This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Permissions for nested folders in a Shared Drive

Posted on 11-11-2021 12:39 PM
joshgold21
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Just found out that a shared drive cannot have permissions applied to folders nested within it. 

This seems crazy. We have an HR folder that all of HR accesses and some folders only senior HR should have access to.  I will request a feature but I have not been accepted into the group yet. 

Other admins must have the same concerns. Google told me the solution to create another drive for 1 folder ?  That will be impossible to administer.

Does anyone else have this concern or a solution? 

Thanks!

7 10 3,558
Topic Labels
10 REPLIES 10

Posted on --/--/---- --:-- AM
icrew
Gold 3
Gold 3
Reply posted on --/--/---- --:-- AM

Hi @joshgold21 :

This is indeed a question that comes up fairly frequently. Check out the discussion from a few months ago at https://www.googlecloudcommunity.com/gc/Workspace-Q-A/Granular-Graduated-Permissions-in-Shared-Drive... where it was discussed in a fair degree of detail.

Hope that helps, at least a little,

Ian

Posted on --/--/---- --:-- AM
joshgold21
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Thanks very much. I will try and figure a workaround but boy is it cumbersome. I was shocked that it could not be done. I thought I was just looking in the wrong place.

Posted on --/--/---- --:-- AM
ReidCoCam
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Two years later and we are still dealing with this nonsense. I cannot believe they want to make an IDP/storage platform that can compete with Active Directory and still fail and simple permission fundamentals.

Posted on --/--/---- --:-- AM
icrew
Gold 3
Gold 3
In response to ReidCoCam
Reply posted on --/--/---- --:-- AM

"Waterfall" or "additive" permissions definitely take some getting used to. And Google is only one of many vendors adopting that model. Personally, I think they are actually a good bit more maintainable and secure, once you get your head around them. 

As I mentioned above, this gets discussed here pretty frequently. See https://www.googlecloudcommunity.com/gc/Workspace-Q-A/Granular-Graduated-Permissions-in-Shared-Drive... for one of the more useful threads on that subject.

Hope that helps, at least a little,

Ian

0 Likes

Posted on --/--/---- --:-- AM
Michaelkildery
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

"I understand your concern regarding permissions on nested folders within a shared drive in Google Workspace. As of my last update in September 2021, Google Drive didn't allow direct permissions on nested folders within a shared drive. Permissions applied to the entire shared drive would affect all the folders and files within it.

Google often makes updates and improvements to its products, so it's possible that there have been changes or that new features are being developed to address this issue.

However, until a more direct solution is implemented, you might consider the following alternatives:

  1. Create a sub-shared drive: An alternative is to create a sub-shared drive specifically for the folders that require different permissions. This way, you can apply distinct permissions to this sub-shared drive without affecting the rest of the shared drive.

  2. Use permission groups: Instead of applying permissions directly to folders, you can create permission groups and add members to the groups with the appropriate permissions. Then, simply add these groups to the folders that need specific permissions.

  3. Wait for updates or additional features: Regularly check Google Workspace updates, as new features may be added to improve permissions management in shared drives.

  4. Contact support: If the current limitation is a significant obstacle to your needs, it's advisable to contact Google Workspace support and share your concerns. They can provide specific guidance and, in some cases, suggest temporary solutions.

Remember that the ability to manage permissions on nested folders may evolve over time as Google Workspace continues to be enhanced. Therefore, it's important to stay updated with the latest updates and features of the platform."

Posted on --/--/---- --:-- AM
ReidCoCam
Bronze 3
Bronze 3
In response to Michaelkildery
Reply posted on --/--/---- --:-- AM
@Michaelkildery wrote:

Create a sub-shared drive: An alternative is to create a sub-shared drive specifically for the folders that require different permissions. This way, you can apply distinct permissions to this sub-shared drive without affecting the rest of the shared drive.

Can you explain in more detail what you mean by this? The way I would like to structure my folder structure is: Accounting and Finance > Accounting/Finance/Contracts/Et al. So I need everyone from Accounting and Finance to have access, but I only want the Accounting team to have access to the Accounting sub-folder within the Accounting and Finance Shared Drive. However, I have no way of removing the Finance group from the Accounting folder because it's inheriting permissions from the root Shared Drive directory.

I've included links to my Sharing settings to better explain my situation.SharedDrives1.pngSharedDrives2.png

Thanks.

0 Likes

Posted on --/--/---- --:-- AM
pmeinersmann
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

You can do this, but the user experience isn't great.

Shared Drive "Accounting and Finance" - No users added (This is the essential piece, but also causes the bad user experience)

Sub-Folder "Accounting" - Users from Accounting added

Sub-Folder "Finance" - Users from Finance added

The problem arises in that using this method doesn't show the Shared Drive in the users' Google Drive.  Instead they see only the folder that has been shared with them under "Shared with me."  It would be better, I think, to show the Shared Drive for all users that have access in any capacity, but only show them the folders/files they actually have access to.

0 Likes

Posted on --/--/---- --:-- AM
Teligence
Bronze 1
Bronze 1
In response to pmeinersmann
Reply posted on --/--/---- --:-- AM

While "User experience" is a consideration - from an IT management perspective it must never - EVER - be at expense of security.

0 Likes

Posted on --/--/---- --:-- AM
KAM
Gold 1
Gold 1
In response to Teligence
Reply posted on --/--/---- --:-- AM

@Teligence I disagree.  It should certainly be minimized and ideally seamless but a primary role of a modern IT administrators is to protect users from the bad guys and themselves.  

We don't do these things to punish users, to make their lives difficult, or to slow down their work but many are necessary due to factors way outside the average persons control.

In any case, you CAN have permissions applied to folders under a shared drive. However, Google only supports an "additive" not a "subtractive" model.  So you can make a folder available to extra people but you can't take them away.

We often use a shared drive such as for proposals with only managers having access to the main root drive.  Then a folder is created and the proposal team is given access to that folder.  

Perhaps this is helpful? -KAM

0 Likes

Posted on --/--/---- --:-- AM
Teligence
Bronze 1
Bronze 1
In response to KAM
Reply posted on --/--/---- --:-- AM
I disagree with your disagreement. The reason users are protected is the
DATA that they have access to. Data management of trained, qualified,
vetted, responsible, and accountable users following approved procedures
can be given appropriate rights and any subsequent unauthorized access is
then restricted. IT admins can manage the way data is accessed, and in some
cases - even used, but IT admin CANNOT control the actions or intentions of
users.
0 Likes
Top Labels in this Space