Open in app

Sign in

Write

Sign in

Shared drive vs. My Drive — Admin permissions

Akshit Baunthiyal
3 min readMay 27, 2021

--

Recently, I came across an issue which I couldn’t figure the solution of. A user, even though was allowed to share data outside the domain, still could not add external users to a shared drive. Talking about Google Drive here.

Some things to note -

  • Data sharing outside the domain was limited to whitelisted domains over the root OU
  • The user had his permission to allow sharing stuff outside the domain through an access group (https://support.google.com/a/answer/9050643?hl=en). This group basically overrode the permission granted using the root OU settings.

The reason was simple enough although I couldn’t figure it out initially. This has been discussed in an article here — https://support.google.com/a/answer/7662202?hl=en#zippy=%2Cset-file-sharing-permissions

So what happened? Shared drives use the top-level organization settings.

Let’s try to understand this with the help of an example -

  • On the top level OU, sharing outside the domain is allowed only for whitelisted domains.
  • Using an access group, this setting is overridden to allow the user to share files outside the domain (regardless of whether the domain is whitelisted or not).
  • In such a case, the user will be allowed to share files from his own drive (My Drive) to anyone on the internet.
  • However, despite point 2, the same user will not be allowed to add external users (who are not members of any of the whitelisted domains) to a shared drive, nor will they be able to share files that are inside a shared drive to outside entities such as the ones above.

In the above example, the user in question (akshit.baunthy@bytewavedigital.net) is a member of the group Allowed to share outside. This group was used to override root OU settings in a way that allowed members of the group to share files outside the domain.

They can share files from My Drive just fine, but the issue comes with trying to add member to (or share files from) a shared drive.

This makes sense since shared drives are not owned by a single user and neither are the files. So permission applying over a user will not apply to them. For some time, I just took this for granted and assumed that the permissions I was applying were across users and shared drives.

So the gist of this writeup is that settings for a shared drive cannot be overridden by an OU or group settings. Those are managed by the root OU. Lessons learned -

  • Read through support articles thoroughly.
  • Every setting in the admin console is there for a reason. Learn more links are good resources.

You can read more about access groups here — https://support.google.com/a/answer/9050643?hl=en

Some information about shared drive permissions can be found here — https://support.google.com/a/answer/7662202?hl=en#zippy=%2Cset-file-sharing-permissions

Happy Thursday?

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Google
Google Drive
Shared Drives
Google Admin
Access Groups

--

--

Akshit Baunthiyal
Akshit Baunthiyal

Written by Akshit Baunthiyal

2 Followers
6 Following

I'm a Google Workspace admin who sometimes dabbles in code.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams