Understanding Google Drive permissions

Introduction

When linking a Google Drive account, Cloudpress requests read-only access to your Google Drive. This permission allows Cloudpress to:

  1. List all your Google Drive files
  2. Download the contents of your Google Drive files
  3. See the name and emails of people you share files with

This document will address the reasons for requesting these permissions as well as measures you can take to secure your content on your Google Drive.

How are the permissions requested?

Cloudpress uses an authorization framework called OAuth 2.0 to get access to your Google Drive. OAuth 2.0 enables applications to obtain limited access to user accounts on 3rd party services such as Google.

When you link a Google Drive account to your Cloudpress account, you will be prompted to give Cloudpress permission to access your Google Drive account:

You can give Cloudpress access by clicking the Allow button. Once you have granted permission, Cloudpress will then have access to read information from your Google Drive without you having to give permission again.

Why does Cloudpress request these permissions?

Without these permissions, Cloudpress would not be able to work.

Cloudpress request these permissions because it needs to be able to read the list of files on your Google Drive account. This list is displayed to you when your view files in the Documents section of the Cloudpress application.

Also, once you publish a document, Cloudpress has a background process that needs to download the contents of the document, convert it, then upload the document to the destination account.

Why do you want to read names and email of people I share documents with?

One of the permissions listed at the beginning of the document states that it allows Cloudpress to see the name and emails of people you share files with. Cloudpress actually does not require this permission, nor does it ever read any names or email addresses of people that your share document with.

The reason behind requesting this permission is that permissions are “packaged” together in a concept called a scope. When Cloudpress tells Google that it wants to access your Google Drive, it has does it by requesting a specific scope.

The scope Cloudpress is requesting is named https://www.googleapis.com/auth/drive.readonly. This scope gives us read-only access to your Google Drive, but it also gives us permission to see the name and emails of people you share files with.

So the reason is that it is packaged together with the permission to read and download the content of your files. This is unfortunately outside of our control.

Why does Cloudpress require access to all my files?

Google does not allow us to request access to only certain files or folders. Either you give us access to the entire drive, or we cannot read any of the files.

How can I limit Cloudpress’ access?

If you are not happy to give Cloudpress access to your entire drive, we suggest that you created a second Google account. You can then link this second account to Cloudpress.

You can share any documents you want to publish through Cloudpress with this second account. Sharing the documents with the second account which is linked with Cloudpress will give us access to only those documents shared with this second account and not to any other documents on your Google Drive.

Revoking Cloudpress’ access

You can revoke the permission Cloudpress has to read files on your Google Account by going to the 3rd Party Application Permissions section of your Google Account.

Find the listing for Cloudpress and click on it to expand it. Click on the Remove Access button to revoke the permission Cloudpress has to access your account:

Once you do this, Cloudpress will not be able to work with your account anymore, unless you give it access again.

What if I have more questions?

If you have any more questions regarding these permissions, please do not hesitate to get in contact with us at support@usecloudpress.com.