Do you know Sakoku?
Sakoku (ιε½, “locked country”) was the isolationist foreign policy of the Japanese Tokugawa shogunate under which, for a period of 214 years during the Edo period (from 1603 to 1868), relations and trade between Japan and other countries were severely limited, and nearly all foreign nationals were barred from entering Japan, while common Japanese people were kept from leaving the country.
Wikipedia
Today, it would be foolish to deny access to everything, but a certain amount of Sakoku is necessary to protect important data, right? π
If you are managing your data in Google Drive, you can set permissions on files and folders to properly restrict access.
Permission management issues
Are you using Google Drive to share information with your staff? As the number of staff members increases, it can become increasingly difficult to manage permissions properly.
For example, for John, A is read-only, B is writable, and C is writable but for Mary A is read-only, B is writable, and C is read-only. If you have three folders or files and a staff of two, it may not be a big deal, but if you have more than that, setting proper permissions on each one can get annoying.
A tiny tool to synchronize permissions
I faced a similar issue. As the members of the team changed from time to time, setting access rights for each folder became a cost that could not be ignored.
So I used Google Apps Script to create a tool to synchronize the permissions management table with the actual permissions. π
Enter the member’s Gmail address in the first column of the table for permission management, and enter the ID of the file or folder in the header of each column. In each cell, enter R (=read-only) or W (=writable). (A blank space means no access.)
Then, run the syncPermissions function by clicking the Run button to synchronize the permission settings. You can also run the function in the Apps Script Editor (You can even also set the Trigger to run at night.)
I used the Drive API (v2) this time. This is because changing permissions using the default File and Folder classes will cause emails to be sent to the user (there is no feature to turn off this behavior).
To use the Drive API (v2), you need to open the Advanced Google Services dialog in the Classic Editor and turn on the Drive API (v2). However, if you copy the spreadsheet I created, this setting will be carried over, so you don’t need to do anything.
Since this script may take a long time to run (setting permissions takes some time), I used my own class LongRun for long-time execution.
For more information about the LongRun class, please refer to this article.
Github repository
If you would like to use it, please visit the repository here. π
I feel that the possibilities for information management with Google Drive are endless. I’ll be sure to share more good info with you!
I’ve made some improvements(ADDED 2/18/2022)
When I published this tool, I received the following comments.
So I improved it so that the user can choose whether or not to process only the selection before execution. π
Thank you 1ntr0v3rt3ch! It’s nice to get proper feedback from the community. π
4 Responses
Very helpful tool, thank you! Another idea to consider is an βanalyzeβ function.
Use case: Make copy of Above sheet and place in topmost parent folder of the assets you would like this tool to manage (assuming you want to manage a single shared folder and many many child folders). Then run the Analyze function to recursively get the folder/file structure and populate the assets column headers of the tool. (This may also require your longRun class.)
Just an idea for your consideration for when you are bored some day π
Thanks for your good idea, Clark!
If I expand a lot of assets horizontally in a column, it may be difficult to see them, so I may need to be creative.
I’ll consider it.
BE AWARE !!!!!!!!!!!!!!! HEADS UP!!!!!!!!!!!
This script does not fill the spreadsheet, but deletes ALL Shares from all selected spreadsheets!!!!!!!!!!!!!!!!!!!!!!!!!!!
– – – – – YOU HAVE TO FILL YOUR SHEET WITH REQUIRED PERMISSIONS FIRST – – – – –
I ran into this problem because there is no explanation in which direction the sync is going. It is going from the sheet to the file permissions! So if you do not fill the R’s and W’s all shares will be deleted!
It would be nice to have a choice to have a first run to read the existing situation and a choice of reading or writing from/to file with a warning before actually writing.
Used in the right way it is a very helpful sheet. It makes managing permissions so much easier. Although I agree that filling the columns with many files will be more difficult. A creative solution to this is indeed needed.
Thanks for your comment!
I think you are right.
For now, when the confirm dialog is displayed, I emphasized that blank spaces will remove access rights.
I also appreciate your idea of investigating access rights.