Shared drives overview

A shared drive is an organizational structure within Google Drive that lives parallel to My Drive. Shared drives support files owned by an organization rather than an individual user. An individual file can be organized within a shared drive or My Drive, but not both. However, Drive shortcuts can be used to point to files or folders from shared drives to My Drive, or vice versa.

Access control

Shared drives use a permission model similar to other content in Drive. Unlike files in My Drive, a group of users owns content within a shared drive. For more information about permissions, refer to Share files, folders, and drives.

Permission propagation

Like items in My Drive, permissions on parent items propagate downward to their children. However, within a shared drive, permissions are strictly expansive. For example, a user that has a role of commenter for a shared drive cannot have their access level reduced at another point within the folder hierarchy. However, their access can be increased for a certain set of files.

Shared drive files must have exactly one parent. This means that shared drive files belong to a single shared drive and are located in a single location within that shared drive. Having a single location simplifies permission rules for shared drive files.

Member vs. file access

There are 2 classes of Permissions in shared drives:

  • Member permissions are for users who have been granted access to the shared drive, either directly or through a group. Members can view the shared drive metadata, such as the shared drive's name. Members have access to all files within the shared drive, with the access level depending on the role given to the member, such as "commenter" or "reader."
  • File access permissions are for users who have been granted access to a subset of files in the shared drive. For example, sharing a single file to a user creates a file access permission.

An individual user may be a member of a shared drive and have file access permissions for files contained within the shared drive. A file access permission may be superseded if the user's membership in the shared drive grants them a greater level of access. These file permissions are revoked when the user is no longer a member of the shared drive, or their member access level is reduced.

Specific roles for shared drives

As with items in My Drive, each user is granted access with a specific role. Two additional roles have been added for shared drives:

  • The fileOrganizer role allows users to organize files within a shared drive and to move content into the Trash.
  • The organizer role grants the same privileges as the fileOrganizer and allows users to permanently remove content and modify shared drive name and membership.

The owner role isn't allowed in shared drives.

For more information about the capabilities of different roles in a shared drive, refer to Roles.

Members & organizer rules

Shared drives have both an organizerCount and memberCount fields. The values for these fields can decide who can access the shared drive. These are the rules for organizerCount and memberCount fields:

  • Only administrators can manage a shared drive with an organizerCount of zero.
  • Only administrators can access a shared drive with a memberCount of zero.
  • Only administrators can access a shared drive with an organizerCount or memberCount greater than zero, if the remaining permissions are for empty groups, or external users that were added before turning off sharing outside the domain.
  • The organizerCount and memberCount fields don't distinguish between members of the organization and external members.
  • Entities written on the file permission can access files inside a shared drive with a memberCount of zero.