Can a Google Apps Admin manage users files with Drive SDK?

Ridgh picture Ridgh · Jul 24, 2012 · Viewed 7.2k times · Source

The new Drive SDK is very good for the authenticated user. Is it possible use Drive SDK using Google Apps administrative access to impersonate other domain users?

The doclist API can do it but it's not possible manage and copy files (pdf, jpg) with this tool.

I'm using Java with this code:

credential_origine = new GoogleCredential.Builder().setTransport(HTTP_TRANSPORT)
                    .setJsonFactory(JSON_FACTORY)
                    .setServiceAccountId("[email from console api]")
                    .setServiceAccountScopes(DriveScopes.DRIVE)
                    .setServiceAccountUser("[email protected]")
                    .setServiceAccountPrivateKeyFromP12File(new File("key.p12")).build();

But I get an error when I try to retrieve data for the [email protected]. If I comment .setServiceAccountUser("[email protected]") the code works great for the same account I used for creating the key.

In the old DOCList API we impersonated another user by the URL of the requests. Is it something similar?

Answer

Alain picture Alain · Jul 24, 2012

You can do that using Service Accounts and specifying the user to impersonate when building your assertion claim.

Once you have created a Service Account key in your API project (from the APIs Console), you will have to add this project to the list of authorized third party app in the cPanel. More information about this can be found here. The "Client Id" you need to use is the one bound to the Service Account key and looks like <APP_ID>-<OTHER_KEY>.apps.googleusercontent.com

Since you want to manage other users file, you will have to authorize the Drive wide scope: https://www.googleapis.com/auth/drive.

Most of our client libraries take care of abstracting the claim generation for developers. If you could specify which language your are planning to use, I can update this answer by providing a code snippet to help you get started.