
data__view,
data__pendingOwner,
data__inheritedPermissionsDisabled,
fileId,
emailMessage,
enforceSingleParent,
moveToNewOwnersRoot,
sendNotificationEmail,
supportsAllDrives,
supportsTeamDrives,
transferOwnership,
useDomainAdminAccess,
enforceExpansiveAccess
)
SELECT 
'{{ id }}',
'{{ displayName }}',
'{{ type }}',
'{{ kind }}',
'{{ photoLink }}',
'{{ emailAddress }}',
'{{ role }}',
{{ allowFileDiscovery }},
'{{ domain }}',
'{{ expirationTime }}',
{{ deleted }},
'{{ view }}',
{{ pendingOwner }},
{{ inheritedPermissionsDisabled }},
'{{ fileId }}',
'{{ emailMessage }}',
'{{ enforceSingleParent }}',
'{{ moveToNewOwnersRoot }}',
'{{ sendNotificationEmail }}',
'{{ supportsAllDrives }}',
'{{ supportsTeamDrives }}',
'{{ transferOwnership }}',
'{{ useDomainAdminAccess }}',
'{{ enforceExpansiveAccess }}'
RETURNING
id,
allowFileDiscovery,
deleted,
displayName,
domain,
emailAddress,
expirationTime,
inheritedPermissionsDisabled,
kind,
pendingOwner,
permissionDetails,
photoLink,
role,
teamDrivePermissionDetails,
type,
view
;

# Description fields are for documentation purposes
- name: permissions
  props:
    - name: fileId
      value: string
      description: Required parameter for the permissions resource.
    - name: id
      value: string
      description: >
        Output only. The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as `permissionId`. IDs should be treated as opaque values.
        
    - name: displayName
      value: string
      description: >
        Output only. The "pretty" name of the value of the permission. The following is a list of examples for each type of permission: * `user` - User's full name, as defined for their Google account, such as "Joe Smith." * `group` - Name of the Google Group, such as "The Company Administrators." * `domain` - String domain name, such as "thecompany.com." * `anyone` - No `displayName` is present.
        
    - name: type
      value: string
      description: >
        The type of the grantee. Valid values are: * `user` * `group` * `domain` * `anyone` When creating a permission, if `type` is `user` or `group`, you must provide an `emailAddress` for the user or group. When `type` is `domain`, you must provide a `domain`. There isn't extra information required for an `anyone` type.
        
    - name: kind
      value: string
      description: >
        Output only. Identifies what kind of resource this is. Value: the fixed string `"drive#permission"`.
        
      default: drive#permission
    - name: photoLink
      value: string
      description: >
        Output only. A link to the user's profile photo, if available.
        
    - name: emailAddress
      value: string
      description: >
        The email address of the user or group to which this permission refers.
        
    - name: role
      value: string
      description: >
        The role granted by this permission. While new values may be supported in the future, the following are currently allowed: * `owner` * `organizer` * `fileOrganizer` * `writer` * `commenter` * `reader`
        
    - name: allowFileDiscovery
      value: boolean
      description: >
        Whether the permission allows the file to be discovered through search. This is only applicable for permissions of type `domain` or `anyone`.
        
    - name: domain
      value: string
      description: >
        The domain to which this permission refers.
        
    - name: expirationTime
      value: string
      description: >
        The time at which this permission will expire (RFC 3339 date-time). Expiration times have the following restrictions: - They can only be set on user and group permissions - The time must be in the future - The time cannot be more than a year in the future
        
    - name: deleted
      value: boolean
      description: >
        Output only. Whether the account associated with this permission has been deleted. This field only pertains to user and group permissions.
        
    - name: view
      value: string
      description: >
        Indicates the view for this permission. Only populated for permissions that belong to a view. published and metadata are the only supported values. - published: The permission's role is published_reader. - metadata: The item is only visible to the metadata view because the item has limited access and the scope has at least read access to the parent. Note: The metadata view is currently only supported on folders. 
        
    - name: pendingOwner
      value: boolean
      description: >
        Whether the account associated with this permission is a pending owner. Only populated for `user` type permissions for files that are not in a shared drive.
        
    - name: inheritedPermissionsDisabled
      value: boolean
      description: >
        When true, only organizers, owners, and users with permissions added directly on the item can access it.
        
    - name: emailMessage
      value: string
    - name: enforceSingleParent
      value: boolean
    - name: moveToNewOwnersRoot
      value: boolean
    - name: sendNotificationEmail
      value: boolean
    - name: supportsAllDrives
      value: boolean
    - name: supportsTeamDrives
      value: boolean
    - name: transferOwnership
      value: boolean
    - name: useDomainAdminAccess
      value: boolean
    - name: enforceExpansiveAccess
      value: boolean

`UPDATE` examples

update

Updates a permission with patch semantics. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied.

UPDATE googleworkspace.drivev3.permissions
SET 
data__id = '{{ id }}',
data__displayName = '{{ displayName }}',
data__type = '{{ type }}',
data__kind = '{{ kind }}',
data__photoLink = '{{ photoLink }}',
data__emailAddress = '{{ emailAddress }}',
data__role = '{{ role }}',
data__allowFileDiscovery = {{ allowFileDiscovery }},
data__domain = '{{ domain }}',
data__expirationTime = '{{ expirationTime }}',
data__deleted = {{ deleted }},
data__view = '{{ view }}',
data__pendingOwner = {{ pendingOwner }},
data__inheritedPermissionsDisabled = {{ inheritedPermissionsDisabled }}
WHERE 
fileId = '{{ fileId }}' --required
AND permissionId = '{{ permissionId }}' --required
AND removeExpiration = {{ removeExpiration}}
AND supportsAllDrives = {{ supportsAllDrives}}
AND supportsTeamDrives = {{ supportsTeamDrives}}
AND transferOwnership = {{ transferOwnership}}
AND useDomainAdminAccess = {{ useDomainAdminAccess}}
AND enforceExpansiveAccess = {{ enforceExpansiveAccess}}
RETURNING
id,
allowFileDiscovery,
deleted,
displayName,
domain,
emailAddress,
expirationTime,
inheritedPermissionsDisabled,
kind,
pendingOwner,
permissionDetails,
photoLink,
role,
teamDrivePermissionDetails,
type,
view;

`DELETE` examples

delete

Deletes a permission. Warning: Concurrent permissions operations on the same file are not supported; only the last update is applied.

DELETE FROM googleworkspace.drivev3.permissions
WHERE fileId = '{{ fileId }}' --required
AND permissionId = '{{ permissionId }}' --required
AND supportsAllDrives = '{{ supportsAllDrives }}'
AND supportsTeamDrives = '{{ supportsTeamDrives }}'
AND useDomainAdminAccess = '{{ useDomainAdminAccess }}'
AND enforceExpansiveAccess = '{{ enforceExpansiveAccess }}'
;

Overview​

Fields​

Methods​

Parameters​

SELECT examples​

INSERT examples​

UPDATE examples​

DELETE examples​