Documentation
Start typing to search…

List Permissions

Definition

The "List Permissions" action in the Google Workspace category allows you to retrieve all the sharing permissions associated with a specific file, folder, or shared drive in Google Drive. By providing the file or folder ID, this action returns detailed information about who has access, their roles (e.g., owner, editor, viewer), how access is granted (direct or inherited), and whether the permission is temporary or permanent.

This is a powerful tool for administrators and automation flows that require visibility into file access controls for auditing, security compliance, and collaboration management. It supports insights into users, groups, domains, and public access settings, including whether a file is discoverable in search or restricted.

Key capabilities:

  • View full permission details including roles, emails, expiration times, and inheritance structure.
  • Distinguish between different types of access (user, group, domain, anyone).
  • Identify deleted or pending owner accounts.
  • Analyze permission hierarchies in shared drives.

Example Use ases

1. Audit File Access Permissions

Ensure data compliance and securityOrganizations can use this action to regularly audit who has access to sensitive files and folders, helping to identify over-shared or externally shared content.

2. Track Shared Drive Permissions

Review roles and inherited accessAdmins can retrieve and review permission structures for items in shared drives to understand whether access is granted directly or inherited from parent folders.

3. Detect External Sharing

Identify public or external accessBy listing permissions and their types (user, group, domain, anyone), IT teams can quickly flag content accessible to people outside the company.

4. Support Ownership Transitions

Assist in transferring or confirming ownershipIf a user is leaving the organization, this action can help list their owned files and identify pending ownership changes that require action.

5. Verify Expiration of Access

Monitor temporary permissionsTrack which permissions have an expiration time set and ensure that time-limited access (e.g., contractors) is appropriately enforced.

6. Visualize Collaboration Structures

Understand how teams collaborateGain insights into which users and groups are working on shared content and the levels of access they’ve been granted.


Inputs :

🔌 Connection

A valid Google Workspace Administration connection is required to authenticate and authorize this action. This connection uses a service account with domain-wide delegation, which allows Zenphi to act on behalf of users within your domain. You must upload a credential JSON file when creating the connection.📘 Need help setting it up? Follow this guide:Zenphi Docs – Creating a Google Workspace Admin Connection

📧 File or Folder ID

**(To get the File ID in Google Drive...)**The unique identifier of the file or folder for which you want to retrieve the list of permissions.You can extract this ID from the file or folder's share link. For example, in this link:https://drive.google.com/file/d/1234567890abcdef/view, the ID is 1234567890abcdef.

💡

Tip: You can find this by clicking “Share” on a file/folder in Google Drive and copying the part after /d/ and before /view.

Best Practice:

Make sure the file or folder is accessible by the account used in the Connection, or that proper delegation rights are in place. Also, ensure the ID is correct — using the wrong or expired ID may result in an error or empty result.


Outputs:

🔄 Permissions

This is the main output — a list containing the details of each permission granted on the specified file or folder. Each permission entry includes the following fields:

🆔 Id

The unique identifier of the permission entry. Useful when managing, updating, or removing a specific permission later.

🧑 Display Name

A user-friendly name representing the permission grantee.

  • If the permission is assigned to a user, this is typically their full name (e.g., "John Smith").
  • For a Google Group, it's the group’s name.
  • For domain or anyone types, this field may be empty or not shown.

📄 Type

Specifies who the permission applies to. Possible values include:

  • user: An individual user
  • group: A Google Group
  • domain: All users in a specific domain
  • anyone: Anyone on the internet

This helps you understand the scope and audience of the sharing.

🖼️ Photo Link

A URL to the user’s Google profile picture (if available).This is primarily useful in interfaces or audit logs where visual identification of users is helpful.

📧 Email Address

The email associated with the permission. Applicable for user or group types. It shows exactly which account or group the permission has been granted to.

🛠️ Role

The level of access granted to the grantee. Possible values include:

  • owner
  • organizer
  • fileOrganizer
  • writer
  • commenter
  • reader

Each role has different privileges — for example, "writer" can edit, while "reader" can only view.

🌐 Domain

For domain-type permissions, this shows the domain (e.g., yourcompany.com) to which access was granted. This helps administrators review external or internal domain sharing.

🔍 Allow File Discovery

Indicates whether this permission allows the file to appear in search results for users with access. Only relevant for domain and anyone types.

  • true: File can be discovered via search
  • false: File is only accessible with a direct link

Expiration Time

If the permission is temporary, this field shows when it will expire (formatted per RFC 3339).

  • Only applies to user and group types
  • Cannot be set more than one year into the future

Deleted

Indicates whether the associated user or group account has been deleted. This helps identify obsolete permissions that may need cleanup.

🕒 Pending Owner

Shows if the user has been invited to become the file owner but hasn't accepted yet. Only relevant for user-type permissions and for files not in shared drives.

📋 Permission Details

Additional metadata about how the permission is applied, especially in shared drives. This includes:

  • Permission Type: Whether the permission is on the file directly or inherited (e.g., from a parent folder). Possible values: file, member.

  • Inherited From: The ID of the item (e.g., a parent folder or shared drive) where the permission is inherited from.

  • Role: The user’s effective role considering inheritance. It can be organizer, fileOrganizer, writer, etc.

  • Inherited: A boolean indicating whether this permission was inherited (true) or directly assigned to the file/folder (false).

These outputs are essential for access reviews, audits, or building automated workflows to manage and clean up sharing permissions in your organization.


📘 Example: Audit File Permissions for Compliance

**Scenario:**An IT administrator at a mid-sized company is conducting a quarterly audit to ensure sensitive documents are only accessible to authorized users. One of the files — a Google Sheet containing financial projections — was recently shared with several stakeholders, including external consultants.

The administrator wants to:

  1. Check who currently has access to this document.
  2. Verify roles (e.g., who can edit vs. just view).
  3. Identify any expired or pending permissions or access granted to external domains.

How to set it up in Zenphi:

  1. Add the “List Permissions” action to your Zenphi flow.
  2. Choose the Google Workspace connection that has permission to access the target file.
  3. In the "File, Folder Id" field, paste the File ID of the document you want to audit (you can find this in the URL of the file, after /d/).
  4. Run the flow.

Once executed, the action will return detailed data about all permissions on the file — including names, email addresses, access roles, expiration times, and whether the permissions are directly assigned or inherited.

What you can do next:

  • log all the results into a Google Sheet or notify the admin via email for further review.

Updated about 8 hours ago