I've set-up a new service account with access to the Google Drive API. I would now like to share one of my drives with the service account user.
Existing advice suggests you can simply share the drive with the service account email address. Unfortunately this produces the following error:
Do I need to do something to make my service account a 'google account'?
Thanks,
Karle
Go to Google Cloud Platform -> Project -> Service Accounts -> Service Account
Check "Enable G Suite Domain-wide Delegation"
It is now possible to share this drive to the user.
Related
I'm updating an app on G Suite Marketplace SDK. It used to work by just changing the script version at the "App Configuration" Tab, and click Save.
Now it posted a warning at the top of the page saying:
Your account does not belong to the same domain as this cloud project or app
and the Save button is grey and not clickable.
Error image can be seen here:
What is the issue and where should I go to check and verify the domains?
Terms:
GCP - Google Cloud Platform
Apps Script project - Your Apps Script file
Your Google Cloud Platform (GCP) project that is associated with your Apps Script project is in a default category of "No organization." That's the problem.
If you already have an organization set up in your GCP, then skip down to the "Migrate your Cloud Platform Project" section below.
If you have not created an organization in your Cloud Platform project, then you need to do that. After creating an organization, you must migrate the Cloud Platform project for your add-on in "No organization" to your Organization.
Your organization is your "company."
Your Google Workspace account (formerly G Suite) can only have one Organization provisioned with it. You probably have Cloud Platform projects that were automatically put under the "No organization" category. If you already have an Organization in your Cloud Platform project, then you won't see an option to create another one.
Create an organization in Cloud Platform Project
Migrate your Cloud Platform Project:
Open the Cloud Platform Project for your add-on
Open IAM & Admin
Click Settings
Click the Migrate link
Choose the organization to migrate to
Click the button:
Wait for confirmation that the migration happened
I migrated a Cloud Project for an add-on without any problem. You can also change ownership of a Cloud Project from one Google account to another Google account.
My assumption is, that the Cloud Project isn't affected by migrating it because it's basically running independently from whatever account or organization it's associated with.
The only way to know that for sure is if someone from Google provided an answer, but the only way to get support for Cloud Projects is to buy a support plan, and the least expensive one is $100 dollars a month per user.
Google Cloud Project support plans
Technically, Apps Script is not supported by Google, and there is no Google contact person to get answers from.
With the Google Workspace Marketplace SDK, you must associate an Apps Script project with the Cloud Platform project. If you changed ownership of the Apps Script file that the Google Workspace Marketplace SDK was associated with, then there would likely be a problem.
You'd need to make sure that whoever owned the Cloud Platform Project also owned the Apps Script file. If the Apps Script file was deleted, then that would kill the add-on.
I run into this issue and I share what I did that is a bit different of previous answer.
I have a Gmail account that manage the Apps Script and also have a workspace domain. When the first time I publish the app I move the GCP project created in my Gmail acocunt to the GCP Oragnization of my domain. Previously it never generate problem but today I have the eror message
Your account does not belong to the same domain as this cloud project or app
What I did :
On the workspace domain with the super admin account that have the GCP Organizaional Owner role I added my Gmail account as Oragnization manager
Organization Role Administrator
=> It does not work.
So I finally added my domain account as owner of project and it works.
It seems something change in the Marketplace Workspace SDK management and if a project belong to an organization, now you can no longer modify Marketplace item with a Gmail account.
I have created a marketplace app to capture google drive changes.
Enabled two API & services.
1) Google Drive API
2) G Suite Marketplace SDK
Added required content in marketplace SDK and it is published via google chrome tool. So, got a marketplace app url which I can share with others and can install app in their domain.
With this app url I have installed an app by clicking on "DOMAIN INSTALL" button.
In order to receive notification of each drive changes my script is trying to create a channel for each user under this domain But, channel is not getting created. It shows error called "invalid_grant"
So, I took another approach to add marketplace client id and scope permissions under Admin Console->security->Advance Setting ->Manage API client access manually.
Now, I am able to create a channel for user in domain and can access drive files content.
Please help me to figure out that why I am not able to get permission while installing a published G suite marketplace app?
Thanks you.
I'm using Google Apps for Work. I try to take ownership for ALL file in user's Google Drive to Administrator account using APIs, via the latest Drive API http://support.google.com/a/bin/answer.py?hl=en&answer=1247799
With super admin permission, I can't use setownerto take ownership (action not allowed)
Only the owner of the file can grant access or ownership to other users. Even as admin, you won't have that kind of permission.
In order to accomplish this, as an admin you can "impersonate" the user and then perform actions on user's behalf.
This is done using service account with domain wide delegation permissions.
After doing this, you can call the API's as the user and give the admin(yourself) owner permissions of the user's files.
Hope this helps.
I am working with Google Drive from an application-specific account. It would be great to be able to get access to the GDrive UI logged with this account. Is this possible?
No, it is not possible to access the Google Drive web user interface of a service account.
Use Case
As admin service account, transfer Document Ownership using the Google Docs API, similar to the built in cPanel "Advanced Tools" -> "Document ownership transfer"
Constraints
APIs are being invoked in context of a Google Apps admin service account rather than the end-user account since APIs are being invoked from Google Apps Script in Sites page
Authorization is OAuth 1.0 since this is what Apps Script supports
What works:
Transferring ownership of the admin service account's own files to another user's account as documented here
What is required:
Transfer ownership of another user's files, ideally without them sharing any permissions with the admin service account; if there's no other way of doing it, they could share edit permissions on the file with the admin service account.
Currently this returns a
" ServiceException - You do not have permission to share these item(s):"
What you're trying to do is possible by impersonating the user using the admin account. The documentation shows how to do this here.
Essentially, start by requesting the API URL with default replaced with the current owner's email address. The request must be made while authorized as the admin user, though.
https://docs.google.com/feeds/user#yourdomain.com/private/full/
Once that URL is requested, all feed URLs will be returned with that email already present. Then, simply change ownership as you would normally.