问题描述
有谁知道应该进行哪些配置才能授予 Google 服务帐户访问已创建的团队云端硬盘的权限?
Does anyone know which configurations should be done to grant Google service account an access to a Team Drive which is already created?
我们的想法是在 .NET 后端应用程序中使用服务帐户向/从团队驱动器上传/下载文件,该文件在公司员工之间共享.例如,公司拥有其 company.com
域并在 Google 上提供 [email protected]
用户帐户.还有一个团队驱动器供员工使用.其中一个帐户(不是管理员)用于创建服务帐户,目前已完成以下步骤:
The idea is to use a service account in a .NET backend application for uploading/downloading files to/from Team Drive which is shared among company employees. For example, company has its company.com
domain and provides [email protected]
user accounts at Google. Also there is a Team Drive for the employees. One of those accounts (not admin) was used to create the service account and these steps were done so far:
- 在 Google Cloud Platform 中为组织创建了一个项目
- 启用 Google Drive API
- 创建了一个服务帐号
- 为该服务帐号创建了一个密钥
- 在 IAM 选项卡中分配的编辑者/所有者角色
- 如此处所述,使用客户端 ID 为服务帐户启用 G Suite 域范围委派 使用 G Suite 管理员帐户.
- Created a project for an organization in Google Cloud Platform
- Enabled Google Drive API
- Created a service account
- Created a key for that service account
- Assigned Editor/Owner role in IAM tab
- Enabled G Suite Domain-wide Delegation for the service account using the Client ID as described here using G Suite admin account.
我在文档中找不到任何关于如何授予服务帐户访问团队云端硬盘的权限,以便有权访问团队云端硬盘的所有用户可以看到所有上传的文件/文件夹的内容.非常感谢任何有关如何做到这一点的有用链接.
I couldn't find any mention in the documentation about how to grant the service account an access to Team Drive so that all uploaded files/folders could be visible to all users who have access to the Team Drive. Any useful link on how to do that is appreciated a lot.
目前,当我使用服务帐户创建文件夹或上传文件时,它会将它们放在仅属于服务帐户的私有云端硬盘中.
For now, when I create a folder or upload a file using the service account, it puts them in a private Drive which belongs to the service account only.
可能有一个可能的解决方法:将文件上传到服务帐户的私人驱动器并与用户共享(这不是要求的首选),但是,如果有人告诉具体如何执行此操作,我会开心就好.
There could be a possible workaround: to upload the files to service account's private drive and share them with the users (this is not preferred by the requirements), but still, if someone tells how exactly to do this, I'll be happy.
推荐答案
以下是根据 评论以及问题中的步骤.
Here are the steps to grant access based on the documentation from the comment in addition to the steps in the question.
这些步骤需要具有服务和应用管理员角色的帐户.
These steps require an account with Services and Apps admin role.
- 登录 Google Admin 并转到 应用 ->Google G Suite ->驱动器和文档 ->共享设置子菜单,然后从共享选项中选择开启
- 点击管理团队云端硬盘子菜单,然后点击您要授予访问权限的团队云端硬盘
- 在成员访问弹出窗口中点击添加成员
- 输入服务帐户帐户 ID(电子邮件),选择访问级别(我选择完整),选中跳过发送通知并点击发送
- Sign-in to Google Admin and go to Apps -> Google G Suite -> Drive and Docs -> Sharing Settings sub-menu and select ON from the Sharing options
- Click on the Manage Team Drives sub-menu and click on the Team Drive you want to grant access to
- Click on ADD MEMBERS in the Member access pop-up
- Enter the service account Account ID (email), choose access level (I chose Full), check the Skip sending notification and click on SEND
假设身份验证部分设置正确,以下是获取服务帐户团队云端硬盘的简单代码:
Assuming the authentication part is set up properly, here is a simple code which gets service account's Team Drives:
var teamDriveList = service.Teamdrives.List();
teamDriveList.Fields = "teamDrives(kind, id, name)";
var teamDrives = teamDriveList.Execute().TeamDrives;
if (teamDrives != null && teamDrives.Count > 0)
{
foreach (var drive in teamDrives)
{
Console.WriteLine("{0} ({1})", drive.Name, drive.Id);
}
}
更多关于 Fields
参数语法 这里
More on the Fields
parameter syntax here
这篇关于如何使用带有 Google Drive .NET API v3 的服务帐户访问 Team Drive的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!