问题描述
有谁知道应该进行哪些配置来授予 Google 服务帐户对已创建的团队云端硬盘的访问权限?
Does anyone know which configurations should be done to grant Google service account an access to a Team Drive which is already created?
我们的想法是使用 .NET 后端应用程序中的服务帐户向团队云端硬盘上传/下载文件,这些文件在公司员工之间共享.例如,公司有其 company.com
域,并在 Google 提供 name.surname@company.com
用户帐户.还有一个员工的团队驱动器.其中一个帐户(不是管理员)用于创建服务帐户,目前已完成以下步骤:
The idea is to use a service account in a .NET backend application for uploading/downloading files to/from Team Drive which is shared among company employees. For example, company has its company.com
domain and provides name.surname@company.com
user accounts at Google. Also there is a Team Drive for the employees. One of those accounts (not admin) was used to create the service account and these steps were done so far:
- 在 Google Cloud Platform 中为组织创建项目
- 启用 Google Drive API
- 创建了一个服务帐号
- 为该服务帐号创建了一个密钥
- 在 IAM 选项卡中分配的编辑者/所有者角色
- 如此处所述,使用客户端 ID 为服务帐号启用 G Suite 域范围委派 使用 G Suite 管理员帐户.
- Created a project for an organization in Google Cloud Platform
- Enabled Google Drive API
- Created a service account
- Created a key for that service account
- Assigned Editor/Owner role in IAM tab
- Enabled G Suite Domain-wide Delegation for the service account using the Client ID as described here using G Suite admin account.
我在文档中找不到任何关于如何授予服务帐户访问团队云端硬盘的信息,以便所有有权访问团队云端硬盘的用户都可以看到所有上传的文件/文件夹.非常感谢任何有关如何执行此操作的有用链接.
I couldn't find any mention in the documentation about how to grant the service account an access to Team Drive so that all uploaded files/folders could be visible to all users who have access to the Team Drive. Any useful link on how to do that is appreciated a lot.
目前,当我使用服务帐户创建文件夹或上传文件时,它会将它们放在仅属于服务帐户的私有云端硬盘中.
For now, when I create a folder or upload a file using the service account, it puts them in a private Drive which belongs to the service account only.
可能有一个解决方法:将文件上传到服务帐户的私人驱动器并与用户共享(这不是要求的首选),但是,如果有人告诉我该怎么做,我会开心.
There could be a possible workaround: to upload the files to service account's private drive and share them with the users (this is not preferred by the requirements), but still, if someone tells how exactly to do this, I'll be happy.
推荐答案
以下是根据 评论除了问题中的步骤.
Here are the steps to grant access based on the documentation from the comment in addition to the steps in the question.
这些步骤需要具有服务和应用管理员角色的帐户.
These steps require an account with Services and Apps admin role.
- 登录 Google 管理员并转到 应用程序 ->谷歌 G 套件 ->云端硬盘和文档 ->共享设置子菜单并从共享选项中选择开启
- 点击管理团队云端硬盘子菜单,然后点击您要授予访问权限的团队云端硬盘
- 在会员访问权限弹出窗口中点击添加会员
- 输入服务帐号Account ID(电子邮件),选择访问级别(我选择Full),勾选Skip sent notification并点击SEND
- Sign-in to Google Admin and go to Apps -> Google G Suite -> Drive and Docs -> Sharing Settings sub-menu and select ON from the Sharing options
- Click on the Manage Team Drives sub-menu and click on the Team Drive you want to grant access to
- Click on ADD MEMBERS in the Member access pop-up
- Enter the service account Account ID (email), choose access level (I chose Full), check the Skip sending notification and click on SEND
假设身份验证部分设置正确,下面是一个获取服务帐户的团队驱动器的简单代码:
Assuming the authentication part is set up properly, here is a simple code which gets service account's Team Drives:
var teamDriveList = service.Teamdrives.List();
teamDriveList.Fields = "teamDrives(kind, id, name)";
var teamDrives = teamDriveList.Execute().TeamDrives;
if (teamDrives != null && teamDrives.Count > 0)
{
foreach (var drive in teamDrives)
{
Console.WriteLine("{0} ({1})", drive.Name, drive.Id);
}
}
详细了解 Fields
参数语法 这里
More on the Fields
parameter syntax here
这篇关于如何通过 Google Drive .NET API v3 使用服务帐户访问 Team Drive的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!