Automate Google Drive Permissions Audit with n8n

Opening Problem Statement

Meet Jim. Jim is an IT security manager at a mid-sized company with hundreds of Google Drive files shared across teams and clients. Every day, new documents are created and shared for collaboration, but sometimes permissions are set too openly—granting access to anyone with a link or to external users outside the company domain. This lax sharing leads to potential data leaks, compliance risks, and overexposure of sensitive information.

Before this workflow, Jim spent hours each week manually checking document permissions, copying data into spreadsheets, and emailing reports to his team. These tasks were tedious, error-prone, and reactive. When issues were finally caught, it was often too late to prevent misuse.

What Jim really needs is a streamlined, automated way to regularly audit what Google Drive documents have excessively open sharing, and get actionable reports in his inbox—all without lifting a finger every morning.

What This Automation Does

This n8n workflow automates the daily auditing of your Google Drive files’ sharing permissions to spotlight potential access control risks. When it runs, here’s exactly what happens:

• At 6 AM every day, a new Google Sheets tab named with the current date (e.g., audit-20240611) is automatically created for that day’s audit results.
• The workflow fetches all Google Docs, Sheets, and Slides modified in the last 24 hours along with their current sharing permissions.
• It filters out documents that are privately shared and flags those that are either accessible “to anyone with the link” or shared with users outside the company domain (e.g., not ending with “example.com”).
• For each flagged file, it extracts key information: document ID, name, sharing type, user ID, user email, and role to prepare an easy-to-review record.
• These records are compiled and appended as rows to the new daily audit sheet for historical tracking.
• Finally, the workflow sends Jim an email summary of externally shared and publicly accessible files, including clickable links for prompt review and action.

Overall, this saves Jim 2-3 hours weekly on manual tracking, reduces human error, and helps improve data security posture with timely visibility.

Prerequisites ⚙️

• Google Drive account with appropriate OAuth2 credentials configured in n8n to access file metadata and permissions.
• Google Sheets account (can be same as Google Drive) with OAuth2 configured to allow creating new sheets and appending data.
• Gmail account with OAuth2 access for sending email reports.
• n8n automation platform account to import and run this workflow.
• Optional: Self-hosting n8n if you prefer full control over workflow execution environment (see Hostinger guide).

Step-by-Step Guide to Build This Automation

1. Set Up Scheduled Trigger Node

Navigate to Triggers → Schedule Trigger. Set it to run daily at a set hour, such as 6 AM. This triggers the entire audit process every morning automatically.

Example: Set triggerAtHour to 6 under the rule section.

Outcome: The workflow kicks off daily without manual intervention.

Common mistake: Forgetting to activate or save this node so the schedule doesn’t run.

2. Create Google Sheet for Today’s Audit

Add a Google Sheets node configured to Create a new sheet titled dynamically with the current date using an expression like audit-{{ $now.format('yyyyMMdd') }}.

Connect your Google Sheets OAuth credentials.

Outcome: Each run generates a fresh audit tab for clean, date-stamped reports.

Common mistake: Using incorrect document ID or insufficient Sheet API permissions.

3. Fetch Recently Modified Files from Google Drive

Place a Google Drive node set to Query for files modified in the last 24 hours (modifiedTime > '{{ $now.minus({ 'days': 1 })}}'), filtering for Google Docs, Sheets, and Slides MIME types.

Ensure the node returns relevant fields like permissions, shared status, name, and ID.

Outcome: You get a list of all relevant, recently changed files for auditing.

Common mistake: Not including the correct MIME types or malformed query string.

4. Filter for Files Shared Externally

Drag in a Filter node named “Has Shared with External Users.”

Set conditions to check if the file is shared publicly (type === 'anyone') or with users whose email doesn’t end with your domain (e.g., not ending with example.com).

Use the boolean expression ={{ $json.shared && $json.permissions.some(item => item.emailAddress ? !item.emailAddress.endsWith('example.com') : false) }} to detect external sharing.

Outcome: Only files posing external sharing risks proceed downstream.

Common mistake: Incorrect Boolean logic, missing external email checks leading to false negatives.

5. Process Each File Individually

Use a SplitInBatches node called “For Each File” to handle the files one by one to prevent rate limits and ease data handling.

Follow with a NoOp node named “File Ref” to hold reference data.

Use a SplitOut node “Permissions To Items” to separate each permission entry into its own item.

Outcome: The workflow can process each file and each permission entry independently for accuracy.

Common mistake: Processing all at once may exceed API quotas or cause data errors.

6. Exclude Document Owners from Auditing

Add another Filter node “Filter Out Owner of Document” that removes entries where role === 'owner' because owners inherently have access.

Outcome: Only user or public permission entries remain for review.

Common mistake: Forgetting to filter owners can clutter reports with irrelevant data.

7. Normalize Permissions Data

Insert a Set node called “Normalise Fields” to reformat and rename data from each permission record. Assign properties like file_id, file_name, type, user_id, user, and role for clarity.

Outcome: Data is ready for aggregation and exporting.

8. Aggregate All Data Rows

Add an Aggregate node to combine all items into one data structure for easy insertion into Google Sheets.

Outcome: Collated data with well-organized records.

9. Flatten Aggregated Rows for Batch Processing

Use a Set node “Flatten Rows” to flatten the aggregated rows array into individual items again.

Then, a SplitOut node “Rows to Items” splits these rows into single items for appending to Sheets.

>

Outcome: Proper row format for Google Sheets batch append.

10. Append Results to Google Sheet

Add another Google Sheets node configured to Append data to the sheet created at the start. Automap the fields.

Outcome: Data is logged in a centralized audit sheet for tracking over time.

Common mistake: Pointing append node to wrong sheet ID or tab.

11. Send Summary Audit Report via Gmail

Finally, add a Gmail node to send a summary email with text listing files shared publicly or externally. Use expressions to generate dynamic content and include links to the audit sheet and flagged documents.

>

Outcome: Jim receives a daily digest to review and act on.

Common mistake: Incorrect email address or missing OAuth credentials results in failed delivery.

Customizations ✏️

1. Change Share Domain Filter: In the “Has Shared with External Users” filter node, update the domain name in the expression .endsWith('example.com') to suit your company domain, ensuring accurate external user detection.
2. Adjust Scheduled Run Time: In the Schedule Trigger node, change the triggerAtHour to your preferred audit time, for example, to run audits before team start hours.
3. Modify File Types to Audit: In the Google Drive node, add or remove MIME types under fileTypes to include additional Google Drive file types like forms or drawings if needed.
4. Send Report to Multiple Emails: In the Gmail node, update the sendTo field to a comma-separated list of email addresses to notify multiple stakeholders.
5. Forward to Security Observability Tools: Replace the Gmail node with HTTP Request nodes to forward audit results to existing logging or SIEM tools in your security stack.

>

Troubleshooting 🔧

Problem: “No files returned” or “Empty dataset” from Google Drive node.

Cause: Incorrect query string or insufficient API permissions.

Solution: Verify the query string uses correct date format and fields. Check OAuth credentials for read permission.

Problem: Email report fails to send with authorization error.

Cause: Gmail OAuth credentials missing or expired.

Solution: Re-authenticate Gmail node credentials and test sending.

Problem: Audit sheet append node throws errors or writes to wrong sheet.

Cause: The Append to New Sheet node is not mapped properly to the created sheet tab.

Solution: Use expressions like {{ $('Create New Sheet').first().json.sheetId }} and {{ $('Create New Sheet').first().json.spreadsheetId }} exactly as in the workflow to ensure correct target.

Pre-Production Checklist ✅

• Verify Google credentials for Drive, Sheets, and Gmail nodes are connected and authorized.
• Test the Schedule Trigger manually by running the workflow once and watching the logs.
• Confirm that the created sheet appears in your Google Sheets account with the correct title.
• Review the fetched file list to ensure permissions and shared status fields are present.
• Check the email sent contains the correct links and summaries.
• Create a backup of your workflow and document IDs.

Deployment Guide

Once tested, activate the workflow in n8n to enable daily automatic runs at your scheduled hour.

Monitor the execution logs for failures or missed runs. Adjust permissions and API rate limits if necessary.

FAQs

• Can I use this workflow for SharePoint files instead of Google Drive? Yes, by replacing the Google Drive node with SharePoint connectors and adjusting queries accordingly.
• Does this consume Google API quota? Yes, each daily run makes API calls to Drive and Sheets. Monitor usage and consider quota limits in GCP console.
• Is my data safe? OAuth2 credentials ensure secure access. The workflow only reads metadata and sends data to your internal email and sheets.
• Can it handle large volumes of files? The SplitInBatches node helps manage large datasets by processing files in manageable chunks.

Conclusion

By building this Google Drive Permissions Audit workflow in n8n, you’ve automated a time-consuming security task, saving yourself hours weekly. You now get daily reports spotlighting files shared externally or publicly, helping you improve your organization’s data security and compliance posture.

As next steps, consider expanding this audit to include shared Google Drive folders, integrating with security information systems, or automating permission revocation for risky files.

With this foundation, you’re empowered to keep your cloud files safer and your team informed—no more manual, tedious security reviews.