I'm using Google Apps for Work. I try to take ownership for ALL file in user's Google Drive to Administrator account using APIs, via the latest Drive API http://support.google.com/a/bin/answer.py?hl=en&answer=1247799
With super admin permission, I can't use setownerto take ownership (action not allowed)
Only the owner of the file can grant access or ownership to other users. Even as admin, you won't have that kind of permission.
In order to accomplish this, as an admin you can "impersonate" the user and then perform actions on user's behalf.
This is done using service account with domain wide delegation permissions.
After doing this, you can call the API's as the user and give the admin(yourself) owner permissions of the user's files.
Hope this helps.
Related
What will extra setting to get files / folder from google drive API with service account? Currently getting empty results.
Same code working with credential web scope with client id and secrets key but not with service account.
When you use a web client. It pops up and requests authorizaiton. In this way a user is granting your application access to their data. So a file.list will return the files on the users google drive account.
The same thing is happening with your service account. Only service accounts are pre authorized. Your file.list is returning no files becouse the service account doesnt have acess to any files yet. You see it has its own drive account.
Options.
Upload files to the service accounts drive account.
open your credetials.json file. Look for the service account email address. Take that address and share a directory or file on your personal drive account with the service account.
Now do a file.list. It should have files.
Schools will install my application as a Google Apps app. Right now I request the drive scope, so my app can read/write all of the current user's drive files. How can I ask a domain administrator to grant that privilege to my app on behalf of all of the users in the domain, so that each individual person doesn't have to understand & grant the permissions later?
If you build and publish your app to the Google Apps Marketplace, domain administrators can install your and pre-approve access for all users of the domain. You can find details at https://developers.google.com/apps-marketplace/.
Say, I am a Domain Super Administrator. And, there are User A (source - files to be copied from) and User B (destination - files to be copied to). Is there any Google Drive SDK API available for this feature?
When I read this: https://developers.google.com/drive/v2/reference/files/copy, this API allows only to copy into my own Google Drive.
Please help. Thanks.
Use domain-wide delegation to impersonate each user https://developers.google.com/drive/delegation.
Authenticate as source user and share file with target user https://developers.google.com/drive/v2/reference/permissions/insert
Authenticate as target user and copy source file to produce target copy of file owned by target user https://developers.google.com/drive/v2/reference/files/copy
I am working with Google Drive from an application-specific account. It would be great to be able to get access to the GDrive UI logged with this account. Is this possible?
No, it is not possible to access the Google Drive web user interface of a service account.
Use Case
As admin service account, transfer Document Ownership using the Google Docs API, similar to the built in cPanel "Advanced Tools" -> "Document ownership transfer"
Constraints
APIs are being invoked in context of a Google Apps admin service account rather than the end-user account since APIs are being invoked from Google Apps Script in Sites page
Authorization is OAuth 1.0 since this is what Apps Script supports
What works:
Transferring ownership of the admin service account's own files to another user's account as documented here
What is required:
Transfer ownership of another user's files, ideally without them sharing any permissions with the admin service account; if there's no other way of doing it, they could share edit permissions on the file with the admin service account.
Currently this returns a
" ServiceException - You do not have permission to share these item(s):"
What you're trying to do is possible by impersonating the user using the admin account. The documentation shows how to do this here.
Essentially, start by requesting the API URL with default replaced with the current owner's email address. The request must be made while authorized as the admin user, though.
https://docs.google.com/feeds/user#yourdomain.com/private/full/
Once that URL is requested, all feed URLs will be returned with that email already present. Then, simply change ownership as you would normally.