Drive MCP file eligibility

The Google Drive Model Context Protocol (MCP) server enforces access controls and eligibility rules to determine which files and folders AI agents can interact with.

When tools are invoked, the MCP server evaluates the requesting user and the specific items to prevent unauthorized access and follow security policies.

Eligibility requirements

For AI agents and applications using the Google Drive MCP server, files must pass a series of security, policy, and capability checks. The MCP server evaluates Google Workspace Data Loss Prevention (DLP) rules, but only policies that enforce Information Rights Management (IRM) controls restrict eligibility.

To be eligible for interaction through the MCP server, a file or folder must meet the following criteria:

  • Service availability: The Google Drive service must be enabled for the user's organization in the Google Workspace Admin console.
  • ACL check: The requesting user must have at least read permissions (reader access) on the file or folder.
  • Item-level constraints:
    • IRM (Information Rights Management): If the item has IRM controls preventing downloading, copy-pasting, or printing (including controls enforced by administrator-configured DLP policies), AI agents cannot access it.
    • CAA (Context Aware Access): Evaluated using the file's capabilities.canDownload capability. If CAA policies block access in the client's context (or if context data is missing during offline or background operations), the item is ineligible. If the client context satisfies the CAA requirements, the item remains eligible.
    • Client-side encryption (CSE): Content encrypted with CSE cannot be parsed by AI agents and is ineligible.
  • Special item types:
    • Folders and shortcuts: Folder and shortcut metadata are eligible. However, nested files within folders or target files referenced by shortcuts must independently satisfy all eligibility checks.
  • Undesirable item states:
    • Spam and malware: Items marked as spam or malware are ineligible.
    • Trash: Items in the trash bin are ineligible.

MCP server behavior for ineligible items

If an AI agent attempts to access an ineligible item, the server behavior depends on the type of operation, as described in the following sections.

Single-file operations

For operations targeting a single specific file or folder (such as reading content, downloading, updating metadata, or retrieving permissions), the server returns an error message similar to:

Item metadata cannot be retrieved for item <item id> because it is ineligible to be used in generative AI contexts.

Multi-file and list operations

For operations that retrieve lists or search for multiple files (such as searching files or listing recent files), the server filters out ineligible items from search results or file lists. This may cause discrepancies where a user can view or edit a file in the Google Drive web interface, but the AI agent cannot find or see the file.