8
votes

Does anyone know which configurations should be done to grant Google service account an access to a Team Drive which is already created?

The idea is to use a service account in a .NET backend application for uploading/downloading files to/from Team Drive which is shared among company employees. For example, company has its company.com domain and provides [email protected] user accounts at Google. Also there is a Team Drive for the employees. One of those accounts (not admin) was used to create the service account and these steps were done so far:

  • Created a project for an organization in Google Cloud Platform
  • Enabled Google Drive API
  • Created a service account
  • Created a key for that service account
  • Assigned Editor/Owner role in IAM tab
  • Enabled G Suite Domain-wide Delegation for the service account using the Client ID as described here using G Suite admin account.

I couldn't find any mention in the documentation about how to grant the service account an access to Team Drive so that all uploaded files/folders could be visible to all users who have access to the Team Drive. Any useful link on how to do that is appreciated a lot.

For now, when I create a folder or upload a file using the service account, it puts them in a private Drive which belongs to the service account only.

There could be a possible workaround: to upload the files to service account's private drive and share them with the users (this is not preferred by the requirements), but still, if someone tells how exactly to do this, I'll be happy.

1
I don't have access so cant help more then link you the documentation developers.google.com/drive/v3/web/… developers.google.com/admin-sdk/reports/v1/guides/delegation You should be able to add the service account email address like you would add any other user.DaImTo
This helped, so wrap your comment in an answer so that I am able to accept it.Ghukas
Why don't you answer the question with what you found. You can use the points all I did was show you the documentationDaImTo

1 Answers

8
votes

Here are the steps to grant access based on the documentation from the comment in addition to the steps in the question.

These steps require an account with Services and Apps admin role.

  • Sign-in to Google Admin and go to Apps -> Google G Suite -> Drive and Docs -> Sharing Settings sub-menu and select ON from the Sharing options
  • Click on the Manage Team Drives sub-menu and click on the Team Drive you want to grant access to
  • Click on ADD MEMBERS in the Member access pop-up
  • Enter the service account Account ID (email), choose access level (I chose Full), check the Skip sending notification and click on SEND

Assuming the authentication part is set up properly, here is a simple code which gets service account's Team Drives:

var teamDriveList = service.Teamdrives.List();
    
teamDriveList.Fields = "teamDrives(kind, id, name)";

var teamDrives = teamDriveList.Execute().TeamDrives;

if (teamDrives != null && teamDrives.Count > 0)
{
    foreach (var drive in teamDrives)
    {
        Console.WriteLine("{0} ({1})", drive.Name, drive.Id);
    }
}

More on the Fields parameter syntax here