# Google Workspace Public & Shareholders Access - Permission Options ## Overview This document explains whether you can control public and shareholders-only access purely at the Google Workspace level using standard permissions, or if a custom system is needed. --- ## Option 1: Pure Google Workspace Permissions (Simplest) ### ✅ Public Folder - Works Perfectly **How it works:** 1. Create a folder in Google Drive (e.g., "Public Documents") 2. Right-click folder → **Share** → **Change to "Anyone with the link"** 3. Set permission to **Viewer** (read-only) 4. Copy the folder link 5. Use that link directly on your website - no authentication needed **Pros:** - ✅ No custom code needed - ✅ Works immediately - ✅ Google handles all access control - ✅ Links work for anyone, anywhere **Cons:** - ⚠️ Anyone with the link can access (but that's what you want for public) - ⚠️ Can't track who accessed what (unless using Google Workspace audit logs) **Example:** ``` https://drive.google.com/drive/folders/1ABC123xyz... ``` This link can be embedded directly in your website HTML. --- ### ⚠️ Shareholders-Only Folder - Limited Options **The Challenge:** Google Workspace permissions require users to have **Google accounts** to access shared folders. You have several options: #### Option A: Google Workspace Group (Best if shareholders have Google accounts) **How it works:** 1. Create a Google Group: "El Paraiso Shareholders" 2. Add all shareholder email addresses to the group 3. Share the folder with the group → **Viewer** permission 4. Only group members can access **Requirements:** - ✅ All shareholders must have Google accounts (Gmail or Workspace accounts) - ✅ You need to maintain the group membership **Pros:** - ✅ Pure Google Workspace solution - ✅ Easy to add/remove shareholders - ✅ Google handles authentication - ✅ Works on any device **Cons:** - ❌ Requires all shareholders to have Google accounts - ❌ Shareholders must log in with Google to access - ❌ Can't use your custom website login system --- #### Option B: Domain-Restricted Sharing (If shareholders have @elparaisogolf.com emails) **How it works:** 1. In Google Workspace Admin Console → **Drive and Docs** → **Sharing settings** 2. Set sharing to: **"Only people in your organization"** 3. Share folder with specific users or groups 4. Only people with @elparaisogolf.com (or your domain) emails can access **Requirements:** - ✅ All shareholders must have @elparaisogolf.com email addresses - ✅ Must be set up in Google Workspace **Pros:** - ✅ Pure Google Workspace solution - ✅ Automatic domain-based access control - ✅ No external accounts needed **Cons:** - ❌ Requires all shareholders to have domain email addresses - ❌ Can't use your custom website login system --- #### Option C: Individual User Sharing (Not Practical) **How it works:** 1. Share folder with each shareholder's Google account individually 2. Each shareholder logs in with their Google account **Requirements:** - ✅ Each shareholder needs a Google account - ✅ You must manually add each person **Pros:** - ✅ Pure Google Workspace solution **Cons:** - ❌ Very tedious to manage - ❌ Can't use your custom website login system - ❌ Not scalable --- ## Option 2: Hybrid Approach (Custom System + Google Workspace) ### Why You Might Need This **If shareholders:** - ❌ Don't all have Google accounts - ✅ Log in to your website with member IDs (like your current system) - ✅ You want to track access through your website - ✅ You want a single login experience **How it works:** 1. **Public folder**: Use pure Google Workspace "Anyone with the link" (Option 1) 2. **Shareholders folder**: - Keep folder private in Google Drive - Your website checks if user is logged in AND is a shareholder - If yes, generate a temporary authenticated link via Google Drive API - User clicks link → Google Drive opens with proper permissions **Pros:** - ✅ Works with your existing member login system - ✅ No need for shareholders to have Google accounts - ✅ Can track access through your website - ✅ Single login experience - ✅ Can restrict based on member status (shareholder, member, etc.) **Cons:** - ⚠️ Requires custom code - ⚠️ More complex setup - ⚠️ Need to maintain database of shareholders --- ## Comparison Table | Feature | Pure Google Workspace | Hybrid (Custom System) | |---------|----------------------|------------------------| | **Public Folder** | ✅ Perfect - "Anyone with link" | ✅ Same - "Anyone with link" | | **Shareholders Access** | ⚠️ Requires Google accounts | ✅ Works with website login | | **Setup Complexity** | ✅ Simple | ⚠️ Moderate | | **Maintenance** | ✅ Google handles it | ⚠️ You maintain it | | **Works with Website Login** | ❌ No | ✅ Yes | | **Track Access** | ⚠️ Google audit logs only | ✅ Your system tracks it | | **Scalability** | ✅ Excellent | ✅ Good | | **Cost** | ✅ Free (if already have Workspace) | ⚠️ Development time | --- ## Recommendation ### For Public Folder: **✅ Use pure Google Workspace** - Set folder to "Anyone with the link" and embed links directly in your website. ### For Shareholders Folder: **Choose based on your situation:** 1. **If all shareholders have Google accounts:** - ✅ Use **Option A: Google Workspace Group** - Create a group, add shareholders, share folder with group - Simplest solution 2. **If shareholders use your website login (member IDs):** - ✅ Use **Hybrid Approach (Option 2)** - Your website authenticates, then generates Google Drive links - Works with existing system 3. **If you want to track access through your website:** - ✅ Use **Hybrid Approach (Option 2)** - Can log who accessed what files --- ## Implementation Steps (If Using Pure Google Workspace) ### Public Folder: 1. Create folder in Google Drive 2. Right-click → Share → "Change to Anyone with the link" 3. Set permission: Viewer 4. Copy link 5. Use link in website HTML ### Shareholders Folder (Google Group Method): 1. Go to Google Groups: https://groups.google.com/ 2. Create group: "El Paraiso Shareholders" 3. Add all shareholder email addresses 4. Create folder in Google Drive 5. Right-click folder → Share → Add group "El Paraiso Shareholders" 6. Set permission: Viewer 7. Share link with group members --- ## Questions to Answer Before deciding, consider: 1. **Do all shareholders have Google accounts?** - Yes → Use Google Workspace Group - No → Use Hybrid approach 2. **Do shareholders already log in to your website?** - Yes → Hybrid approach integrates better - No → Google Workspace Group might be simpler 3. **Do you need to track who accessed files?** - Yes → Hybrid approach gives you more control - No → Google Workspace audit logs might be enough 4. **Do you want a single login experience?** - Yes → Hybrid approach - No → Google Workspace Group is fine --- ## Next Steps Once you decide: - **Pure Google Workspace**: I can provide step-by-step instructions - **Hybrid Approach**: I can build the custom system with database and management interface