Google Drive SA accounts can't access objects on a shared disks created by other users

Question

I would like to have an access to objects on a shared disks created by other users using SA accounts.

I discovered that by making a call to https://www.googleapis.com/drive/v3/files with the following query:

q=mimeType!='application/vnd.google-apps.folder' and 'GOOGLE_DRIVE_FOLDER_ID' in parents and trashed=false&supportsTeamDrives=true&teamDriveId=GOOGLE_TEAM_DRIVE_ID&fields=files(id ,name ,webViewLink ,webContentLink)

I get different results depending on the account. If I am using access token generated for service account we get different result than if I am using access token generated for a user account. Service account "sees" only files that were create by that particular service account whereas regular users "see" all the files created by other users as well.

Anyone had similar issue and know any solution or workaround?

Answer 1

I get different results depending on the account. If I am using access token generated for service account we get different result than if I am using access token generated for a user account.

What you need to understand is that you can only see the files that you have permission to see. If you are logged in on a normal user account you will only be able to see the files that you own, or have access to. The same goes for a service account, think of a service account as a dummy user. The service account can only see the files it has been granted access to.

Assuming that your shared disks that you are talking about is gsuite then you can have the gsuite admin set up domain wide delegation on the service account and grant it access to the files on the domain.

permissions

If you dont have gsuite or dont want to give the service account full access to the domain you. You might also want to try having the owner of the drive run a permissions.create and add the service account.