GDrive-Audit is a permissions audit tool that traverses all the files in your business' Google Drive account and generates a spreadsheet displaying file permissions.
Clone from repo, then:
> cd gdrive_audit
> pip install -r requirements.txt
from gdrive_audit.audit import GoogleDriveAuditReport
from gdrive_audit.audit import enable_stdout_logging
# Optionally, enable logging to stdout.
enable_stdout_logging()
# Create a report instance and start it:
report = GoogleDriveAuditReport('google_service_acct_credentials.json',
'[email protected]')
report.start(output_file_name='my_audit_report.csv')
# Wait for it... (It can take a while to traverse all user directories.)
GDrive-Audit uses a service account and the Google Admin and Drive APIs to traverse all user folders. Once all user folders are traversed, it exports a spreadsheet of all files and permissions for every user's drive within your customer account.
Team drive support has not been fully implemented- feel free to create a pull request!
Setting up your Google API credentials is non trivial, but this doc outlines the basic steps.
https://support.google.com/a/answer/7378726?hl=en
- Login to https:/console.developers.google.com with the google account associated with your org.
- Create a project.
- Enable GDrive API and Admin SDK for the project.
- Create service account credentials and download the private key in json format Save this - you'll need it!
- Enable G Suite Domain-wide delegation for the service account.
- Copy the client ID (its an integer) of the service account, you'll need it to configure the admin.
- Login to https://admin.google.com with a super user account.
- Go to Security > Advanced Settings > Manage API client access
- Under client name, enter the client ID from above, then set permission scope to
https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/drive.readonly
and save.
Threading: the utility is currently a synchronous single-threaded application, so large drives can take a while. We will convert this into a multi-threaded application at some point.