Non-Domain Drive ACLs

GetNonDomainDriveACLs.py

Purpose

Find the files shared outside the domain.

URL

https://github.com/taers232c/GAM-Scripts3/blob/master/GetNonDomainDriveACLs.py

Edit

"""

# Purpose: For a Google Drive User(s), show all drive file ACLs for files shared outside of a list of specified domains

# Note: This script can use Basic or Advanced GAM:

# https://github.com/jay0lee/GAM

# https://github.com/taers232c/GAMADV-XTD3

# Customize: Set DOMAIN_LIST, DOMAIN_EXPRESSIONS, EXCLUSIVE_DOMAINS, INCLUDE_ANYONE

#          You specify a list of domains, DOMAIN_LIST, or a list of domain expressions, DOMAIN_EXPRESSIONS

#   Indicate whether these lists are exclusive/inclusive

#          EXCLUSIVE_DOMAINS = True: exclude domains in DOMAIN_LIST/DOMAIN_EXPRESSIONS from the output

#          EXCLUSIVE_DOMAINS = False: include domains in DOMAIN_LIST/DOMAIN_EXPRESSIONS in the output

#          You can include/exclude shares to anyone in the ouput

#          INCLUDE_ANYONE = True: include shares to anyone in the output

#          INCLUDE_ANYONE = False: exclude shares to anyone from the output

# Python: Use python or python3 below as appropriate to your system; verify that you have version 3

#  $ python -V   or   python3 -V

#  Python 3.x.y

# Usage:

# 1: Get ACLs for all files, if you don't want all users, replace all users with your user selection in the command below

#  $ Basic GAM: gam all users print filelist id title permissions owners > filelistperms.csv

#  $ Advanced GAM: You can have GAM do some pre-filtering

#  $ EXCLUSIVE_DOMAINS = True:

#    Add the following clause to the command for each domain in DOMAIN_LIST: pm not domain domainx.com em

#  $ EXCLUSIVE_DOMAINS = False:

#    Add the following clause to the command for each domain in DOMAIN_LIST: pm domain domainx.com em

#  $ INCLUDE_ANYONE = True

#    Add the following clause to the command: pm type anyone em

#  $ gam config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess all users print filelist fields id,name,permissions,owners.emailaddress <pm clauses>

# 2: From that list of ACLs, output a CSV file with headers "Owner,driveFileId,driveFileTitle,permissionId,role,type,emailAddress,domain"

#    that lists the driveFileIds and permissionIds for all ACLs shared with the selected domains.

#    (n.b., role, type, emailAddress, domain and driveFileTitle are not used in the next step, they are included for documentation purposes)

#  $ python3 GetNonDomainDriveACLs.py filelistperms.csv deleteperms.csv

# 3: Inspect deleteperms.csv, verify that it makes sense and then proceed

# 4: If desired, delete the ACLs

#  $ gam csv ./deleteperms.csv gam user "~Owner" delete drivefileacl "~driveFileId" "~permissionId"

"""

GAM Command

All users

gam config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess all users print filelist fields id,title,permissions,owners.emailaddress pm not domain <Domain> em showownedby any

Single User

gam config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess user <User Email Address> print filelist fields id,title,permissions,owners.emailaddress pm not domain <Domain> em showownedby any

OU

gam config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess ou <Path/To/OU> print filelist fields id,title,permissions,owners.emailaddress pm not domain <Domain> em showownedby any

Options

Add pm not domain <Domain> em to exclude domain shared files

Above command will show all files the user(s) have access to, including files shared to them. If you only want files shared by the user then remove showownedby any.

Python Command

Specify a different output file if you want. Start with python3 if you are running Python 3.

python3 GetNonDomainDriveACLs.py filelistperms.csv <Output File Name>.csv

Notes

Users with Read permission cannot see the owners of the files.