-
Notifications
You must be signed in to change notification settings - Fork 4
rclone
Service accounts are part of the developer console in Google. They are somewhat independent of Google Workspace. The purpose of a service account is to grant access to resources, e.g. google shared drives, without having to login as a real user, which might have more access associated with the user.
The rclone documentation is pretty good, but it assumes you want to do impersonation, which grants full access to all users in the workspace. It's described in 2. Allowing API access to example.com Google Drive. Don't do this step.
What you need to do is add the service account to a particular drive, just like any user. This step isn't explained in the rclone documentation well. To do this, you have to make the drive available to users outside the organization. This is suboptimal, but it's the only way we know how to do this. Once you enable "Allow people outside of to access files", it should work fine. The email address is on the IAM & Admin > Service Accounts page.
Another thing that's not described well is enabling APIs for the service account. This is done in APIs & Services > Enabled APIs & Services page. Enter "google drive api" in the search box and select. Click on the blue button Enable API. If it is already enabled, it'll say Manage. This will enable the API for the project, allowing access to the service accounts associated with the project.