-
Notifications
You must be signed in to change notification settings - Fork 90
Permission Matches
::= --(|T)::. | (+|-)(m|h|d|w|y) | never| now|today ::= commenter| contentmanager|fileorganizer| contributor|editor|writer| manager|organizer|owner| reader|viewer ::= anyone|domain|group|user
In the print/show filecounts/filelists/filetree commands you can limit the files counted/displayed by specifying permissions
that the file must/must not have.
Permission matching is expensive on Team Drives as retrieving the permissions requires a separate API call per file.
<PermissionMatch> ::=
permissionmatch|pm [not]
[type <DriveFileACLType>] [role <DriveFileACLRole>]
[allowfilediscovery|withlink <Boolean>]
[emailaddress <RegularExpression>] [domain <RegularExpression>]
[name|displayname <RegularExpression>]
[expirationstart <Time>] [expirationend <Time>]
[deleted <Boolean>]
endmatch|em
<PermissionMatchMode> ::=
permissionmatchmode|pmm or|and
<PermissionMatchAction> ::=
permissionmatchaction|pma process|skip
You can define multiple permission matches; each match specifies a set of required fields/values. By default, a permission
matches if all of its fields/values match the required fields/values. You can negate the match with not.
-
permissionmatch- Start of permission match definition. -
not- Negate the match. -
type <DriveFileACLType>- The type of the grantee. -
role <DriveFileACLRole>- The role granted by this permission. -
allowfilediscovery|withlink <Boolean>- Whether a link is required or whether the file can be discovered through search. -
emailaddress <RegularExpression>- For types user and group, the required email address. -
domain <RegularExpression>- For type domain, the required domain name. For types user and group, the required domain name in the email address. -
name|displayname <RegularExpression>- For types domain, user and group, the displayable name. -
expirationstart <Time>- For types user and group, will the permission expire on or after . -
expirationend <Time>- For types user and group, will the permission expire before or on . -
deleted <Boolean>- For types user and groups, has the user or droup been deleted. -
endmatch- End of permission match definition -
permissionmatchmode or- If any matches, then there is a permissions match. This is the default. -
permissionmatchmode and- If all match, then there is a permissions match. -
permissionmatchaction process- If the permissions match, count/display the file. This is the default. -
permissionmatchaction skip- If the permissions match, do not count/display the file.
Process all files with permissions type anyone:
permissionmatch type anyone endmatch
Process all files except those with permissions type anyone:
permissionmatch type anyone endmatch
permissionmatchaction skip
Process all files with write access for [email protected] or [email protected]:
permissionmatch role writer type group emailaddress [email protected] endmatch
permissionmatch role writer type user emailaddress [email protected] endmatch
Process all files with write access for [email protected] and [email protected]:
permissionmatch role writer type group emailaddress [email protected] endmatch
permissionmatch role writer type user emailaddress [email protected] endmatch
permissionmatchmode and
Process all files where neither [email protected] or [email protected] have access:
permissionmatch type user emailaddress [email protected] endmatch
permissionmatch type user emailaddress [email protected] endmatch
permissionmatchaction skip
or you can use regular expressions
permissionmatch type user emailaddress "user[1|2]@domain.com" endmatch
permissionmatchaction skip
Process all files shared with group [email protected] and not shared with user [email protected]:
pm type group emailaddress [email protected] em pm not type user [email protected] em pmm and
Process all files shared with domain.com either directly or via a user or group.
pm domain domain.com em pm emailaddress ".*@comain.com" em
Need more help? Ask on the GAM Discussion Group
Update History
Installation
- How to Install GAM7
- How to Uograde GAMADV-XTD3 to GAM7
- How to Upgrade Legacy GAM to GAM7
- How to Update GAM7
- Install GAM as Python Library
- GAM7 on Chrome OS Devices
- GAM7 on Android Devices
- Google Network Addresses
- HTTPS Proxy
- SSL Root CA Certificates
- How to Uninstall GAM7
Configuration
- Authorization
- GAM Configuration
- Running GAM7 securely on a Google Compute Engine
- Using GAM7 with a delegated admin service account
- Using GAM7 with a YubiKey
Notes and Information
- Upgrade Benefits
- Questions? Visit the GAM Discussion Forum
- GAM Public Chat Room
- Scripts
- Other Resources
- Drive REST API v3
- BNF Syntax
- GAM Return Codes
- Python Regular Expressions
- Rclone
Definitions
Command Processing
- Bulk Processing
- Command Line Parsing
- Command Logging and Progress
- Command data from Google Docs/Sheets/Storage
- CSV Special Characters
- CSV Input Filtering
- CSV Output Filtering
- Meta Commands and File Redirection
- Permission matches
- Tag Replace
- Todrive
Collections
Client Access
- Addresses
- Administrators
- Alert Center
- Aliases
- Calendars
- Calendars - Access
- Calendars - Events
- Chrome Auto Update Expiration Counts
- Chrome Browser Cloud Management
- Chrome Device Needs Attention Counts
- Chrome Installed Apps
- Chrome Policies
- Chrome Printers
- Chrome Profile Management
- Chrome Version Counts
- Chrome Version History
- ChromeOS Devices
- Classroom - Courses
- Classroom - Guardians
- Classroom - Invitations
- Classroom - Membership
- Cloud Channel
- Cloud Identity Devices
- Cloud Identity Groups
- Cloud Identity Groups - Membership
- Cloud Identity Policies
- Cloud Storage
- Context Aware Access Levels
- Customer
- Domains
- Domains - Verification
- Domain People - Contacts & Profiles
- Domain Shared Contacts - Global Address List
- Email Audit Monitor
- Find File Owner
- Google Data Transfers
- Groups
- Groups - Membership
- Inbound SSO
- Licenses
- Mobile Devices
- Organizational Units
- Reports
- Reseller
- Resources
- Send Email
- Schemas
- Shared Drives
- Sites
- Users
- Unmanaged Accounts
- Users - Signout and Turn off 2-Step Verification
- Vault - Takeout
- Version and Help
Special Service Account Access
Service Account Access
- Users - Analytics Admin
- Users - Application Specific Passwords
- Users - Backup Verification Codes
- Users - Calendars
- Users - Calendars - Access
- Users - Calendars - Events
- Users - Chat
- Users - Classification Labels
- Users - Classroom - Profile
- Users - Deprovision
- Users - Contacts
- Users - Contacts - Delegates
- Users - Drive - File Selection
- Users - Drive - Activity/Settings
- Users - Drive - Cleanup
- Users - Drive - Comments
- Users - Drive - Copy/Move
- Users - Drive - Files-Display
- Users - Drive - Files-Manage
- Users - Drive - Orphans
- Users - Drive - Ownership
- Users - Drive - Permissions
- Users - Drive - Query
- Users - Drive - Revisions
- Users - Drive - Shortcuts
- Users - Drive - Transfer
- Users - Forms
- Users - Gmail - Client Side Encryption
- Users - Gmail - Delegates
- Users - Gmail - Filters
- Users - Gmail - Forwarding
- Users - Gmail - Labels
- Users - Gmail - Messages/Threads
- Users - Gmail - Profile
- Users - Gmail - S/MIME
- Users - Gmail - SendAs/Signature/Vacation
- Users - Gmail - Settings
- Users - Group Membership
- Users - Keep
- Users - Looker Studio
- Users - Meet
- Users - Classroom - Profile
- Users - People - Contacts & Profiles
- Users - Photo
- Users - Profile Sharing
- Users - Shared Drives
- Users - Spreadsheets
- Users - Tasks
- Users - Tokens
- Users - YouTube