It's recommended (and much easier) to share access to a folder instead of individual files. You can also use Google Groups instead of adding individual users. Google Team/Shared Drives has finally started to improve permissions and includes sharing with external emails as well.
Otherwise it's better to use something like Box.com which is actually designed for enterprise-level features including complex access controls and user management.
That might be true, but nowhere in the UI does it recommend that. If you want to share a file, nothing suggests you consider sharing a folder instead. And even then, we'd still have to find and disable all of the folders that had been shared with the ex-associate. That would reduce the number of items to un-share, but the fundamental problem of having no easy way to find and handle each item is still there.
Yeah, we're going to Box for everything outside our organization for exactly those reasons. If Google Drive lived up to the "enterprise" label they stick on accounts, we would stick with it. It's just not business-ready in its current form, though.
It's not a UI thing. It's a general recommendation about workflows because folders are usually easier to manage than files. Have you tried using Google Groups? Add them to a single "external associates" group and then you can just edit group membership in the future instead of managing files.
The other person commented that the UI didn't suggest using folders over files. Why would it? That's up to your specific workflow, and using folders or groups is general advice for bigger organizations.
How you verify access is something else entirely, but the same advice helps in that case too.
> It's recommended (and much easier) to share access to a folder instead of individual files.
It’s not. folders don’t actually exist in google drive. files are shared individually. there’s a very complex interaction between imaginary folder ACLs and file ACLs. if you depend on the folders as being hierarchical (which they aren’t), this will bite you through unexpected leftover sharing.
The exceptionally stupidly names Shared drives (used to be called Team Drives) fix this.
Otherwise, ‘gam’ is the best tool out there for managing this.
Some of the paid tools are like VPNs. you end up giving full access to the tool developer. be very careful if you go with a paid tool vs ‘gam’.
> folders don’t actually exist in google drive. files are shared individually.
What do you mean? Drive has UI for folders, shows folders hierarchically, and allow sharing of folders with a single dialog-box interaction. There are instructions online that explain how to use folders for organizing and sharing:
For a software engineer, it may help to understand how folders are implemented when dealing with tricky ACL situations, but for all practical purposes, and for the majority of (non-engineer) users, folders definitely exist in Drive.
Otherwise it's better to use something like Box.com which is actually designed for enterprise-level features including complex access controls and user management.