enforce_expansive_access variable/option deleted

wiki/GamUpdates.md

@@ -10,6 +10,20 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
 
 See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
 
+### 7.39.00
+
+Deleted variable `enforce_expansive_access` from `gam.cfg` and removed option `enforceexpansiveaccess`
+from the following commands as expansive access is now always enforced by Google on My Drives.
+```
+gam <UserTypeEntity> delete permissions
+gam <UserTypeEntity> delete drivefileacl
+gam <UserTypeEntity> update drivefileacl
+gam <UserTypeEntity> copy drivefile
+gam <UserTypeEntity> move drivefile
+gam <UserTypeEntity> transfer ownership
+gam <UserTypeEntity> claim ownership
+```
+
 ### 7.38.02
 
 Added license SKU `1010470009` for `AI Expanded Access`; abbreviation `aiexpandedaccess`.
@@ -35,14 +49,14 @@ gam print|show tokens gcpdetails
 ```
 You can get and set the `gam.cfg/gcp_org_id` value with these commands:
 ```
-$ gam info gcporgid             
+$ gam info gcporgid
 organizations/906207637890
 $ gam config gcp_org_id organizations/906207637890 save
 ```
 
 You can get and set the `gam.cfg/customer_id` value with these commands:
 ```
-$ gam info customerid             
+$ gam info customerid     
 C78abc9de
 $ gam config customer_id C78abc9de save
 ```

wiki/Users-Drive-Copy-Move.md

@@ -140,7 +140,6 @@ gam <UserTypeEntity> copy drivefile <DriveFileEntity>
         (mappermissionsdomain <DomainName> <DomainName>)*
         [sendemailifrequired [<Boolean>]]
         [verifyorganizer [<Boolean>]]
-        [enforceexpansiveaccess [<Boolean>]]
 ```
 The files/folders specified by `<DriveFileEntity>` are referred to as `source`, `target` refers to where those files are being copied.
 The files/folders specified by `<DriveFileEntity>` are referred to as `top`; when a folder is being copied recursively, the files/folders that it contains are referred as `sub`.
@@ -590,7 +589,6 @@ gam <UserTypeEntity> move drivefile <DriveFileEntity> [newfilename <DriveFileNam
         [retainsourcefolders [<Boolean>]]
         [sendemailifrequired [<Boolean>]]
         [verifyorganizer [<Boolean>]]
-        [enforceexpansiveaccess [<Boolean>]]
 ```
 The files/folders specified by `<DriveFileEntity>` are referred to as `source`, `target` refers to where those files are being moved.
 The files/folders specified by `<DriveFileEntity>` are referred to as `top`; when a folder is being moved, the files/folders that it contains are referred as `sub`.

wiki/Users-Drive-Ownership.md

@@ -61,7 +61,6 @@ Use [Users - Drive - Transfer](Users-Drive-Transfer) for more complex ownership
 ```
 gam <UserTypeEntity> transfer ownership <DriveFileEntity> <UserItem>
         [<DriveFileParentAttribute>] [includetrashed] [norecursion [<Boolean>]]
-        [enforceexpansiveaccess [<Boolean>]]
         (orderby <DriveOrderByFieldName> [ascending|descending])*
         [preview] [filepath] [pathdelimiter <Character>] [buildtree] [todrive <ToDriveAttribute>*]
 ```
@@ -101,7 +100,6 @@ gam <UserTypeEntity> claim ownership <DriveFileEntity>
         [skipids <DriveFileEntity>] [onlyusers|skipusers <UserTypeEntity>] [subdomains <DomainNameEntity>]
         [restricted [<Boolean>]] [writerscanshare|writerscantshare [<Boolean>]]
         [keepuser | (retainrole reader|commenter|writer|editor|none)] [noretentionmessages]
-        [enforceexpansiveaccess [<Boolean>]]
         (orderby <DriveOrderByFieldName> [ascending|descending])*
         [preview] [filepath] [pathdelimiter <Character>] [buildtree] [todrive <ToDriveAttribute>*]
 ```

wiki/Users-Drive-Permissions.md

@@ -220,7 +220,7 @@ By default, when an ACL is created, GAM outputs details of the ACL as indented k
 ```
 gam <UserTypeEntity> update drivefileacl <DriveFileEntity> <DriveFilePermissionIDorEmail>
         (role <DriveFileACLRole>) [expiration <Time>] [removeexpiration [<Boolean>]]
-        [updatesheetprotectedranges [<Boolean>]] [enforceexpansiveaccess [<Boolean>]]
+        [updatesheetprotectedranges [<Boolean>]]
         [showtitles] [nodetails|(csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]])]
 ```
 There is no change of parents when a new user is updated to be a file's owner.
@@ -236,10 +236,7 @@ The option `updatesheetprotectedranges` only applies to items in `<DriveFileEnti
     * ACLs with role reader or commenter will be removed from existing protected ranges
     * ACLs with role writer or higher will be added to existing protected ranges
 
-`enforceexpansiveaccess` defaults to the value of `gam.cfg/enforce_expansive_access` that controls
+Inherited ACLs can not be updated.
-the ability to update inherited ACLs.
-* False - Inherited ACLs can be updated
-* True = Inherited ACLs can not be updated
 
 By default, the file ID is displayed in the output; to see the file name, use the `showtitles`
 option; this requires an additional API call per file.
@@ -251,7 +248,7 @@ By default, when an ACL is updated, GAM outputs details of the ACL as indented k
 ### Delete
 ```
 gam <UserTypeEntity> delete|del drivefileacl <DriveFileEntity> <DriveFilePermissionIDorEmail>
-        [updatesheetprotectedranges [<Boolean>]] [enforceexpansiveaccess [<Boolean>]]
+        [updatesheetprotectedranges [<Boolean>]]
         [showtitles]
 ```
 The option `updatesheetprotectedranges` only applies to items in `<DriveFileEntity>` that are Google Sheets.
@@ -261,10 +258,7 @@ The option `updatesheetprotectedranges` only applies to items in `<DriveFileEnti
   * Sheet Protected Ranges are updated to reflect the deleted ACL; additional API calls are required.
     * ACLs with any role will be removed from existing protected ranges
 
-`enforceexpansiveaccess` defaults to the value of `gam.cfg/enforce_expansive_access` that controls
+Inherited ACLs can not be deleted.
-the ability to delete inherited ACLs.
-* False - Inherited ACLs can be deleted
-* True = Inherited ACLs can not be deleted
 
 By default, the file ID is displayed in the output; to see the file name, use the `showtitles`
 option; this requires an additional API call per file.
@@ -306,12 +300,8 @@ When adding permissions from JSON data, permissions with `deleted` true are neve
 ```
 gam <UserTypeEntity> delete permissions <DriveFileEntity> <DriveFilePermissionIDEntity>
         <PermissionMatch>* [<PermissionMatchAction>]
-        [enforceexpansiveaccess [<Boolean>]]
 ```
-`enforceexpansiveaccess` defaults to the value of `gam.cfg/enforce_expansive_access` that controls
+Inherited ACLs can not be deleted.
-the ability to delete inherited ACLs.
-* False - Inherited ACLs can be deleted
-* True = Inherited ACLs can not be deleted
 
 When deleting permissions from JSON data, permissions with role `owner` true are never processed.
 

wiki/Users-Drive-Transfer.md

@@ -48,7 +48,6 @@ gam <UserTypeEntity> transfer drive <UserItem> [select <DriveFileEntity>]
         [noretentionmessages]
         [nonowner_retainrole reader|commenter|writer|editor|contentmanager|fileorganizer|current|none]
         [nonowner_targetrole reader|commenter|writer|editor|contentmanager|fileorganizer|current|none|source]
-        [enforceexpansiveaccess [<Boolean>]]
         (orderby <DriveFileOrderByFieldName> [ascending|descending])*
         [preview] [todrive <ToDriveAttribute>*]
 ```

wiki/gam.cfg.md

@@ -355,17 +355,6 @@ enable_dasa
         admin_email, customer_id and domain must be set when enable_dasa is True,
         customer_id may not be set to my_customer
         Signal file: OldGamPath/enabledasa.txt
-enforce_expansive_access
-        The default value for option `enforceexpansiveaccess` in all commands that delete or update
-        drive file ACLs/permissions.
-        gam <UserTypeEntity> delete permissions
-        gam <UserTypeEntity> delete drivefileacl
-        gam <UserTypeEntity> update drivefileacl
-        gam <UserTypeEntity> copy drivefile
-        gam <UserTypeEntity> move drivefile
-        gam <UserTypeEntity> transfer ownership
-        gam <UserTypeEntity> claim ownership
-        Default: True
 event_max_results
         When retrieving lists of Calendar events from API,
         how many should be retrieved in each API call
@@ -1023,7 +1012,6 @@ drive_max_results = 1000
 email_batch_size = 50
 enable_dasa = false
 enable_gcloud_reauth = false
-enforce_expansive_access = true
 event_max_results = 250
 extra_args = ''
 gmail_cse_incert_dir = ''