Why shared drives are the way they are

What would you really like to love, but find it difficult to do? Twitter comes to mind. Daylight savings time. And shared drives. Some of shared drives' quirks infuriate even seasoned hands, so let's talk about what is behind the design decisions that went into shared drives.

Why I can't stop writing "Team Drive" is also beyond me.

Why shared drives have roles

In the world of My Drive, there are no roles, but access rights (view/comment/edit and own). Individual users can have different access rights to any file or folder.

That means a lot of freedom to organize, but you may end up in complicated scenarios where you have rights to a folder, but not to the content. Or rights to some files, but not others. Or you move something around and all hell breaks loose. It's brilliant if you know what you are doing, but can be scary.

1. Shared drives were meant to simplify access: One person, one access level.

Shared drives have roles instead of access rights because they apply to all files inside a Shared drive. You don't need to worry about somebody seeing too much or too little - you only need to set the role once and can go back to emptying your inbox.

Why shared drives are picky about moving files

If you think that Drive can be a bit volatile, you are right. People can leave or decide they do not like each other anymore.

2. Shared drives were meant to protect against people leaving: Nobody owns files.

Technically, the shared drives owns the files. If you leave your company, nothing will happen to the files you uploaded into shared drives (which is why should put them there in the first place!).

"Nobody owns files" sounds nice, but it means that files must be protected more strongly since destructive actions impact everybody. There is no more owner to correct deletions or moves that will upset people. So we are back to roles.

The second reason: moving files somewhere else can be thought of "theft", or adding new people to the access list. Which is a privilege of the highest role, "manager".

Refresher: Access roles for shared drives

Viewer: A person who can only view, like in Drive.
Commenter: This person can comment on files. This includes the ability to read existing comments, too.

So far, so good. Now it gets strange, because there are 2 types of editors. Is that distinction necessary? I don't think so, they could very well have a single editor role. The only reason I can come up with is The Principle of Least Privilege (see below).

Contributor: Can create and edit files. Can NOT delete or move files around. This is for clumsy people who edit files but whose sense of organization is not shared by the rest of the team.
Content manager: Can do everything you think an editor should do (delete stuff!).

And finally, we need somebody with the power to manage users:

Manager: The administrator of the specific team drive. The only person(s) who can manage users and do big, impactful actions, like share/move folders.

Problems with user management: The principle of least privilege

Setting the role once and going back to emptying your inbox sounds wonderful, but reality is more complicated than that. What if you have somebody who should be seeing less than the rest of your team? Or more?

Google's answer is: You can give people more access within a shared drive, as long as you give them more access. You can't downgrade the intern for specific files or hide the files from the intern. You need to give the interns a low-level role and then upgrade them where appropriate. Security people like this approach (it's called principle of least privilege) - shared drive managers not so much and interns even less.

If you have a REALLY secret folder, the official guidance is to create a second shared drive, place the folder there and only invite people who should see it. Now you manage two shared drives, which is cumbersome. But very secure.

This is probably why Google added the content manager role: You can make your interns contributors so they can be part of the team, but not break much. For selected files, they can be promoted to content manager.

I'll let you in on a secret: This article started out on folder sharing. It got a bit out of hand - but that was necessary to establish the basis for next week. Also, refreshers on some of these things are sometimes necessary. I hope you're still awake and the thoughts that went into building shared drives make them easier to appreciate. Thank you for reading!

#drivePublished 2019-10-22 by Holger Matthies.Modified 2021-03-31 by Holger Matthies.Written listening to Audrey Gallagher - Skin deep

Page updated

Report abuse