appscript.dev
Automation Intermediate Drive Sheets

Apply folder-based permission rules to uploads

Auto-share new files in Northwind project folders with the right team.

Published Sep 18, 2025

Every Northwind project folder has a team that should be able to work in it and a wider group that should only be able to look. When someone drops a new file into a folder, it inherits whatever sharing the folder happens to have — which is rarely exactly right, so people share files by hand and occasionally forget.

This script makes folder membership a rule instead of a habit. A small Sheet lists each project folder, who should be an editor, and who should be a viewer. The script walks every folder and applies those rules to the files inside, so an upload is shared correctly without anyone touching its sharing settings.

What you’ll need

  • A Folder rules sheet with three columns: folderId (the Drive folder ID), editors (comma-separated email addresses to grant edit access), and viewers (comma-separated addresses to grant view access).
  • The Drive folder IDs themselves — the long string in a folder’s URL after /folders/.
  • Edit access to each folder so the script can change file sharing.

The script

// The sheet of folder -> permission rules.
const RULES = '1abcFolderRulesId';

/**
 * Reads the folder rules and applies them to every file inside each
 * listed folder: granting edit access to the editors and view access
 * to the viewers.
 */
function applyPermissions() {
  // 1. Read the rules sheet, dropping the header row.
  const [_, ...rows] = SpreadsheetApp.openById(RULES).getSheets()[0]
    .getDataRange().getValues();

  if (!rows.length) {
    Logger.log('No folder rules defined — nothing to do.');
    return;
  }

  // 2. Work through each folder rule in turn.
  for (const [folderId, editors, viewers] of rows) {
    if (!folderId) continue;

    const folder = DriveApp.getFolderById(folderId);
    const files = folder.getFiles();

    // 3. Apply the rule to every file directly in the folder.
    while (files.hasNext()) {
      const file = files.next();

      // Grant edit access to each listed editor.
      String(editors).split(',').map((s) => s.trim()).filter(Boolean)
        .forEach((e) => file.addEditor(e));

      // Grant view access to each listed viewer.
      String(viewers).split(',').map((s) => s.trim()).filter(Boolean)
        .forEach((v) => file.addViewer(v));
    }
  }
}

How it works

  1. applyPermissions opens the rules spreadsheet and reads the first tab, discarding the header row and keeping the data rows.
  2. If there are no rules, it logs a message and stops.
  3. It loops over each rule row, destructured into folderId, editors, and viewers, and opens the folder by ID.
  4. It iterates every file directly inside that folder with getFiles.
  5. For each file it splits the editors cell on commas, trims each address, and grants edit access; then does the same for viewers and view access.

Example run

Say the Folder rules sheet holds:

folderIdeditorsviewers
1castleRebrand[email protected][email protected]
1brightlineSite[email protected], [email protected]

A designer drops mockups-v2.fig into the Castle rebrand folder. On the next run:

  • mockups-v2.fig gains Maya as an editor and the client as a viewer.
  • Every file in the Brightline folder gains Leo and Sam as editors; no viewers are added because that cell is blank.

Nobody opened a sharing dialog.

Trigger it

Run this on a timer so uploads are shared shortly after they land:

  1. In the Apps Script editor open Triggers and click Add Trigger.
  2. Choose applyPermissions, set the event source to Time-driven, and pick an Hour timer of every hour.

Watch out for

  • addEditor and addViewer send a sharing notification email each time Drive treats the grant as new. The script re-applies rules on every run; Drive will not re-notify someone who already has access, but a fresh file does trigger one email per person.
  • It only touches files directly inside each folder — getFiles does not descend into subfolders. Add a recursive walk if your projects nest.
  • Removing an address from a rule does not revoke that person’s access. The script only ever grants; it never removes. Revoke access by hand when someone leaves a project.
  • A wrong or deleted folderId makes getFolderById throw and stops the run before later folders are processed. Keep the IDs in the sheet accurate.
  • Granting access to a file you do not own may be blocked by Workspace sharing policy — run the script as someone with edit rights on the folder.
↑ File organisation ↑ Google Drive automation

Related

Automation Intermediate Drive Sheets

Build a recurring file-delivery system

Drop a fresh report file into a Northwind client folder weekly — they don't even ask.

Updated Dec 15, 2025
Automation Intermediate Drive Sheets

Build a Drive search index in Sheets

Make Northwind's file metadata searchable in a Sheet — like Spotlight for Drive.

Updated Dec 7, 2025
Automation Intermediate Drive Sheets

Build a shared-folder onboarding kit

Auto-grant new Northwind hires the folders they need on day one.

Updated Nov 29, 2025
Automation Intermediate Drive Gmail

Route saved email attachments to project folders

File Gmail attachments into the right Northwind client folder based on subject keywords.

Updated Nov 25, 2025
Automation Advanced Drive

Bundle a folder of images into one PDF

Combine Northwind scans into a single deliverable PDF using a generation service.

Updated Nov 17, 2025