I have been managing a Google Workspace account (G Suite Legacy Free Edition).
I am now closing that Google Workspace account. However I am currently unable to do so because of an issue I am encountering on Google Cloud.
Before closing my Google Workspace account, I needed to use Google Cloud to export a single user's data. I was able to do this successfully 👍
Two days ago I went to this URL https://admin.google.com/ac/companyprofile/accountmanagement to delete my Google Workspace account. The option to delete my account was not available, the page said 'You have active projects in Google Cloud Platform. You need to delete all GCP projects before you can delete this account.'
I went to https://console.cloud.google.com/cloud-resource-manager?authuser=0 and deleted my data export for that single user. This currently shows up under 'Resources pending deletion' (https://console.cloud.google.com/cloud-resource-manager?pendingDeletion=true&authuser=0).
However today I still cannot close my Google Workspace account and I get the same message about active projects.
I contacted Google Workspace Support and they said:
"Hi! Resources pending deletion will not stop the deletion of
Workspace, the message you received is because an active project has
been detected, please follow these steps to look for it:
Go to GCP console
On the sidebar, go to IAM & Admin -> Identity and Organization 2A. If your listing is under a project, it will show something like "Page
not viewable for projects." Next to it, make sure the domain is
selected and click the select button. 2B. Under Set Permissions, click
"Set Permissions".
If you are listed under the members, edit your user. If not, add yourself.
For your roles, add: Organization Admin and Folder admin. Save your new roles.
Now, back to the project list and delete everything."
I followed their instructions but on the page 'Identity & Organisation' after selecting a domain I could not see any link or section titled Set Permissions.
Remembering a Permissions section on the Manage Resources page I added my Google Workspace admin email address as a Principal to my domain with the following roles:
billing account creator
folder admin
organisation administrator
owner
project creator
Please see a screenshot attached to this post:
Google cloud resource permissions
I went back to the Manage Resources page and ticked the check box next to my domain but the Delete link was greyed out (i.e. not clickable). I noticed that the node could be expanded so I clicked that which revealed a folder called 'system-gsuite'. When I expanded that folder it contained another folder within it called 'apps-script'.
I ticked the checkbox next to the apps-script folder and clicked the Delete link but the web page displayed the message 'Folder cannot be deleted as it contains active resources. Only empty folders can be deleted.'
I contacted Google Workspace Support again and asked them how to overcome this issue. They said I should find help on online communities.
Does anyone have any suggestions to help me delete all my Google Cloud projects?
I did try the alternative approach of shutting down my Google Cloud project (https://support.google.com/googleapi/answer/6251787) but unfortunately when I go to the URL https://console.cloud.google.com/iam-admin/settings?authuser=0&organizationId=############## all I see is my organisation name and organisation ID and there are no options to take any other actions.
Thanks
Update on September 5, 2022: My issue has been resolved
I am happy to report my issue has been solved and I have been able to successfully delete my Google Workspace account. The advice I needed was linked to from this post on the Google Workspace Community: https://support.google.com/a/thread/177790442?hl=en&msgid=177886599 👍
Related
I have created the one add-on.
I have used this link to test and deploy the add-on.
https://developers.google.com/apps-script/concepts/deployments
I have added 3 person's Gmail IDs as test users in the configuration of the google cloud project. Then I come to my spreadsheet and I am able to see the add-on there. But in the other person, I am not able to see the add-on.
I am not getting where I had done a mistake.
Can anyone guide me on this?
Like how to deploy the add-on in the local server, which can be accessible to the user and the user can't access the code. They can only test the add-on.
Google Workspace Add On
I would like to clarify your question with some insights.
Deploying an add-on to a local server is a feature that is not available over App Script.
In order for a user to manage and test an add-on, it would need to have "Editor" Access, this would basically give him access to the code, so it would not be possible to avoid the user to access that data.
As suggested by the official documentation, on how to share and test with developers, you added 3 users for testing under the OAuth consent screen is used for the scopes that would be used over the add-on and the project information.
An alternative would be if you have a Google Workspace account and the test user are part of the domain, to start the process to publish the application as private over the consent screen and that way is downloadable or active for certain members of your domain by following the steps on how to publish:
https://developers.google.com/workspace/marketplace/how-to-publish
You can manage what application users access the marketplace over the Admin console or by publishing as "Unlisted" and sharing the direct URL of the app's store page.
I also recently discussed a similar scenario over this thread if you would like to review more about the Add-On.
References:
https://developers.google.com/apps-script/add-ons/how-tos/testing-workspace-addons
https://support.google.com/cloud/answer/10311615
https://developers.google.com/workspace/marketplace/enable-configure-sdk
My Google App Script (an add-on for Google Docs) has passed the OAuth verification and has also been verified by the Google team. The application is both "Published" and "GAM: Published", yet Domain Admins are unable to locate the add-on when searching for it, and therefore cannot install it to their domain users.
I have read the following two articles many times:
https://developers.google.com/gsuite/add-ons/how-tos/publish-addons
https://developers.google.com/gsuite/add-ons/how-tos/publish-for-domains
I've been liaising with the docs-addon-advisor, who has approved the add-on again and again, but nothing seems to impact the Marketplace Apps search results. It is however availble in the Web Store search results. They have directed me back to this forum for advice.
I've followed the articles above and see no error messages in the publication, yet still the add-on remains invisible to the Domain Admin world.
You can see that DocuSign is happily installed in my domain, I can search for it, and it has been pushed down onto my domain users. So what I'm trying to achieve is possible. My add-on is simply absent from this marketplace search for some reason.
Any ideas?
Your add-on is published at https://gsuite.google.com/marketplace/app/seal_atn/820114923602. It does not have "Enable individual install" checked so it's installable and searchable only by domain admins.
I'm trying to publish a Google Docs addon, visible only to my Google Apps domain, and then automatically install it for everyone in the domain
I have:
made a script in Google Drive, shared it with everyone on the domain
deployed it to the Developer Dashboard using Publish -> Deploy as Addon, with Publish in Google Apps Marketplace turned OFF
pushed it from the Developer Dashboard, making it visible just to users of my domain, giving it all the necessary fields and images
verified that others from the domain can install the addon by going to Addons -> Get addons in a Google Doc, toggling the filter to For mydomain.com. Also verified that it works when installed that way.
created a new project in Google Developers Console, added Google Marketplace SDK and created an OAuth2 client id
I'm stuck on the step of "configure Marketplace SDK", specifically the project key for the Docs add-on extension option in it, where I'm consistently getting a Project Key is not associated with current project. error.
I believe I need to finish this step, so that I could then re-do step 2 with Publish in Google Apps Marketplace turned ON, and then finally enable it for everyone.
Steps that shouldn't affect things, but might be worth noting:
I am not the owner/admin of the domain, but the admin is assisting in steps where I get stuck. (like creating the OAuth2 client id)
I have transferred ownership of the Developer Dashboard entry to a group that I'm owner of (on the desired domain)
I have transferred ownership of the Developer Console project to that same group
the problem was I manually created a project in Google Developers Console
instead, I should've used the Resources -> Advanced Google Services -> Google Developers Console link to access a HIDDEN PROJECT (?!) and enable Marketplace SDK there.
sigh.
I have implemented the Picker API for my Web App and there is only one inconvenient.
The App permit a user to open a project and share all kind of documents. One of the methods available to share documents with others is throughout Google Drive, so the User select the documents within its account and the App show the links to download the content shared.
All works fine but the issue is related with permissions. If other users click on any link, it indicates that he needs permission from the owner, so he must wait until access is granted.
Is there any way to avoid this? I mean, the owner share the files knowing it can be downloaded by any other user from the website.
Thanks in advance.
I'm looking for some clarification on accessing Google docs/Drive SDK via a Service Account.
I have everything set up in the API Console and I can successfully generate an access token via the JWT process and indeed I can issue requests to either drive SDK or the Docs List API to get a listing of documents. However, the document listing is always empty, I was expecting to see all the documents in my Google Drive. I am obviously not understanding fully what a service account gives you. If I upload a document via the Service Account then it does show up correctly, but is not visible in my Google Drive, it's as if the Service Account is a totally separate black box.
The reason I want to use Service Accounts is that I have a service running that needs to upload documents to various clients Google Docs accounts, without them having to go through the OAuth dance as there will be no UI interaction at all. Is this possible with Google docs. I was hoping that they could just send my the client_email and the certificate with the private key and I would be able to upload documents to that account.
Many thanks for your consideration
-Marshall
Not sure whether you need the answer anymore, but I just faced with the same issue, came to this post. Found one solution which works in my case, so sharing with everyone here.
The only integration point towards GoogleDrive in my case is document listing.
When I first created my service account, it didn't work as well (just empty list all the time).
What did I do to fix it:
Go to MyDrive UI https://drive.google.com/#my-drive
Checked all the documents I want to see on my website
In the top menu clicked "More"->"Share..."->"Share..."
In "Add people" section (new window "Sharing settings (N items)") I added service account email (format is "XXXXXX##developer.gserviceaccount.com")
Run document listing once again and got it working.