Google Drive Information

Since UH is a G-Suite, our hawaii.edu domain has unlimited storage for google drive.

Service Accounts

Access our service accounts through the Google Developers Console.  Erik, Frank and I are owners of the project "Tenure" that created the 2 service accounts.

There's one for test and one for prod.

There's a uhtnptst@hawaii.edu and a uhtnp@hawaii.edu user which the service account acts on behalf of the logged in user. These users have been granted an admin role created by Help Desk and that admin role is granted access to Drives and Docs.

Grant domain-wide delegation authority for the following clientIDs under the G Suite project named "Tenure"
* 100382501517502303226
* 102969607084129771179
Grant admin access role to uhtnptst@hawaii.edu, which is the exact same role that you granted to uhtnp@hawaii.edu; this role is restricted to Drives and Docs.

With the service account acting on behalf of the uhtnp user, the service account no longer needs to be a member on the shared drive; only the uhtnp user needs to be on the shared drive.

• uhtnptst is only added to TEST shared drives, i.e. application IDs starting with 199000xx
• uhtnp is only added to PROD shared drives, i.e. application IDs starting at 1000

The client secret json files are deprecated and new p12 keys were generated to perform the delegation. Those p12 files are loaded on the respective test/prod servers under the home directory's .tenure-conf folder

Drive synchronization software

With GSuite, end users have 2 options to synch their drive files with their desktop and UH's contract supports both

Drive File Stream supports both team and google drives

Backup & Synch only supports google drives

Here's a good comparison between the two:

Google Drive

Only the owner of the folder/file can check "Prevent editors from changing access and adding new people"

Only the owner of a file can check "Disable options to download, print, and copy for commenters and viewers"

Team Drive

Members are added at the root folder level

Folders cannot be shared (so none of the checkboxes above apply to folders)

Anyone with Edit access can "Restrict download, print & copy actions on this file for commenters & viewers" and upload files

• can restrict downloading and printing at the team drive root folder level

Anyone with Full access can manage members in addition to what Edit access can perform

Getting a list of permissions through Google's API DOES NOT return the email address associated with that user so we'll need to keep a list of the uhNumbers associated with the permission IDs upon creation

Options going forward

1. Stay with Google Drive
   1. Access has to be turned over to uhtnp or tenure-service-account by the applicant, which is a lot of work for the applicant
   2. ownership has to be transferred from uhtnp to tenure-service-account, which is a lot of work for ITS
   3. checkbox must be unticked, "Prevent editors from changing access and adding new people"
2. Go with Team Drive
   1. Must be 1 team drive per application
   2. Applicant will transfer files into team drive
      1. folders cannot be copied from google drive to team drive so applicants would need to create them and then move the files

Can the google viewer take you to a certain page in a PDF document?

Create an icon to create a google doc in T&P and allow them to name it

• store it in the root of the team drive
• store it in a separate folder?
  • applicants would be working with it in the team drive so it seems kludgy 
• when a document is uploaded, ask if they want to convert it to a native google doc

Can a native google doc be downloaded from google drive?

• No it can't

Link google docs to a section or have a wizardy setup on the dossier page

• do you want default categories?
• do you want a google doc created for each category?

Test word documents through the google drive viewer

• TOCs not retained
• hyperlinks retained
• bookmarks retained?
• ask Moriko if she's willing to share her word document