Closed lucidheart closed 3 weeks ago
Richard,
Send me a Meet/Zoom invitation.
Ross Scroggs @.***
On Feb 14, 2024, at 8:16 AM, Richard Powell @.***> wrote:
In attempting to audit my shared drives, I've encountered a situation where the "pm inherited false em" is not properly working.
Essentially, if I run the command "gam user @. @.> print drivefileacl ###### oneitemperrow", it produces a result of a dozen or so. Of which, ONE of the results is a member of the team drive, but ALSO has a secondary permission that duplicates the permission they already have a member of the team drive. In the results of the query, the second permissions is listed with a one (1), including permission.permissionDetails.1.inherited where the result is "False". The result confirms it is not an inherited permission.
However, when I run the same command above, adding the permission filter "gam user @. @.> print drivefileacl ###### oneitemperrow pm inherited false em", this produces zero results. This should in fact produce the one result that contains the augmented permission.
I'm looking at a workaround of having to filter through acls that have more than a single result to locate these unwanted duplicate permissions. It would of course be better if gam could just find them for me using the filter.
— Reply to this email directly, view it on GitHub https://github.com/taers232c/GAMADV-XTD3/issues/398, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACCTYL25ILVFLAZPJ74AVOLYTTPOZAVCNFSM6AAAAABDISD2IKVHI2DSMVQWIX3LMV43ASLTON2WKOZSGEZTINZQGYYDOMQ. You are receiving this because you are subscribed to this thread.
6.68.08
Updated gam <UserTypeEntity> print filelist|drivefileacls|shareddriveacls ... oneitemperrow
to print
ACLs with multiple permission details on separate rows for each basic permission/permission detail combination.
This case occurs when a member of a Shared Drive has access to a file and also has explicitly granted access to the same file.
Added permtype member|file
to <PermissionMatch>
that allows determining whether an ACL on a Shared Drive file was
derived from membership or explicitly granted.
In attempting to audit my shared drives, I've encountered a situation where the "pm inherited false em" is not properly working.
Essentially, if I run the command "gam user user@domain.com print drivefileacl ###### oneitemperrow", it produces a result of a dozen or so. Of which, ONE of the results is a member of the team drive, but ALSO has a secondary permission that duplicates the permission they already have a member of the team drive. In the results of the query, the second permissions is listed with a one (1), including permission.permissionDetails.1.inherited where the result is "False". The result confirms it is not an inherited permission.
However, when I run the same command above, adding the permission filter "gam user user@domain.com print drivefileacl ###### oneitemperrow pm inherited false em", this produces zero results. This should in fact produce the one result that contains the augmented permission.
I'm looking at a workaround of having to filter through acls that have more than a single result to locate these unwanted duplicate permissions. It would of course be better if gam could just find them for me using the filter.