Drive Creation Issue
- Cameron Ahana
Owned by Cameron Ahana
From: Google Cloud Support <0000010b5a2c0917-dmarc-request@LISTS.HAWAII.EDU>
Subject: [#19467801] Creating Team Drives with a service account [ ref:_00D00VNwG._500f21PWCsI,00DfGEAW.500fsIAAX:ref ]
Date: May 23, 2019 at 5:32:19 AM HST
To: "hdadmin@hawaii.edu" <hdadmin@hawaii.edu>
Hi Teresa,
Thank you very much for contacting Google Cloud Support, my name is Damien and I'll be advising you on this issue on your domain hawaii.edu where you have been unable to create Team Drives using a service account.
Unfortunately Teresa, we generally do not assist with assist with issues relating to the G Suite API outside of break-fix support and cannot assist in the implementation of this I am afraid however I would like to assist you with this as much as I can.
Looking into this for you Teresa, I'd recommend reviewing the following if you have not already which may be helpful in getting these created:
Create shared drives
https://developers.google.com/drive/api/v3/manage-shareddrives#create_shared_drives
Manage shared drives
https://developers.google.com/drive/api/v3/manage-shareddrives
Additionally, please note that the Team Drive API is now deprecated and going forward you will need to make use of the Drive API which can be found at https://developers.google.com/drive/api/v3/reference/drives
I do hope that the above has been helpful Teresa. If you do have any further questions relating to your G Suite account, please don't hesitate to reply to this email at anytime and I would be happy to get back in touch with you once more as soon as I can.
Kind Regards,
Damien
Google Cloud Support
-------------------------
Case: #19467801
Subject: Creating Team Drives with a service account
We have a service account for a project that's communicating with the Google Drive API. We are seeing a "403 Forbidden" error when we attempt to create a team drive with our service account. Complete stack trace is below.
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "The user does not have sufficient permissions for this file.",
"reason" : "insufficientFilePermissions"
} ],
"message" : "The user does not have sufficient permissions for this file."
}
Is it possible for service accounts to create team drives? If so, how do we grant the service account the necessary permissions to create team drives?
Thank you for your time, -Teresa
I'm listing a bunch of questions spawned from Google supports response to our issue.
Why is G Suite API not their problem? Isn't it a google product?
Is there another Google division or unit that could help us?
Are there white papers or documentation on how to build service accounts with the appropriate permissions to create team drives?
Does documentation exist on navigating the Google Developers Console?
Is there a diagram depicting the relationship between G Suite API and Drive API?
Research
Developer Offerings for G Suite Domains
Service accounts use 2 legged oauth to allow web apps to act as it's own user rather than being a proxy for a real user (3 legged oauth).
- see youtube video (2012) on service accounts
- oauth 2.0 to access google APIs
- using oauth 2.0 for server to server applications
- you must delegate domain-wide access to the service account when creating it in order to access user data for users in your G suite domain
- you can impersonate real g suite domain users
- service accounts can be used to impersonate a real user
- Setting up authentication for server to server prod apps