PHP Google Drive API folder permission control problem

Dave_17Sketch · July 12, 2025, 1:38am

I’m working with the PHP Google Drive API to create directories. Right now my code makes folders accessible to everyone, but that’s not what I want.

I need to restrict access so only the account owner (whose credentials are in my JSON file) and maybe one or two specific email addresses can view the folder. I tried looking for solutions online but nothing worked properly.

Here’s my current code:

$googleDriveClient = setup_drive_service();
$directory_name = 'my_folder_2024';

// Create folder metadata
$directoryData = new Google_Service_Drive_DriveFile([
    'name' => $directory_name,
    'mimeType' => 'application/vnd.google-apps.folder',
]);

// Make the directory
$newDirectory = $googleDriveClient->files->create($directoryData, [
    'fields' => 'id',
]);

if ($newDirectory) {
    // This makes it public - I don't want this
    $accessRule = new Google_Service_Drive_Permission([
        'type' => 'anyone',
        'role' => 'reader',
    ]);
    $googleDriveClient->permissions->create($newDirectory->id, $accessRule);
}

I also tried this approach but it didn’t work:

if ($newDirectory) {
    // Try to remove public access
    $googleDriveClient->permissions->delete($newDirectory->id, 'anyone');
    
    // Add specific users
    $allowedUsers = ['[email protected]', '[email protected]'];
    
    foreach ($allowedUsers as $userEmail) {
        $userAccess = new Google_Service_Drive_Permission([
            'type' => 'user',
            'role' => 'editor',
            'emailAddress' => $userEmail,
        ]);
        $googleDriveClient->permissions->create($newDirectory->id, $userAccess);
    }
}

How can I properly set up restricted permissions for my Google Drive folders?

livbrown · July 16, 2025, 7:00pm

Folders created through the API are private to the service account by default. Don’t create the public permission at all - just remove that entire block setting type to ‘anyone’. Your second code snippet is correct, but you’re getting an error because there’s no ‘anyone’ permission to delete. Create the folder, then add your specific user permissions directly. Skip the deletion step completely. Make sure those email addresses have Google accounts or the API will throw exceptions. I’ve used this approach for months without problems.

JackHero77 · July 16, 2025, 11:33am

You’re making the folder public first, then trying to undo it later. That’s your problem. Drive API folders start private by default - only the service account can access them. Just skip the whole ‘anyone’ permission part and go straight to adding your specific users. One thing though - set ‘sendNotificationEmail’ to false when creating user permissions, or Google will spam those users with emails. Also double-check your service account has the full ‘https://www.googleapis.com/auth/drive’ scope, not just the readonly one. I ran into the same mess until I realized I was creating public access for no reason.

Mandy_45Photography · July 16, 2025, 3:12am

your second approach should work fine. the problem might be you’re trying to delete the ‘anyone’ permission before actually making the file public first. just skip the delete step and go straight to your foreach loop that adds specific users. also double-check that your service account has domain-wide delegation set up if you’re dealing with gsuite emails.

Dave_17Sketch · July 20, 2025, 3:12am

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.