Shared Drive sub-folder sharing restrictions

EGG · 11-10-2023 09:26 AM

It appears Google Shared Drive sharing functionality has changed recently to be less precise and granular than it was. Has anyone else encountered this issue? If so, how are you handling this?

Issue description:

One of our organization's shared drives contains sensitive data and is only shared with the executive team. Within that shared drive, we have subsidiary folders organized based on each corporation we have. We share data from these sub-folders with our accounting firm, and it's convenient to send them a link to each entity. However, within those entity folders, there may be information that is not strictly financial or tax-related that may not be appropriate to share with the accounting firm. Accordingly, we'd like to restrict sharing permissions to certain sub-folder and files per shared entity sub-folder. I discovered that this functionality has recently changed, no longer works like it used to, and requires changing the top-level folder sharing to be the same as sub-folders and files. This oddly arbitrary sharing restriction in comparison to MyDrive functionality makes Shared Drive data organization impossible on any basis other than who the data is shared with. Why the difference between MyDrive and Shared Drive sub-folder sharing functionality?

Links to the Google Support chat transcript and screen captures of functionality differences between MyDrive and Shared Drives are provided for reference.

icrew

Shared Drives have always used a "waterfall" or "additive" permissions model, not allowing subfolders to be restricted more than their parent folders.

This is pretty common throughout the cloud storage space--for example, Google Drive's competitor Box does this and they have a pretty nice video explaining it: https://support.box.com/hc/en-us/articles/360043697254-Understanding-Folder-Permissions

It definitely takes some rethinking to adapt to this model, but it also often works out better in the end, as waterfall permissions are generally easier to understand and maintain long term.

Hope that helps,

Ian

EGG

It's unnecessarily restrictive and arbitrary, especially given that MyDrive has the ability to restrict sub-folder and file sharing. Some major business models don't function as hierarchies anymore, but rather cooperatively, which I thought was the entire reason for the Google Drive sharing model. As it currently functions, data organization is forced to adhere to a model based on who it's shared with rather than a topical or legal entity basis (or any other method, really). For example, within the 7 different corporation folders we maintain, we keep financial, HR, vendor, contractual, legal/org, corporate board data, etc., and not all of that should be shared with everyone. We'd like to share the entity level folder with our accounting firm, for example, but restrict access to entity sub-folders that aren't financial or tax related. The suggested solution from Google is to reorganize the data based on "teams" or functionality of people with whom the data is shared. This would require us to create shared drives for each sub-segment of each organization because we can't organize the data on any other basis other than who we're sharing the information with. Our Shared Drive structure would explode and become more difficult to administer on a per entity basis. Why would I want 80 shared drives / folders based on who they're shared with / functional role? That doesn't sound like like a simpler solution. In terms of maintenance, Google has great search functionality, particularly in terms of ownership / sharing permissions, so I don't view that as a concern.