How to limit Google Drive app permissions

2
votes

We currently use backup script that uploads tar.gz files to our Google Drive. Our python script is something like this - https://code.google.com/p/gdrive-backup/source/browse/gdrive_backup Basically this is just a python script that uploads file to our business Google drive. It uses OAuth2 with "https://www.googleapis.com/auth/drive" scope.

I wish to limit the script to only have the ability to upload (insert) files into the drive, I would like to disable the permission to delete files (say if someone changes the script itself, the reason to limit the script is not important).

All I see as app authentication options is https://developers.google.com/drive/web/scopes

So far all i tried is to limit the app through the admin console and drive settings. Also tried to look for API references, couldn't find anything relevant.

1
google-drive-api
This question is not good enough. Please edit it and add what you already tried. Also, links are ok, but it should not be necessary to follow them in order to understand the question. - Jeroen Kransen
Scopes docs moved to developers.google.com/drive/v3/web/about-auth - TWiStErRob

1 Answers

5
votes

There is no scope that explicitly allows insert but not delete. However, you'd be a lot better off using https://www.googleapis.com/auth/drive.file scope rather than full drive scope, which will restrict the app to only accessing files it has created or explicitly been opened with.