Permission Migration Watchpoints
Important Change — Effective Mid-February 2026
Google Drive has changed how permissions work. While Box migrations are lower risk due to Box's waterfall permission model, you should understand how any edge cases will be handled.
Why Box Migrations Are Lower Risk
Box uses a waterfall permission model where permissions cascade downwards from parent folders. A collaborator's permission on a child folder can be more permissive than on the parent, but never less. This naturally aligns with Google Drive's inheritance model.
Key Point: Most Box migrations will map directly without transformation. The scenarios described below are edge cases that may occur in rare circumstances.
Box vs Other Platforms
| Platform | Permission Model | Migration Risk |
|---|---|---|
| Microsoft 365 (SharePoint/OneDrive) | Allows broken inheritance (restrictions) | Higher — transformations common |
| Dropbox | Allows member removal on subfolders | Medium — restrictions possible |
| Box | Waterfall only (no restrictions) | Lower — transformations rare |
Box Permission Mapping
The following table shows how Box roles are mapped to Google Drive:
| Box Role | Google Drive Role |
|---|---|
| Owner | Owner |
| Co-owner | Organizer (Shared Drive) / Editor (My Drive) |
| Editor | Editor |
| Viewer Uploader | Editor |
| Previewer Uploader | Commenter |
| Viewer | Viewer |
| Previewer | Viewer |
| Uploader | Contributor (Shared Drive) / Editor (My Drive) |
Scenarios With No Change (Common)
The following scenarios migrate directly with no transformation required:
| Scenario | Result |
|---|---|
| Standard waterfall — permissions cascade to children | No change — Direct permission mapping |
| User has more access on child than parent (upgrade) | No change — Google supports permission upgrades |
| Different collaborators at different folder levels | No change — Each user's permissions applied at their entry point |
| User removed from Box (removed from parent and all children) | No change — Migration reflects final state |
Example 1: Standard Waterfall (No Transformation)
This example shows the typical Box migration scenario where permissions flow naturally.
Scenario
User A is an Editor on the /Project A/ folder in Box. Due to the waterfall model, this permission automatically applies to all subfolders.
Source (Box)
Folder: Project A (User A: Editor) Folder: Designs (User A: Editor - inherited) Folder: Documents (User A: Editor - inherited) User A sees: All folders with full Editor access. Permissions cascade down automatically.
Target (Google Drive)
Folder: Project A (User A: Editor) Folder: Designs (User A: Editor - inherited) Folder: Documents (User A: Editor - inherited) User A sees: All folders with full Editor access. No transformation needed — Direct 1-to-1 mapping.
What this means: Most Box migrations will look exactly like this — permissions map directly with no changes.
Example 2: Upgraded Access on Child (No Transformation)
Box allows a user to have higher permissions on a child folder than on the parent. Google Drive also supports this natively.
Scenario
User A is a Viewer on /Project A/ but has been promoted to Editor on /Project A/Designs/.
Source (Box)
Folder: Project A (User A: Viewer) Folder: Designs (User A: Editor - upgraded) Folder: Documents (User A: Viewer - inherited) User A sees: All folders. Can view Project A and Documents, can edit Designs.
Target (Google Drive)
Folder: Project A (User A: Viewer) Folder: Designs (User A: Editor) Folder: Documents (User A: Viewer - inherited) User A sees: All folders with same access levels. No transformation needed — Google supports permission upgrades.
What this means: Permission upgrades on child folders are fully supported and migrate directly.
Example 3: Collaborator Removal (No Transformation)
In Box, when a user is removed from a folder, they are automatically removed from all child folders due to the waterfall model.
Scenario
User B was previously an Editor on /Project A/ but has been removed by the owner.
Source (Box) - Before Removal
Folder: Project A (User B: Editor) Folder: Designs (User B: Editor - inherited) Folder: Documents (User B: Editor - inherited)
Source (Box) - After Removal
Folder: Project A (User B: No access) Folder: Designs (User B: No access) Folder: Documents (User B: No access) User B sees: Nothing — removed from parent removes from all children.
Target (Google Drive)
Folder: Project A (User B: No access) Folder: Designs (User B: No access) Folder: Documents (User B: No access) User B sees: Nothing. No transformation needed — Migration reflects final Box state.
What this means: Box's clean removal process (parent removal cascades to children) means no "orphaned" permissions to handle during migration.
Edge Case: Shared Link Conflicts (Rare)
The only potential edge case in Box migrations involves conflicts between direct collaboration permissions and shared link settings.
Scenario
User A is a direct Viewer on /Company Docs/. A subfolder /Company Docs/Marketing/ has a shared link set to "People in your company can edit".
Resolution
In this case, User A's effective permission on the Marketing folder is Editor (the higher of Viewer + shared link Editor). This is a permission upgrade, not a restriction, so no transformation is needed.
| Direct Permission | Shared Link | Effective Permission | Transformation Needed? |
|---|---|---|---|
| Viewer | Editor (company link) | Editor | No — upgrade is supported |
| Editor | Viewer (anyone link) | Editor | No — direct permission takes precedence |
Hypothetical: If Restrictions Were Possible (Rare Edge Cases)
If any edge case is discovered where a user's effective permission on a child is lower than on the parent (highly unlikely with Box), the following would occur:
Restricted Folder
Folder: Parent Folder (User A: Editor) Folder: Restricted Folder [GREYED OUT] (User A: No Access) User A sees: Both folders. "Restricted Folder" appears greyed out and cannot be opened.
Restricted File (Wrapper Folder)
Folder: Documents (User A: Editor)
File: report.docx (User A: Editor)
Folder: _confidential.xlsx/ [GREYED OUT] (User A: No Access)
File: confidential.xlsx
User A sees: Documents folder, report.docx, and greyed-out wrapper folder.
Note: Based on Box's waterfall model, these restrictive scenarios should be rare or non-existent.
Shared Drive Considerations
If your migration destination is a Shared Drive, there are additional considerations.
Manager Visibility
Users with the Manager role (organizers) on a Shared Drive will always see Limited Access folders as greyed out. This is Google platform behaviour and cannot be changed. This is unlikely to affect Box migrations due to the waterfall model.
Permission Placement Settings
When migrating to a Shared Drive, CloudM Migrate provides settings that control where permissions are applied (Folder/File, Root, or None). For Box migrations, the recommended setting is Folder for folder permissions and File for file permissions, which applies each item's permissions directly. The Root setting applies the top-level folder's permissions to the Shared Drive root — due to Google's expansive access model, these permissions cascade to all content in the drive, establishing each user's minimum access level.
Pre-Migration Recommendations
Although Box migrations are lower risk, consider these steps before migration:
1. Review Shared Link Settings
If you use shared links with different permission levels, verify that no conflicts exist between direct collaborations and link permissions.
2. Verify Permission Structure
Run a pre-migration scan to confirm all permissions follow the expected waterfall pattern. This verifies no edge cases exist.
3. Communicate with End Users
Inform users that their permissions will migrate directly. If any edge cases result in greyed-out folders, emphasise that:
- They still cannot access the content
- This is Google's intended design
- The folder structure is preserved for easier navigation
Frequently Asked Questions
Q: Why is Box considered lower risk than other platforms?
A: Box uses a waterfall permission model where permissions can only be upgraded on child folders, never restricted. This aligns naturally with Google Drive's inheritance model, meaning most permissions map directly without any transformation.
Q: What happens when I remove a collaborator from a Box folder?
A: In Box, removing a user from a parent folder automatically removes them from all child folders. This clean removal process means the migration reflects the final state with no "partial access" scenarios to handle.
Q: Can I downgrade a user's access on a Box subfolder?
A: No. Box's waterfall model only allows permissions to stay the same or increase on child folders. You cannot give a user Editor access on a parent and Viewer access on a child — this is why Box migrations are lower risk.
Q: What about shared links in Box?
A: Shared links may grant additional access to content. The migration calculates the user's effective permission (highest of direct + link) and applies that. Since this typically results in upgrades (not restrictions), no transformation is needed.
Q: Will I see any greyed-out folders after migration?
A: Unlikely. The greyed-out "Limited Access" folders only appear when a user's access on a child item is lower than on the parent. Box's waterfall model prevents this scenario, so you should not see greyed-out folders in a standard Box migration.
Q: What if I have a complex permission structure with many collaborators?
A: Even with many collaborators at different levels, Box's waterfall model ensures no conflicts. Each user's permissions are applied at their entry point and cascade down. This maps directly to Google Drive.
Q: Will this affect my migration timeline?
A: Box migrations typically require less processing than other platforms due to the simpler permission structure. You should not experience significant delays related to permission transformation.
Summary
| What's Happening | Why | User Impact |
|---|---|---|
| Most permissions map directly | Box waterfall model aligns with Google | Minimal to no change |
| Permission upgrades supported | Google Drive supports child upgrades | No change for upgraded child folders |
| Collaborator removal is clean | Box removes from parent and all children | Final state migrates directly |
| Edge cases are rare | Waterfall model prevents restrictions | Unlikely to see greyed-out folders |