How to audit shared drives permissions in Google Drive

drive audit featured
Are you looking for an efficient way to get an overview of all shared drives and their access permissions within your organization? Whether you’re navigating a company reorganization or implementing security procedures, accessing this information can be challenging.

Table of Contents

Why should you audit shared drive permissions in Google Drive​

It is crucial to audit shared drives permissions to ensure that your data in Google Drive is secure. The potential risk of shared drives is that permissions are inherited by all folders and documents within them. This means that if someone who shouldn’t have access is added at the shared drive level, they will be able to access all documents and folders within, including any confidential information. 

Considering that businesses utilizing Google Drive often store their most sensitive data in shared drives, it is wise to include a shared drive audit into your standard security processes if you have not already done so. Wouldn’t you agree that having an overview of who has access to your company data is essential to ensure its security?

Here are some suggested practices based on my observations during my time working as a Google Workspace consultant, developer, and trainer:

In addition, having a list of all shared drives and their permissions becomes essential during company restructuring. During company split or reorganization, identifying shared drives and their permissions is necessary to determine which data needs to be migrated.

The challenge of auditing shared drive permissions in Google Drive

In the Google Admin Console, you can view a list of all shared drives, but to see the access permissions for each drive, you must click on “Manage members” individually for each shared drive. There is no efficient way to get a complete list of all shared drives with their permissions, which is especially challenging for companies with a lot of shared drives. 

drive audit 1

To address this challenge, I have developed a Google Apps script, which I share with you below. It generates a list of all shared drives within your organization and displays all associated permissions for each drive.

How to audit shared drive permissions in Google Drive

Here is how you can use the script effectively (note: the script can only be run by an Admin):

Step 1: Open Shared Drive Overview and make a copy. 

drive audit 2

Step 2: Open the copy and click on Extensions -> Shared Drives Overview -> List Shared Drives.

drive audit 3

Step 3: You will be asked to grant permission the first time you run the script. Go through the steps.

Step 4: Click again on Extensions -> Shared Drives Overview -> List Shared Drives.

Now that the script is authorized, it will gather information about all shared drives. A new tab will be created in your Google Sheet, called “Drives”. This sheet will contain a list with the following columns: 

 

  • Shared drive ID
  • Shared drive name
  • Status: this column indicates the sync status
 
drive audit 4

Step 5: Click Extensions -> Shared Drives Overview -> List permissions.

The script will sync shared drives permissions, you can see the progress in the drives sheet. If you have a large number of shared drives the script may pause for a few minutes before resuming the sync, this has to do with Google Apps Script limitations.

The resulting Google Sheet will consist of two tabs: one containing a list of all shared drives, and another displaying the permissions for each shared drive. From here, you can verify that only authorized users have access to each shared drive. Note that this overview only covers users and groups with permissions at the shared drive level. Individual files and folders within the shared drives may be shared directly with other users or groups, which will not be reflected in this overview.

 

drive audit 5

Note: the permissions listed in the sheet are named differently than those in Google Drive, which is due to the technical naming used in the API. Here’s how the roles correspond:

  • Manager is “organizer”
  • Content manager is “file organizer”
  • Contributor is “writer”
  • Viewer is “reader”
  • Commenter is the same

Audit and manage shared drives permissions effectively

While the app script is a good starting point, ensuring the security of your data in shared drives may require more.

You may want to check how many files are in each shared drive and how many are shared with anyone with the link, or how many are shared with edit rights. This becomes especially important for shared drives that usually contain sensitive data, such as PII or confidential projects. Simply being able to see how many files are externally shared, or shared with a whole domain, can help identify vulnerabilities and prevent potential security breaches.

Beyond just getting an overview, you might also need a way to fix any issues quickly, like removing access for users or groups who shouldn’t have it anymore. If you are looking for a deeper level of visibility and control of shared drives, I have good news for you!

In my career as a Google Developer Expert, I have seen many organizations struggle with achieving a centralized, organization-wide view and control of file sharing in Google Drive. That is why I created Florbs. I believe you deserve a tool that enables you to identify who has access to your files and empowers you to proactively protect it.

 

About the author

Follow us on LinkedIn for Google Workspace tips