Auto-expire and revoke old sharing links

“Anyone with the link” is a brilliant way to share a file quickly and a quiet liability six months later. Northwind hands out link-shared documents to clients and contractors all the time, and almost none of those links ever get turned off. The access just lingers, long after the work is done.

This script puts an expiry date on that openness. It walks a folder, finds files that have not been touched in 90 days, and revokes any “anyone with the link” sharing on them — flipping access back to private. Active files are left exactly as they are; only the stale, forgotten ones get locked down.

What you’ll need

• The Drive folder ID you want to audit. The script takes it as an argument, so you can point it at different folders without editing the code.
• Edit access to the files in that folder — the script can only change sharing on files you own or can manage.
• A view on what counts as “stale”. The default is 90 days since the last update; adjust the constant below to suit.

The script

// A file is considered stale once it has gone this many days without
// an update.
const STALE_DAYS = 90;

/**
 * Walks a folder and revokes "anyone with the link" sharing on every
 * file that has not been updated within STALE_DAYS.
 *
 * @param {string} folderId  ID of the Drive folder to audit.
 */
function revokeOldLinks(folderId) {
  // 1. Work out the cutoff timestamp: anything older than this is stale.
  const cutoff = Date.now() - STALE_DAYS * 86400000;
  const files = DriveApp.getFolderById(folderId).getFiles();
  let revoked = 0;

  // 2. Walk every file in the folder.
  while (files.hasNext()) {
    const file = files.next();

    // 3. Skip files updated recently — they are still in active use.
    if (file.getLastUpdated().getTime() > cutoff) continue;

    // 4. Only act on files shared by link. Files shared with named
    //    people, or already private, are left untouched.
    const access = file.getSharingAccess();
    if (access === DriveApp.Access.ANYONE_WITH_LINK
        || access === DriveApp.Access.ANYONE) {
      // 5. Revoke link sharing: access becomes private, no permission.
      file.setSharing(DriveApp.Access.PRIVATE, DriveApp.Permission.NONE);
      revoked++;
    }
  }

  Logger.log('Revoked link sharing on ' + revoked + ' stale file(s).');
}

How it works

1. revokeOldLinks computes a cutoff timestamp by subtracting STALE_DAYS (90) worth of milliseconds from the current time.
2. It opens the folder by the ID passed in and gets an iterator over its files.
3. For each file it checks getLastUpdated(). If the file was modified after the cutoff it is still active, so the loop continues and leaves it alone.
4. For a stale file it reads getSharingAccess(). Only files set to ANYONE_WITH_LINK or ANYONE (publicly discoverable) are targeted — files shared with named collaborators are deliberately untouched.
5. It calls setSharing with Access.PRIVATE and Permission.NONE, which removes the link-sharing entirely so the file is reachable only by people explicitly added to it.
6. It logs how many files were locked down so each run leaves an audit trail.

Example run

Suppose the audited folder holds four files when the script runs:

File	Last updated	Sharing	Outcome
Q1-pitch.pdf	130 days ago	Anyone with link	Revoked — now private
client-brief.docx	200 days ago	Anyone with link	Revoked — now private
live-budget.xlsx	4 days ago	Anyone with link	Kept — updated recently
team-notes.doc	150 days ago	Named people only	Kept — not link-shared

The log reads Revoked link sharing on 2 stale file(s). — the two old, link-shared files are now private, while the actively edited budget and the already-restricted notes are left as they were.

Run it

Call revokeOldLinks with the folder you want to audit. The simplest way is a tiny wrapper, which is also what a trigger can point at:

function auditClientFolder() {
  revokeOldLinks('1abcClientFolderId');
}

To keep the audit running on its own, add a time-based trigger:

1. In the Apps Script editor open Triggers (the clock icon).
2. Add a trigger for auditClientFolder, Time-driven, Week timer, on a day that suits you.

A weekly sweep is usually enough — link sharing does not become a risk overnight.

Watch out for

• This is one-way and silent. A revoked link simply stops working, and nobody is told. If a client suddenly cannot open a file, a recently expired link is the likely cause — re-share it explicitly with the people who still need it.
• Only the top level of the folder is scanned. Files in sub-folders are not touched. Recurse into getFolders() if you need a deep audit.
• “Last updated” is not “last viewed”. A file nobody has opened in a year but that was tweaked last week counts as active. Drive’s API does not expose a reliable last-viewed time.
• setSharing can throw for files you do not own, or for items inside a shared drive with managed sharing. Wrap the call in a try/catch if the folder is a mix of owners.
• Test on a throwaway folder first. Revoking access across a real client folder by mistake is awkward to undo one file at a time.