問題描述

有誰知道應該進行哪些配置來授予 Google 服務帳戶對已創建的團隊云端硬盤的訪問權限?

Does anyone know which configurations should be done to grant Google service account an access to a Team Drive which is already created?

我們的想法是使用 .NET 后端應用程序中的服務帳戶向團隊云端硬盤上傳/下載文件，這些文件在公司員工之間共享.例如，公司有其 company.com 域，并在 Google 提供 name.surname@company.com 用戶帳戶.還有一個員工的團隊驅動器.其中一個帳戶(不是管理員)用于創建服務帳戶，目前已完成以下步驟:

The idea is to use a service account in a .NET backend application for uploading/downloading files to/from Team Drive which is shared among company employees. For example, company has its company.com domain and provides name.surname@company.com user accounts at Google. Also there is a Team Drive for the employees. One of those accounts (not admin) was used to create the service account and these steps were done so far:

• 在 Google Cloud Platform 中為組織創建項目
• 啟用 Google Drive API
• 創建了一個服務帳號
• 為該服務帳號創建了一個密鑰
• 在 IAM 選項卡中分配的編輯者/所有者角色
• 如此處所述，使用客戶端 ID 為服務帳號啟用 G Suite 域范圍委派 使用 G Suite 管理員帳戶.

• Created a project for an organization in Google Cloud Platform
• Enabled Google Drive API
• Created a service account
• Created a key for that service account
• Assigned Editor/Owner role in IAM tab
• Enabled G Suite Domain-wide Delegation for the service account using the Client ID as described here using G Suite admin account.

我在文檔中找不到任何關于如何授予服務帳戶訪問團隊云端硬盤的信息，以便所有有權訪問團隊云端硬盤的用戶都可以看到所有上傳的文件/文件夾.非常感謝任何有關如何執行此操作的有用鏈接.

I couldn't find any mention in the documentation about how to grant the service account an access to Team Drive so that all uploaded files/folders could be visible to all users who have access to the Team Drive. Any useful link on how to do that is appreciated a lot.

目前，當我使用服務帳戶創建文件夾或上傳文件時，它會將它們放在僅屬于服務帳戶的私有云端硬盤中.

For now, when I create a folder or upload a file using the service account, it puts them in a private Drive which belongs to the service account only.

可能有一個解決方法:將文件上傳到服務帳戶的私人驅動器并與用戶共享(這不是要求的首選)，但是，如果有人告訴我該怎么做，我會開心.

There could be a possible workaround: to upload the files to service account's private drive and share them with the users (this is not preferred by the requirements), but still, if someone tells how exactly to do this, I'll be happy.

推薦答案

以下是根據 評論除了問題中的步驟.

Here are the steps to grant access based on the documentation from the comment in addition to the steps in the question.

這些步驟需要具有服務和應用管理員角色的帳戶.

These steps require an account with Services and Apps admin role.

• 登錄 Google 管理員并轉到 應用程序 ->谷歌 G 套件 ->云端硬盤和文檔 ->共享設置子菜單并從共享選項中選擇開啟
• 點擊管理團隊云端硬盤子菜單，然后點擊您要授予訪問權限的團隊云端硬盤
• 在會員訪問權限彈出窗口中點擊添加會員
• 輸入服務帳號Account ID(電子郵件)，選擇訪問級別(我選擇Full)，勾選Skip sent notification并點擊SEND

• Sign-in to Google Admin and go to Apps -> Google G Suite -> Drive and Docs -> Sharing Settings sub-menu and select ON from the Sharing options
• Click on the Manage Team Drives sub-menu and click on the Team Drive you want to grant access to
• Click on ADD MEMBERS in the Member access pop-up
• Enter the service account Account ID (email), choose access level (I chose Full), check the Skip sending notification and click on SEND

假設身份驗證部分設置正確，下面是一個獲取服務帳戶的團隊驅動器的簡單代碼:

Assuming the authentication part is set up properly, here is a simple code which gets service account's Team Drives:

var teamDriveList = service.Teamdrives.List();
    
teamDriveList.Fields = "teamDrives(kind, id, name)";

var teamDrives = teamDriveList.Execute().TeamDrives;

if (teamDrives != null && teamDrives.Count > 0)
{
    foreach (var drive in teamDrives)
    {
        Console.WriteLine("{0} ({1})", drive.Name, drive.Id);
    }
}

詳細了解 Fields 參數語法 這里

More on the Fields parameter syntax here

這篇關于如何通過 Google Drive .NET API v3 使用服務帳戶訪問 Team Drive的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！