Set Item Permissions (Google Drive) v1.0.0 Help
Provides access in a specified role for the selected users to the defined file or folder from the connected Google Drive account.
How can I use the Step?
Use this Step to give permission to external users defined via email, domain, or anyone with the link to access a file or a folder stored within the connected Google Drive account. Define the item to give permission to via ID. To obtain the item ID value, you can use the List Items in Folder (Google Drive) or the Find Items (Google Drive) Steps.
How does the Step work?
You select an authorization connected to a Google Drive account, then define the item ID, as well as select the users and their roles. When this Step is reached during execution, the defined users receive access to the item, and the Flow proceeds down the next
exit. An option to select the Flow behavior in case the item isn't found is available.
Prerequisites
To be able to use any Step from the Google Drive toolkit, first, you must do the following:
- Create a new or use an existing Google Cloud Project in your Google Cloud Console. To create a new project, follow these instructions.
- Create an Authorization by connecting your OneReach.ai account with the Google Cloud Project. Find the step-by-step instructions on how to do this in the collapsible group of the respective Authorization type modal window.
Authorization
To set up an authorization, do the following:
- Select the Authorization type in the dropdown.
- Select one of the two options:
- Click the Select authorization in current step option to select an authorization from the respective dropdown in this Step. Use this option when you need to:
- Create a new authorization;
- Select a previously created authorization manually.
- Select the Inherit from previous step option to choose the authorization used in the last executed Step of the Google Drive/Calendar toolkits in the Flow. Use this option when you have already created an authorization of the selected Authorization type and used it previously in the Flow.
Authorization type
The Google Drive and Google Calendar toolkits support two Authorization types:
The OAuth 2.0 authorization is used to authenticate as an end user and access user data in your app. It requires your app to request and receive consent from the user.
The Service account authorization is used to authenticate as a robot service account or to access resources on behalf of Google Workspace or Cloud Identity users through domain-wide delegation. A service account is a special kind of account used by an application rather than a person. Read more here.
Create a new authorization
To create a new authorization, do the following:
- Select the Authorization type in the respective dropdown.
- Click the Select authorization in current step button.
- Click the Gear button, then Add, or select to Create new authorization in the dropdown.
- A modal window for creating a new authorization will pop up. Follow the instructions in the modal's collapsible. When finished, the created Authorization name will be added to the list in the dropdown.
- Select respective Authorization name in the Select authorization in current step dropdown.
Select authorization in current step
The Select authorization in current step dropdown lists every authorization added to your OneReach.ai account.
- To choose an authorization, select its name in the dropdown.
The gear button contains options to Add a new or Delete an existing authorization, as well as to Refresh the list of added authorizations.
Click Edit to update the Service account authorization fields. You can also Reauthorize an OAuth 2.0 authorization.
Warning! If an external app was created in the OAuth Consent Screen, you need to reauthorize the created authorization in all Flows once approximately every 7 days.
Inherit from previous step
When you add a Step from the Google Drive/Calendar toolkit to the Flow, you are expected to manually choose the Authorization type and then an authorization from the respective dropdowns. If you add another Step from these toolkits to the Flow and their selected authorization types match, the option to Inherit from previous step is chosen by default. When selected, it continues to use the same authorization defined in the previous Step of the Google Drive/Calendar toolkit without needing to select it manually.
Warning! If the Inherit from previous step option is selected, but there is no Step with the matching Authorization type in the Flow, the Step results in an error.
Permissions settings
To set up this section, take the following steps:
- Provide the Item ID for a file or a folder that the external user(s) are supposed to access.
- Select who to Share with in sharing options. Its selection updates the Users permission options.
- Define the respective Users permission for the selected group.
Item ID
Item ID is a unique identifier of an existing file or folder in a Google Drive account.
Note: You can extract Item ID as a Merge field value with the help of List Items in Folder (Google Drive) or Find Items (Google Drive) Steps.
Sharing options
- Select Specific users to share the item with user(s) defined via an email.
- Select Domain users to share the item with all the users of the provided domain.
- Select Anyone with the link to share the item with any user who has the item's URL.
Specific users
To share the item with Specific users, do the following:
- Provide the User email.
- Select the permission Role.
- To add multiple users, click Add user, then repeat steps 1-2. Each defined user can find the respective item in the Shared with me section of their Google Drive account.
- Optional: disable the Send email notification toggle.
Domain users
To share the item with domain users, do the following:
- Provide the Domain.
- Select the permission Role.
- Optional: enable the Allow to find item in search results toggle.
Anyone with a link
To share the item with Anyone with a link, do the following:
- Select the permission Role.
- Optional: enable the Allow to find item in search results toggle.
Users permission
The User email input is expected as an email of the external user that is supposed to access the defined file or folder.
The selected Role defines the permission level the respective user gets. Selected role corresponds with respective Google Drive roles.
By default, each defined user email receives a letter informing them of their permission role with a link to the specified file or folder. Turn off the Send email notification toggle to skip sending the letter.
Note: The defined users maintain access to the respective item regardless of the email notification.
The Domain input is expected as a domain name and extension, for example, thecompany.com
.
Warning! Domains of major email providers such as
gmail.com
oryahoo.com
are not allowed and will result in an error.
To Allow to find item in search results of the user's input in the Search in Drive field of their Google Drive, turn on the respective toggle.
Conflict handling
By default, if the Step cannot find the defined item, the Flow proceeds down the not found
exit. This can happen when the item has been deleted. An option to Select the exit in case item is not found allows you to take the Flow down the next
or error
exit.
Caution: The Step removes the
not found
exit if you select a different option.
Merge field settings
The Step stores the output data in a JSON object under the name provided in the Merge field name. To learn more about Merge fields, their types, and how to work with them, follow this link.
Output example
The output data includes the following properties:
Key | Type | Description |
---|---|---|
permissions | array | An array of objects, each including the type , role and emailAddress properties of each specified user. It includes the domain property if the respective option was selected. |
type | string | The type of permission the respective user receives. |
role | string | The Role in which the respective user can access the item. |
emailAddress | string | The User email of the respective user. |
domain | string | The provided Domain whose users receive the access to the item. |
See below an example of the merge field object's structure:
{
"permissions": [{
"type": "",
"role": "",
"emailAddress": ""
}...]
}
{
"permissions": [{
"type": "",
"role": "",
"emailAddress": ""
}...]
}
The output data changes depending on the selected exit in case the item or folder is not found:
next
-{}
not found
-null
Error handling
By default, the Step handles errors using a separate exit. If an error occurs during the Step execution (e.g., if the authorization data is invalid), the Flow proceeds down the error
exit. For more information on error handling, follow this link.
Reporting
The Step automatically generates Reporting events during its execution, allowing for real-time tracking and analysis of its performance and user interactions. To learn more about Reporting events, follow this link.
Services dependencies
- studio v3.20.0
- authorization Manager v1.3.1
Release notes
v1.0.0
- Initial release