Documentation
Start typing to search…

Find Permission

Definition

The Find Permission action is used to retrieve detailed information about a specific permission granted on a file or folder in Google Drive. By providing the Permission ID and the File or Folder ID, this action returns comprehensive metadata related to that permission—such as the grantee’s email, role, permission type (user, group, domain, or anyone), whether the permission is inherited or directly assigned, and more.

This action is part of the Google Workspace category and requires a Google Workspace Administration connection using a service account with domain-wide delegation. It is especially useful for audits, compliance tracking, or troubleshooting access issues by allowing administrators to investigate the exact nature of shared access on Drive items.

Key Capabilities:

  • Identify who a permission belongs to and their role (e.g., viewer, editor, owner).
  • Determine if the permission is still valid or associated with a deleted account.
  • Understand inheritance of permissions in Shared Drives.
  • Retrieve expiration settings or pending ownership status.
  • Supports security audits and access reviews by IT administrators.

Inputs

Connection

A Google Workspace Administration connection is required to execute this action.

💡

Note: You must upload a Service Account credential JSON file with domain-wide delegation enabled. This allows the action to perform administrative tasks on behalf of users in your domain.Follow this guide to create the required connection:Creating a Google Workspace Administration Connection

User Email

Enter the primary email address of the user associated with the file or folder for which you want to retrieve the permission.

Example: [email protected]This email helps the action identify the context of the file ownership or access when retrieving permission data.

Permission ID

The unique identifier of the permission you're looking to retrieve.

This ID is specific to a particular permission entry (e.g., a shared user, group, or domain) on a file or folder in Google Drive.You can get this ID using Zenphi’s “List Permissions” action or via the Google Drive API.

File or Folder ID

This is the unique identifier of the file or folder in Google Drive for which the permission applies.To locate the ID:

  • Go to Google Drive and locate the file/folder.
  • Right-click it and select “Get link” or “Share.”
  • The link will look something like:https://drive.google.com/file/d/1234567890abcdef/view
  • The ID is the part after /d/ and before /view:1234567890abcdef

📝

Tip: You can also retrieve the File/Folder ID using Zenphi’s “List Files/Folders” action when run under a user’s connection.


Outputs

Id

The unique identifier of the permission entry.

This ID can be used for further actions such as updating or deleting the permission.

Display Name

The readable name of the entity the permission is granted to.

  • For user: the person’s full name (e.g., "Jane Doe").
  • For group: the name of the Google Group (e.g., "Sales Team").
  • For domain: the domain name (e.g., "company.com").
  • For anyone: this field is not populated.

Type

Specifies who or what the permission is granted to.Valid values:

  • user: An individual Google account
  • group: A Google Group
  • domain: A company-wide domain
  • anyone: Public access (anyone with the link)

Photo Link

A URL linking to the profile photo of the user (if available).

Useful for displaying visual identity in user interfaces.

Email Address

The email associated with the permission (e.g., a user or group email).

For user or group types, this is the most direct way to identify who the permission belongs to.

Role

The access level granted by the permission.Allowed values include:

  • owner
  • organizer
  • fileOrganizer
  • writer
  • commenter
  • reader

This indicates what the person or group can do with the file/folder.

Domain

Shows the domain name for permissions of type domain.

Example: "yourcompany.com"

Allow File Discovery

Indicates whether the file is discoverable in search results.

This applies to domain or anyone types and determines if the file appears in search queries.

Expiration Time

The date and time (RFC 3339 format) when the permission expires.

Only applicable to user or group permissions.Must be in the future, and not more than 1 year ahead.

Deleted

States whether the associated account has been deleted.

Applies only to user and group types.

Pending Owner

Indicates whether the user is marked as a pending owner.

This is only relevant for files not in a shared drive, and when ownership transfer is in process.

Permission Details (for Shared Drive items only)

Additional metadata about how the permission is applied:

  • Permission Type: Whether it's a file-level or member-level permission.
  • Inherited From: The ID of the item the permission is inherited from (e.g., a folder).
  • Role: Same as above — shows what the user can do (organizer, writer, etc.).
  • Inherited: Indicates whether the permission is direct or inherited from a parent.

Example Situation:

Imagine you are an IT administrator at a company, and you need to review specific user permissions on sensitive project files stored in Google Drive. One of your managers reports that a former employee might still have access to a confidential folder, and you want to verify this quickly.

How you would use the action:

  1. **Identify the file or folder:**You already know the folder where the sensitive project files are stored. Using the Google Drive web interface or your existing automation, you find the File or Folder ID for this folder.

  2. **Get the permission ID:**From a previous step or using a related action like "List Permissions," you retrieve the specific Permission ID assigned to the former employee or suspect user.

  3. **Use the "Find Permission" action:**You input the service account Connection with domain-wide delegation, enter the user’s primary email, provide the Permission ID, and the File or Folder ID.

  4. **Retrieve permission details:**The action returns detailed permission info — such as the user’s display name, role (e.g., reader, writer), whether the permission is inherited or direct, and if the account is deleted or pending ownership.

  5. **Make informed decisions:**Based on this info, you confirm if the former employee still has access. If yes, you can then proceed to remove or update permissions to protect sensitive data.

This setup allows you to automate permission audits and maintain security without manually checking each file’s sharing settings in the Google Drive UI, saving time and reducing human error.

Updated about 7 hours ago