Reputation: 10030
Google Docs - Prevent automatic sharing with Google accounts outside our domain
Note: Without restricting it domain wide.
If I share a document with an individuals email, they are sent a link that contains an access token. They can use this link, and this link only, to access a restricted spreadsheet.
However, if they sign into their personal gmail accounts and then go back to that link, the document auto-shares to their personal gmail account. They, and anyone else that has access to that gmail account, can now access the spreadsheet without having to navigate to the specific link.
How do I prevent this auto-sharing from happening?
Upvotes: 0
Views: 96
Answers (2)
Reputation: 11
This is most likely a simplistic answer, but I hope it helps.
The problem can be resolved by controlling Enum Access (https://developers.google.com/apps-script/reference/drive/access) and Enum Permission (https://developers.google.com/apps-script/reference/drive/permission)
I'd recommend using something like:
var file = DriveApp.createFolder('NameOfFile');
file.setSharing(DriveApp.Access.DOMAIN, DriveApp.Permission.VIEW);
This way the people getting the email with access to the file can only access it from their domain email addresses, and not their personal ones. Plus, anyone on the domain can find and view it. The two links there should give you more information.
Upvotes: 1
Reputation: 4950
You need to set permission, if a script uses services that can access private data, you'll see authorization dialog. Scripts that you have previously authorized will also ask for additional authorization if a code change adds new services. All requests to Google Drive API must be authorized by an authenticated user.
HTTP request
POST https://www.googleapis.com/drive/v2/files/fileId/permissions
In the request body, you can set the required properties like role and type the allowed values are user, group, domain and anyone.
private static Permission insertPermission(Drive service, String fileId,
String value, String type, String role) {
Permission newPermission = new Permission();
newPermission.setValue(value);
newPermission.setType(type);
newPermission.setRole(role);
try {
return service.permissions().insert(fileId, newPermission).execute();
} catch (IOException e) {
System.out.println("An error occurred: " + e);
}
return null;
}
you may also try to check this document which discuss how to set sharing permissions.
Upvotes: 0
Related Questions
- How can I verify a Google authentication API access token?
- Critical security issue with Google Drive when sharing file as Restricted
- Share Google Sheets Anonymously
- File.setOwner() returns "Action not allowed" when Transferring ownership to an Editor
- Simplest way authenticate with Python Google APIs to access own accounts
- Sending Emails from different accounts with Google App Script
- Share script when sharing google spreadsheet with option "anyone with a link"
- Google API Service Accounts with Drive SDK