Reputation: 1
Scan Drive Contents of Google App Domain Users
From what I can tell, it looks like I need to setup a service account in the developer console to impersonate each user individually.
I need to be able to launch the script (preferably from a Web Apps Script) to scan all student Google Drives to monitor for content in violation of policy.
So, a Drive search with something like this "source:domain type:image" won't work, because those are only for shared files.
From here: https://developers.google.com/drive/v3/reference/files/list I don't see a way to specify a userKey, like you can do with the Admin SDK APIs.
Upvotes: 0
Views: 117
Answers (1)
Reputation: 5601
Yes, as you say you will need to use a service account. When you use a service account with the OAuth2 library, you get to set the 'Subject' (the user account that you want to impersonate). There is a service account sample with the library.
Here's an example of a slightly modified OAuth2.getService() that takes the user account email as a parameter. You would run this before each of your https://developers.google.com/drive/v3/reference/files/list Drive API calls as you iterate through your user list.
/**
* Configures the service.
*/
function getService(userEmail) {
return OAuth2.createService('GoogleDrive:' + userEmail)
// Set the endpoint URL.
.setTokenUrl('https://accounts.google.com/o/oauth2/token')
// Set the private key and issuer.
.setPrivateKey(PRIVATE_KEY)
.setIssuer(CLIENT_EMAIL)
// Set the name of the user to impersonate. This will only work for
// Google Apps for Work/EDU accounts whose admin has setup domain-wide
// delegation:
// https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
.setSubject(userEmail)
// Set the property store where authorized tokens should be persisted.
.setPropertyStore(PropertiesService.getScriptProperties())
// Set the scope. This must match one of the scopes configured during the
// setup of domain-wide delegation.
.setScope('https://www.googleapis.com/auth/drive');
}
Upvotes: 1
Related Questions
- Get all Drive files across all users
- Why does the Google Drive API fail to list Google Apps projects?
- Google Drive API - Adding new users to Shared Drive
- Cannot Get Total Shared Drive Size using Google Drive API
- Access files in Google Shared Drive not owned by me
- moving files between two folders in a shared drive - Cannot use this operation on a shared drive item
- "Shared Drive" support in Google Apps Script
- Google Drive API 500 null errors when copying
- Google drive sdk, domain-wide delegation with server-application with multiple domain users