While using Google Drive API, How to restrict my Google Cloud Client ID access to only one user's Google Drive data?

1
votes

I am coding a backend service to call Google Drive API that uploads and downloads Google Drive files. Without using domain wide delegation how to perform user-less authentication and restrict my Client ID's access to read/write only from one user's google drive. The reason for not wanting to use Domain-wide delegation is that it gives the service account and its associated client ID, access to act on behalf of any user in my company's G Suite domain and access data. I would like to restrict that to either of the following:

  • Read/Write just one user's data (this can an account that I create in G Suite for this specific purpose)
  • Read/Write the Google Cloud service account's Drive data. In this case, will I have storage restriction?
1
google-apigoogle-drive-apigoogle-workspaceservice-accounts
What programming language are you using?alberto vielma
You cant. If you want to access your g suite domain using user less authentication then the only option is service accounts. The service account then has access to everything it will be up to your code to then handle the limitations you speak of.DaImTo
@DaImTo, it would be better if you post your comment as an answer so it could be better read by more people.alberto vielma

1 Answers

1
votes

You cant. If you want to access your g suite domain using user less authentication then the only option is service accounts. The service account then has access to everything it will be up to your code to then handle the limitations you speak of.