Currently I work on a Chrome extension published but unlisted in the Chrome Webstore. Our organisation uses Google Workspace and the extension's owner is bound to a group in the Workspace which Google calls using a 'Group Publisher Account'. We ship the extension to support another application and because of this our documentation describes how to manage the installation of the extension via the Extension ID (the alpha numeric UUID that identifies the extension)
Because of various corporate changes, we'd like to transfer the ownership to a group in a different Google Workspace. In the developer console when we tried to unhook the group publisher account it said that we must unpublish all extensions. While the extensions not being available is a little inconvenient its not the end of the world. However, what we're now concerned about is that unpublishing the extensions, removing the group publisher (at which point ownership will revert to an individual account in the group based on some rules, we think we can arrange for this to be an individual in the new Workspace by adding them as a member of the original Workspace group), and then republishing may cause our extension ID to change. Which is something we really need to prepare for.
Does anyone have an experience with doing this, that could warn us of any landmines we might step on here?
You'll want to use the One Stop Support form to initiate the transfer request.
My item (extension, app, or theme)
I want to transfer my item
The form itself calls out a few caveats to be aware of. As of Feb 14, 2022 it stated:
Please make a note of the following information -
After submitting this form, you will need to confirm the transfer from the original publisher email address
The destination account needs to be registered before submitting this form. A $5 registration fee is required for the registration. Learn more.
Ensure you give the correct account details
Only items that are published and without any violations will be transferred.
Transfers can take up to 7 days
Transfering an extension does not have any impact on end users. The extension ID will be retained, existing installations are not affected, and users will continue to retrieve updates as expected.
Related
For years, I've been using the email addresses MyEmail#mydomain.com and myemail#mydomain.com as if they are identical. And most of the time this is true. However now the OAuth verification process for the project seems to be failing because Google treats these as two separate identities.
The GCP project owner is MyEmail#mydomain.com. In the OAuth consent screen, I've set mydomain.com as the sole authorized domain for my app. And I use myemail#mydomain.com as my identity in Google Search Console when verifying that I am the owner of mydomain.com.
I got an email from the "The Google Cloud Trust & Safety Team", saying that the owner of the GCP project and the identity of the owner of the authorized domain do not match! The only reason for this seems to be the case of the email names, because everything else appears set up properly.
MY QUESTION: How can I change the GCP project owner from MyEmail#mydomain.com to myemail#mydomain.com?
It seems that I need to change one or the other. I would rather change the GCP owner to myemail#mydomain.com. But I can not get that to happen. I followed the instructions in Grant or Revoke Role.
I go to IAM -> Permissions - Add. I enter the email without the caps & ignore their suggestion to use the one with caps. But in the "Select a role" dropdown, it shows "Owner" as a role "Currently used". I select it anyway and click Save. But IAM -> Permissions never get changed.
I've thought of changing the owner first to someone completely different and then to the lower case email. But that might involve billing emails changing, etc.
EDIT - As a result of trying to add myemail#mydomain.com to the project, I received an email at that address from GCP, asking me to join the project. I accepted the request, but IAM is still only showing MyEmail#mydomain.com as being on the project.
Is this really the case that myemail#mydomain.com and MyEmail#mydomain.com are separate GCP identities? Might there be a different reason for Trust & Safety to think they're not the same?
If I respond to the T&S email, describing my issue, will a real person actually read it, or will the same automated test be run again to check the issue?
Resolution: I responded to the T&S email, explaining what was going on with the upper/lower case letters in my email address.
Today I got a reply: "Request Granted. Your project is now verified for ....". That's great! But I wonder if I will forever be first rejected for the same reason on all new projects that I create. It appears that the final solution is likely finding a way to change my logon email on GCP to one without capital letters.
Since you mention that you are never asked to select a different profile when logging into your account, then it should be the exact same account using the actual same GAIA ID as mentioned by DazWilkin, so there should be no difference within the GCP console between MyEmail#mydomain.com and myemail#mydomain.com.
Google usually recognizes an email address in both forms as the same account, although there are some exceptions across their products (I have had a similar experience with email addresses from Google Groups). I think this is one of those particular exceptions.
I would strongly recommend transferring the project ownership to a totally different account within your domain, then waiting a couple of hours due to Google's "propagation time" across services, and transferring the ownership back to the account using the format myemail#mydomain.com.
Now answering to:
If I respond to the T&S email, describing my issue, will a real person actually read it, or will the same automated test be run again to check the issue?
They are actually a team of people, but they tend to use a lot of canned responses, so I would definitively recommend being very specific with your choice of words when responding to their emails otherwise, you may not get a relevant response. You may also try to explain this to them via email to see if there is an actual problem with the email address or if it is just them or the system being extremely picky when checking the email address.
I think you basically have it covered. But it is important that on new Owner's account, you will need to go to "Billing" in the "hamburger" menu and either link the project to an existing billing account or set up a new Billing account to link the project.
You may also need to delete the old project owner to avoid confusion.
I have created a Chrome extension.
By default it took my Gmail id in the "from xyzpqr".
How can I change my Gmail id to something different?
You can set the displayed name (per publisher account, not per item) at your Developer Dashboard:
Exceptions to the rule:
If your Webstore item is associated with a verified website, say http://example.com/, it will display "offered by example.com" with no possibility to change it except for removing the association.
You can be part of, and create, Group Publishing accounts. Items transferred to Group Publishing accounts have an independent display name.
Make sure you read the documentation thoroughly before you use this feature, as it is in many ways irreversible! (for example, you can't transfer items back, and you can ever create only one such account)
I'm facing an issue with an application I'm developing using Google Drive.
I have a Google group with some users inside, and I share a collection with this group.
When I try to find this collection using Google Drive API (files().list()), as one of the users of this group, the collection shows up properly.
However, if I add another user to the group (either using API or Google CPanel), and try to find the collection using Google Drive API as this user, the collection doesn't show up, as if the user is not able to see it even though he is in a group allowed to see the collection.
If I manually open once the collection through my browser, then the collection is showing through Drive API.
Is this a normal behaviour ? In my use case I cannot expect from the users to open in their browser each and every collection shared with them in order for the application to work.
Any insight?
I opened a Google Support case about this and apparently this behavior is "expected". Here are some excerpts from my exchange with "Angel" from
Google Enterprise Support (typos corrected and emphasis mine):
After reviewing the stackoverflow question, we need to clarify to you that the behavior shown is expected. When adding a user to a group, this group must be added again for any files that it has been shared with.
and
All information previously provided is from internal documentation for Drive UI; however the functionality is the same for SDK, therefore, group must be deleted and added back to the list of users that have access to files/folders after adding a new member.
So, there you have it. Not sure if #Burcu will ever come back and confirm.
<EDIT> It gets worse. According to this Google document, groups with more than 200 members will never see files shared with them, even if you delete and add the group back. </EDIT>
Useless post-answer rant follows:
This behavior, even if it is "expected" by Google, does not seem to be properly documented, and it is neither expected nor usable by clients of the service. How are we supposed to know when a user has been added to a group that has items shared with it? Are we supposed to constantly monitor group memberships as well as maintain a list of all things shared with the group and then *re*share them with the group when the membership changes, just to get consistent behavior? It makes me wonder why Google doesn't already do this on the back end; it can't be that expensive to register a list of callbacks with a group that are triggered upon membership changes. And the requirement that we actually unshare is even more bizarre, since it necessitates a short period of time during which nobody in the group can access the resource.
Trying to figure out if I can do the following via the box-api.
authenticate as an enterprise admin
lookup a user (in our case a special box user named "group_xxx" where this account will serve as a non-person shared group like "group_math_dept", "group_engineering_dept", etc...).
query for the root folder info for a given user-id (perhaps "GET /users//folders/0"
(tried that it doesn't work).
View the list of enterprise users with whom the given folder has been shared.
Modify the list of enterprise users with whom the given folder has been shared.
What I'd like to do is develop an app to delegate admin of these special group accounts to an appropriate individual in the given group. We can maintain who admins what locally. I can authenticate as one of our Box Admins (i.e. I have working code for steps 1 and 2). However, I don't see support in the API v2.0 doc for steps 3, 4, and 5.
Am I missing anything?
Unfortunately my understanding is the same as what you've found; that account and meta operations like steps 3 through 5 are not currently supported through the API.
UPDATE:
Looking at Box's developers blog it looks like functionality for steps 4 and 5 were actually just added, but are not yet in the documentation.
http://developers.blog.box.com/2012/09/10/v2-api-updates-keep-rolling/
Box actually has some more enterprise/admin API methods in private beta. Those are made accessible to early testers for a controlled environment, and include methods to perform operations on behalf of other users with administrative privileges.
If you're interested, feel free to email api [at] box [dot] com to discuss the testing of beta methods.
I am no longer working with the person who originally created my Chrome extension, and I need to manage and push updates to the extension for our current users.
Is there any way of transferring ownership? He is happy to do it, but has not been able to find a way.
You have to fill in some forms with Google.
You can find the Chrome Web Store account transfer request form here: http://support.google.com/chrome_webstore/bin/request.py?contact_type=dev_account_transfer
You may create a Google Group and use it as your publisher.
Remember that:
You can only set up group publishing once and create one group publisher account.
If you want to transfer extension to group, then:
Select "All Publishers" in the dashboard.
Under target group click "Transfer your existing item(s) to this publisher".
In practice I was able to share publishing access among group owners, not group participants, but you may experiment yourself.
Assuming that we're talking about an extension hosted on Google's extension gallery, there's no mechanism for transferring ownership available in the developer dashboard. Transfers of ownership have to be done manually by someone internally. The extension's owner will need to send an email to the "chromium-extensions" group explaining the situation, and someone from the extensions team will get back with you relatively soon to get the details.
Until there's a better mechanism for this (multiple owners, for instance), I'd suggest that you create a new Google account to share between the extension's owners, and ask for that address to be assigned ownership.