When using shared drives you can add users to a file or subfolder and at the drive level. If the user already had rights, say Editor, to a file and then you add them as Content Manager to the drive the inherited rights seem to wipe out any file or subfolder upgraded or explicity granted right. This is not correct behavour since if you later remove the person from the shared drive any previously granted Content Manager rights to subfolders or Editor rights to files are gone. This has caused some annoying problems when temporarily granting rights or cleaning up prior rights granted to individual users into a new group.
This effect also occurs simply at a Folder and File level. I.E. Say a user has Editor rights to a file and then are granted Content Manager rights to a parent folder. If you subsequently remove the parent folder rights from that user then the file editor rights also disappear. Strangly this is actually in complete contradition to the popup that occurs when you do this. It says:
"This person may still have access to some files. - Files this person has upgraded permissions on will not be affected."
I presume this is Google trying to be a little too efficient or smart for their own good and wiping seeming redudant or dual rights for the same user when new inherited rights are refreshed and flow down the tree. This has the potential for much annoyance and confusion in a dynamic organization or where roles shift around. Any rights granted at a particular level should be maintainted and not "normalized" when a new inheritance flows down.
If you really need to strip rights then there should be a separate tool or script that can traverse the directory tree and do that on individual file/folder rights tables.
P.S. I know the main preventative "solution" is to usually grant right with, presumable more stable, groups and then add and remove members. However this really just abstracts the problem to another level since in principle you could have the same problem when changing around groups.
LinkedIn
Twitter
