A shared drive is an organizational structure within Google Drive that lives parallel to My Drive. Shared drives support files owned by an organization rather than an individual user. An individual file may be organized within a shared drive or My Drive, but not both.
Shared drives use a similar permission model as other content in Drive. Unlike files in My Drive, content located within a shared drive is owned by a group of users. For more information about permissions, refer to Share files, folders, and drives.
Like items in My Drive, permissions on parent items propagate downward to their children. However, within a shared drive, permissions are strictly expansive. For example, a user that has a role of commenter for a shared drive cannot have their access level reduced at another point within the folder hierarchy. However, their access can be increased for a certain set of files.
Shared drive files must have exactly one parent. This means that shared drive files belong to a single shared drive and are located in a single location within that shared drive. Having a single location simplifies permission rules for shared drive files.
Member vs. file access
There are two classes of permissions in shared drives:
- Member permissions are for users who have been granted access to the shared drive itself, either directly or through a group. Members can view the shared drive metadata, such as the shared drive's name. Members have access to all files within the shared drive, with the access level depending on the role given to the member (e.g. reader, writer).
- File access permissions are for users who have been granted access to a subset of the files in the shared drive. For example, sharing a single file to a user creates a file access permission.
An individual user may be a member of a shared drive and have file access permissions for files contained within the shared drive. A file access permission may be superseded if the user's membership in the shared drive grants them a greater level of access. These file permissions are revoked when the user is no longer a member of the shared drive, or their member access level is reduced.
Specific roles for shared drives
As with items in My Drive, each user is granted access with a specific role. Two additional roles have been added for shared drives:
fileOrganizerrole allows users to organize files within a shared drive and to move content into the Trash.
organizerrole grants the same privileges as the
fileOrganizerand allows users to permanently remove content and modify shared drive name and membership.
owner role is not allowed in shared drives.
For more information about the capabilities of different roles in a shared drive, refer to Share files, folders and drives.
Members and organizer rules
Shared drives have both an
memberCount fields. The values
for these fields can decide who can access the shared drive. Following are
the rules for
- A shared drive with an
organizerCountof zero can only be managed by an administrator.
- A shared drive with a
memberCountof zero can only be accessed by an administrator.
- A shared drive with an
memberCountgreater than zero can only be accessed by an administrator if the remaining permissions are for empty groups, or external users that were added prior to disabling sharing outside the domain.
memberCountfields do not distinguish between members of the organization and external members.
- Files inside a shared drive with a
memberCountof zero can be accessed by entities written on the file permission.