Shared Drives are increasingly becoming more utilized in collaborative online work between colleagues and customers using Google Workspace. It is important to know how their membership and access control are managed. Access control lists (ACL) of a Shared Drive are different from regular files and folders created in the myDrive of a user.
There are 2 types of access control for Shared Drives and their files:
Any user who is added to a file or folder within a Shared Drive who has not been declared as a member will be considered as a Guest. Members are declared at the topmost root folder.
Taking Action on ACLs using GAT+ #
When taking a removal action using the GAT+ to strip away sharing permissions (modifying ACL) of a file or folder within a Shared Drive, you must ask the following questions:
For the selected file, is this user a guest within the ACL or are they an inherited member from the root folder above? If they are members then you need to strip away their membership first. Otherwise, an error is going to be returned by Google Drive API.
I recommend reading this post Google Shared Drive Management.
If the user appearing in the ACL is not an inherited member from the root folder, they can be stripped away from files and folders without any issue.
I recommend reading this post Removing Sharing Permissions Recursively Down Folder Structure.