I have successfully been able to auto create documents via a service account. The service account is the owner of the created documents atm and I have shared the documents with several users.
My question is how can i view and delete these created documents in one place? I have tried adding a user permission with type 'owner' but that does not work and the user does not have access to the document.
Can I login as the service account and view and manage the documents from the google drive UI?
Thanks
Related
We are developing an application, in that we need to get all the files of all users in the domain. We have enabled service account with domain-wide delegation already, but whenever we tried to access all user's drive, it is required to get each user access token separately after setting each user id using google credential object method (e.g. googleCredentialBuilder.setServiceAccountUser({email_id})). We are using Drive API client library for Java and admin SDK for getting all the users in the domain.
So, our concern is to get all users to drive files using a super admin access token. Is there any alternate way to get all users to drive files using domain/admin-level access token. Kindly help me in this regard.
To obtain all the Drive files in the domain, you have to use delegation as follows:
Use the Directory API users.list() API call to determine all users in the Google Apps domain.
For each user obtained in step 1, do:
2.1. Call files.list with the parameter q set to "me" in owners to get a list of all files the user owns.
To do all of this you don't necessarily need a superadmin account. You just need to set up credentials with domain-wide delegation enabled. You can read more about how to do it here.
How to test safely an app that reads and writes to Google Drive using the API?
I created an app that runs on a server, that basically copies a template google doc to another directory, and then edits this new file.
In order to do that I:
created a service account,
delegated domain-wide authority to this service account
(https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority),
Then the app impersonates a user of the domain (always the same user) to access the API resources.
This app works, but it has 2 problems:
the service account has access to too many things. Ideally, I'd like it to have RW access to one folder only,
I'd like to create test credentials that would have access to another specific folder only, or even better, another drive.
Thanks!
Drive does not have permissions based on folders. The closest you can get is by creating an additional Service Account and then share the folder(s) to that SA.
You can also change the sharing setting for just one organisational unit,doing that all the folders whose owners are part of that OU will be able to share it outside or your domain making that the SA have only access to those folders.
I have created a web app which is making use of Google Drive API/ REST v2 (https://developers.google.com/drive/v2/web/about-sdk) to perform actions such as create/update/rename/delete of documents etc.
I am authorizing requests with OAuth 2.0 (client side - that means every access token is valid for ~1h and then silently I am getting a new token) and then perform previous actions using that token.
I have a new requirement for the authorized user to share his/her documents for writing/updating them (I found out that API has option for inserting permissions (https://developers.google.com/drive/v2/reference/permissions/insert : role: writer, type: anyone).
Is it possible for a non-authenticated user to be able to write/update documents (programmatically - via Google Drive API v2 or another API?) that have been created from the authenticated user that shared these? (something that is similar to google docs/ sharing when a user is sharing his document and offline users are able to edit it?
Thanks.
Is it possible for a non-authenticated user to be able to write/update documents (programmatically - via Google Drive API v2 or another API?) that have been created from the authenticated user that shared these? (something that is similar to google docs/ sharing when a user is sharing his document and offline users are able to edit it?
What you are describing here is something called a service account. Service accounts are like dummy users. You can share a file on your Google drive account with the service accounts email address and the service account will then have access to that file. Assuming that you gave them edit permissions it will be able to read and write to it without authenticating.
Note: service accounts do not work client sided you will need to use a server sided language to use service accounts.
My organization has a project that is using Google Drive to store files. What we want to do is to show the contents of the Drive on a website.
I'm not really sure how to go about this. Most of the examples are showing authenticating the user accessing the site.
Right now, what I am thinking of doing is to use a service account. I have a Node app running a service account, which I just followed from the samples in the Node.js samples. I realized that the contents shown from running the app are the contents of the Drive of the service account.
What I wanted to happen was show the contents of the Drive that owns the project.
I'm not sure if you can get around authentication when it comes to standard User Accounts.
But you don't really need to impersonate a User Account. There is a alternative solution. From your User account, create a folder and move all the files needed by the app into it. Then share the folder with the service account and grant it edit access. To share the folder you'll need to know the email address of the service account which you can find in your Google Developer's Console. To get to the service account's page, click the menu icon (the triple bar) at the top left and select IAM Admin. On that page there should be a menu option for service accounts, when selected it will provide you with a list of all your service accounts and their corresponding email addresses.
Is there a way I can remove data from a Service account created for a Project for Drive API since this is hitting the storage limit. Can I transfer the data to another non service account, Or can I substitute this service account for another? so I can keep using my project or shall I create a new project and integrate it with a new Service account?
Possible solutions seem are described on these other questions, but I´m not sure yet about the solution.
Google Drive Service Accounts Additional Storage
Quota, orphaned files and uploads using service account with Google Drive API
Google Drive API ownership of files uploaded from service account
Google APPs managed "unlimited" account storage quota for service account
Can you please help?
As far as I know, Service Accounts currently cannot purchase additional storage so if you want more storage, you'll need to use a regular Google account instead. Aside from that, change of ownership of service account files is also not possible with Google Drive API.
The only possible option that I found, for now, is to transfer the ownership of the service account file to another account via the app script given in SO post - How to use a service account to transfer ownership of a google file.
After transferring of file ownership, to keep using your project, you can grant owner permission to your service account in the drive file that you need to access by sharing the document.
Solution given by Jalogar in SO post - Drive API access to document with service account might really help.