Blogs
How to audit shared drives permissions in Google Drive
Feb 27, 2024
Niek Waarbroek
How to audit shared drives permissions in Google Drive
27/02/2024
—
Are you looking for an efficient way to get an overview of all shared drives and their access permissions within your organization? Whether you’re navigating a company reorganization or implementing security procedures, accessing this information can be challenging.
Why should you audit shared drive permissions in Google Drive
It is crucial to audit shared drives permissions to ensure that your data in Google Drive is secure. The potential risk of shared drives is that permissions are inherited by all folders and documents within them. This means that if someone who shouldn’t have access is added at the shared drive level, they will be able to access all documents and folders within, including any confidential information.
Considering that businesses utilizing Google Drive often store their most sensitive data in shared drives, it is wise to include a shared drive audit into your standard security processes if you have not already done so. Wouldn’t you agree that having an overview of who has access to your company data is essential to ensure its security?
Here are some suggested practices based on my observations during my time working as a Google Workspace consultant, developer, and trainer:
Shared drives security check: Get a list of shared drives with their permissions per department and ask department managers to verify if any users need to be removed. Revoking access after a project is finished is often overlooked.
Compliance requirements: proving compliance with data protection regulations might require you to provide a list of shared drives and their permissions.
Regular monitoring: regularly review shared drives permissions to detect any unusual activity, such as sudden spikes in newly added users.
In addition, having a list of all shared drives and their permissions becomes essential during company restructuring. During company split or reorganization, identifying shared drives and their permissions is necessary to determine which data needs to be migrated.
The challenge of auditing shared drive permissions in Google Drive
In the Google Admin Console, you can view a list of all shared drives, but to see the access permissions for each drive, you must click on “Manage members” individually for each shared drive. There is no efficient way to get a complete list of all shared drives with their permissions, which is especially challenging for companies with a lot of shared drives.
The challenge of auditing shared drive permissions in Google Drive
In the Google Admin Console, you can view a list of all shared drives, but to see the access permissions for each drive, you must click on “Manage members” individually for each shared drive. There is no efficient way to get a complete list of all shared drives with their permissions, which is especially challenging for companies with a lot of shared drives.
To address this challenge, I have developed a Google Apps script, which I share with you below. It generates a list of all shared drives within your organization and displays all associated permissions for each drive.
How to audit shared drive permissions in Google Drive
Here is how you can use the script effectively (note: the script can only be run by an Admin):
Step 1: Open Shared Drive Overview and make a copy.
Step 2: Open the copy and click on Extensions -> Shared Drives Overview -> List Shared Drives.
Step 3: You will be asked to grant permission the first time you run the script. Go through the steps.
Step 4: Click again on Extensions -> Shared Drives Overview -> List Shared Drives.
Now that the script is authorized, it will gather information about all shared drives. A new tab will be created in your Google Sheet, called “Drives”. This sheet will contain a list with the following columns:
Shared drive ID
Shared drive name
Status: this column indicates the sync status
Step 5: Click Extensions -> Shared Drives Overview -> List permissions.
The script will sync shared drives permissions, you can see the progress in the drives sheet. If you have a large number of shared drives the script may pause for a few minutes before resuming the sync, this has to do with Google Apps Script limitations.
The resulting Google Sheet will consist of two tabs: one containing a list of all shared drives, and another displaying the permissions for each shared drive. From here, you can verify that only authorized users have access to each shared drive. Note that this overview only covers users and groups with permissions at the shared drive level. Individual files and folders within the shared drives may be shared directly with other users or groups, which will not be reflected in this overview.
Note: the permissions listed in the sheet are named differently than those in Google Drive, which is due to the technical naming used in the API. Here’s how the roles correspond:
Manager is “organizer”
Content manager is “file organizer”
Contributor is “writer”
Viewer is “reader”
Commenter is the same
Audit and manage shared drives permissions effectively
While the app script is a good starting point, ensuring the security of your data in shared drives may require more.
You may want to check how many files are in each shared drive and how many are shared with anyone with the link, or how many are shared with edit rights. This becomes especially important for shared drives that usually contain sensitive data, such as PII or confidential projects. Simply being able to see how many files are externally shared, or shared with a whole domain, can help identify vulnerabilities and prevent potential security breaches.
Beyond just getting an overview, you might also need a way to fix any issues quickly, like removing access for users or groups who shouldn’t have it anymore. If you are looking for a deeper level of visibility and control of shared drives, I have good news for you!
In my career as a Google Developer Expert, I have seen many organizations struggle with achieving a centralized, organization-wide view and control of file sharing in Google Drive. That is why I created Florbs. I believe you deserve a tool that enables you to identify who has access to your files and empowers you to proactively protect it.
As an admin, in Florbs you can see the overview of all shared drives owned by your organization in just one click:
In Florbs, you can see an overview of file access permissions for each shared drive owned by your organization, and zoom in on anything that doesn’t seem right. Does the “Legal” shared drive usually contain confidential data, but half of the files are shared with “Anyone with the link”? You can click through to see the list of these files and make sure there’s no data leak threat.
Is there a policy requiring files in shared drives to be properly labeled, but the “HR” shared drive is full of unlabeled files? Florbs helps you identify users that may need additional training.
Florbs also lets you view and manage access to each shared drive at the drive level, with the ability to adjust settings as needed. For example, you can control who is allowed to download, print, copy, or share files and folders.
