Google Drive just flipped a switch on file permissions. Files set to old “restricted access” now run on “limited access” instead. No one lost view or edit rights, but I still spent last week checking my Workspace setup.
As a Google Workspace admin for a small ops team, I handle shared docs for client reports and security logs. This migration hit in April 2026. It caught some off guard because early notices mentioned March. I audited everything beforehand to avoid surprises.
You manage Drive for business too. Let’s walk through my exact steps so your files stay locked down right.
What Changes in This Permissions Migration
Google ended “restricted access” on files inside shared folders last year. They pushed everyone to folder-level “limited access” for consistency. Now, Drive auto-migrates legacy restricted items to that new standard.
Access stays the same. Viewers see files. Editors change them. The shift happens behind the scenes. Owners spot migrated items with a Drive search: owner:me is:limitedaccess. Those files note “limited access was applied by Google Drive.”
Editors face tighter rules too. They can no longer add users, tweak links, or adjust permissions on folders unless owners enable “Editors can change permissions and share.” Editors still modify content inside.
I test this on a sample folder. Add an editor. They edit a doc but can’t invite others without my nod. Simple fix keeps control with owners.
For details, check Google Workspace Updates on restricted access migration.
Rollout Timeline for Workspace Admins
Rapid Release domains started April 9, 2026. Full rollout took up to 15 days. Scheduled Release followed on April 16. Personal accounts finished first.
All Workspace customers, Workspace Individual, and personal Drives got the update. No admin toggle stops it. Google runs the whole process automatic.
Shared Drives have separate owner checks from March to June 2026. Those target inactive emails, not permissions.
I track rollouts in Admin console logs. Search for “Inherited permissions disabled” by “Google System.” It flags migrated and manual limited access items.
Prep early matches your domain type. Rapid means act now if you missed April.
Audit Your Current Drive Permissions
I start audits in Drive search. Type is:restricted for holdouts. Then is:limitedaccess to review new settings. List shows owners and dates.
Admin console helps too. Go to Reports > Audit and investigation > Drive log events. Filter for sharing changes. Spot patterns like frequent external links.
Test sensitive files. Share a folder with “limited access.” Add a viewer outside your domain. Confirm they see contents but can’t download or print if you block it.
In my team, one sales folder had loose editor rights. Audit revealed five external shares. I pulled those back to domain-only.
Follow my Google Drive sharing audit process for teams for full steps. It cuts audit time in half.
Owners review weekly post-audit. Use groups for permissions. Changes push fast to members.
Your Step-by-Step Preparation Guide
Prep breaks into quick wins. I block a morning each week.
- Log into Drive. Search
owner:me is:restricted. Note affected files. - Open each. Check current access. Matches expected people?
- Folder settings matter. Right-click > Share > Gear icon. Toggle off “Editors can change permissions and share” for control.
- Test shares. Create dummy folder. Set limited access. Invite editor. Verify limits.
5. Admin view: Apps > Google Workspace > Drive and Docs > Sharing settings. Set defaults to restricted links. 6. Train users. Share a one-pager on new editor limits.
I run this on pilot folders first. No disruptions hit production.
For education admins, see Google for Education advice on Drive permissions prep.
Spot Common Permission Pitfalls
Old restricted settings hid issues. Now limited access exposes them.
Editors added outsiders before. One team member shared a budget sheet publicly. Post-migration, that link warns on limited folders.
External shares linger. Audit shows “anyone with link” on client docs. Switch to specific emails.
Nested folders confuse. File in a shared parent inherits loose rules. I flatten structures. Top-level folders get tight settings.
Shared Drives need manager checks. I limit to two per drive. They handle adds.
In my setup, a viewer printed sensitive logs. Viewer settings now block downloads and prints.
Review limited access migration monitoring tips. It matches my weekly scans.
Secure Your Setup After Migration
Post-rollout, I lock defaults. Admin console: Disable external sharing where possible. Allow trusted domains only.
Use Shared Drives for teams. My guide on managing roles in Shared Drives covers members and expirations.
Groups simplify adds. Finance group gets finance folders. No per-file invites.
Audit monthly. Tools flag risky shares. I pair with secure document sharing controls.
Disable downloads on viewers. Right-click > Share > Viewer settings.
Owners notify on changes. “Limited access applied by Google” prompts a quick check.
Key Takeaways
This migration standardizes Drive permissions. Limited access rules everything now. Access holds steady, but editor powers shrink unless you allow them.
I audited, tested, and tightened before April hit. My team shares without leaks.
Run your search today: owner:me is:limitedaccess. Fix one folder at a time. Control stays yours.
Checklist:
- Search restricted and limited files.
- Toggle editor permissions off.
- Test dummy shares.
- Set admin defaults.
- Audit logs weekly.
Your Drive runs smoother ahead.
(Word count: 1482)
