REST Resource: permissions

Resource: Permission

A permission for a file. A permission grants a user, group, domain, or the world access to a file or a folder hierarchy.

By default, permissions requests only return a subset of fields. Permission kind, ID, type, and role are always returned. To retrieve specific fields, see https://developers.google.com/drive/api/guides/fields-parameter.

Some resource methods (such as permissions.update) require a permissionId. Use the permissions.list method to retrieve the ID for a file, folder, or shared drive.

JSON representation 
{
  "id": string,
  "displayName": string,
  "type": string,
  "kind": string,
  "permissionDetails": [
    {
      "permissionType": string,
      "inheritedFrom": string,
      "role": string,
      "inherited": boolean
    }
  ],
  "photoLink": string,
  "emailAddress": string,
  "role": string,
  "allowFileDiscovery": boolean,
  "domain": string,
  "expirationTime": string,
  "teamDrivePermissionDetails": [
    {
      "teamDrivePermissionType": string,
      "inheritedFrom": string,
      "role": string,
      "inherited": boolean
    }
  ],
  "deleted": boolean,
  "view": string,
  "pendingOwner": boolean,
  "inheritedPermissionsDisabled": boolean
}
Fields
id

string

Output only. The ID of this permission. This is a unique identifier for the grantee, and is published in User resources as permissionId. IDs should be treated as opaque values.
displayName

string

Output only. The "pretty" name of the value of the permission. The following is a list of examples for each type of permission:

  • user - User's full name, as defined for their Google account, such as "Joe Smith."
  • group - Name of the Google Group, such as "The Company Administrators."
  • domain - String domain name, such as "thecompany.com."
  • anyone - No displayName is present.
type

string

The type of the grantee. Valid values are:

  • user
  • group
  • domain
  • anyone

When creating a permission, if type is user or group, you must provide an emailAddress for the user or group. When type is domain, you must provide a domain. There isn't extra information required for an anyone type.
kind

string

Output only. Identifies what kind of resource this is. Value: the fixed string "drive#permission".
permissionDetails[]

object

Output only. Details of whether the permissions on this item are inherited or directly on this item.
permissionDetails[].permissionType

string

Output only. The permission type for this user. While new values may be added in future, the following are currently possible:

  • file
  • member
permissionDetails[].inheritedFrom

string

Output only. The ID of the item from which this permission is inherited. This is only populated for items in shared drives.
permissionDetails[].role

string

Output only. The primary role for this user. While new values may be added in the future, the following are currently possible:

  • organizer
  • fileOrganizer
  • writer
  • commenter
  • reader
permissionDetails[].inherited

boolean

Output only. Whether this permission is inherited. This field is always populated. This is an output-only field.
emailAddress

string

The email address of the user or group to which this permission refers.
role

string

The role granted by this permission. While new values may be supported in the future, the following are currently allowed:

  • owner
  • organizer
  • fileOrganizer
  • writer
  • commenter
  • reader
allowFileDiscovery

boolean

Whether the permission allows the file to be discovered through search. This is only applicable for permissions of type domain or anyone.
domain

string

The domain to which this permission refers.
expirationTime

string

The time at which this permission will expire (RFC 3339 date-time). Expiration times have the following restrictions:

  • They can only be set on user and group permissions.
  • The time must be in the future.
  • The time cannot be more than a year in the future.
teamDrivePermissionDetails[]
(deprecated)

object

Output only. Deprecated: Output only. Use permissionDetails instead.
teamDrivePermissionDetails[]
(deprecated).teamDrivePermissionType
(deprecated)

string

Deprecated: Output only. Use permissionDetails/permissionType instead.
teamDrivePermissionDetails[]
(deprecated).inheritedFrom
(deprecated)

string

Deprecated: Output only. Use permissionDetails/inheritedFrom instead.
teamDrivePermissionDetails[]
(deprecated).role
(deprecated)

string

Deprecated: Output only. Use permissionDetails/role instead.
teamDrivePermissionDetails[]
(deprecated).inherited
(deprecated)

boolean

Deprecated: Output only. Use permissionDetails/inherited instead.
deleted

boolean

Output only. Whether the account associated with this permission has been deleted. This field only pertains to user and group permissions.
view

string

Indicates the view for this permission. Only populated for permissions that belong to a view.

published

and

metadata

are the only supported values.

  • published

    : The permission's role is published_reader.

  • metadata

    : The item is only visible to the metadata view because the item has limited access and the scope has at least read access to the parent. Note: The

    metadata

    view is currently only supported on folders.

pendingOwner

boolean

Whether the account associated with this permission is a pending owner. Only populated for user type permissions for files that are not in a shared drive.
inheritedPermissionsDisabled

boolean

When true, only organizers, owners, and users with permissions added directly on the item can access it.

Methods

create

 Creates a permission for a file or shared drive.

delete

 Deletes a permission.

get

 Gets a permission by ID.

list

 Lists a file's or shared drive's permissions.

update

 Updates a permission with patch semantics.