Skip to content
This repository has been archived by the owner on Sep 5, 2023. It is now read-only.

Google Drive permissions audit tool.

Notifications You must be signed in to change notification settings

HeadspaceMeditation/gdrive-audit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GDrive Audit

GDrive-Audit is a permissions audit tool that traverses all the files in your business' Google Drive account and generates a spreadsheet displaying file permissions.

Install

Clone from repo, then:

> cd gdrive_audit
> pip install -r requirements.txt

Run

from gdrive_audit.audit import GoogleDriveAuditReport
from gdrive_audit.audit import enable_stdout_logging

# Optionally, enable logging to stdout.
enable_stdout_logging()

# Create a report instance and start it:  
report = GoogleDriveAuditReport('google_service_acct_credentials.json', 
                                '[email protected]')    
report.start(output_file_name='my_audit_report.csv')

# Wait for it... (It can take a while to traverse all user directories.)

User drives

GDrive-Audit uses a service account and the Google Admin and Drive APIs to traverse all user folders. Once all user folders are traversed, it exports a spreadsheet of all files and permissions for every user's drive within your customer account.

Team drives

Team drive support has not been fully implemented- feel free to create a pull request!

Credentials and Google API setup

Setting up your Google API credentials is non trivial, but this doc outlines the basic steps.

https://support.google.com/a/answer/7378726?hl=en

Google Developer console

  1. Login to https:/console.developers.google.com with the google account associated with your org.
  2. Create a project.
  3. Enable GDrive API and Admin SDK for the project.
  4. Create service account credentials and download the private key in json format Save this - you'll need it!
  5. Enable G Suite Domain-wide delegation for the service account.
  6. Copy the client ID (its an integer) of the service account, you'll need it to configure the admin.

Google Admin

  1. Login to https://admin.google.com with a super user account.
  2. Go to Security > Advanced Settings > Manage API client access
  3. Under client name, enter the client ID from above, then set permission scope to https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/drive.readonly and save.

TODO

Threading: the utility is currently a synchronous single-threaded application, so large drives can take a while. We will convert this into a multi-threaded application at some point.

About

Google Drive permissions audit tool.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages