This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Cannot figure out permissions to upload file to Google Drive

Posted on 09-16-2024 11:34 AM
Renee_Cooper
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

* I have a service account that has Content Manager permissions on the Google drive folder

* I cannot find anything in GCP console that would allow me to assign permissions to Google Drive for the service account the way I can for GCP services like BigQuery, AppEngine, etc.

* I set the scope here though:

credentials, _ = default(scopes=['https://www.googleapis.com/auth/drive'])
service = build('drive', 'v3', credentials=credentials, cache_discovery=False)

* but when I try to just list the files (self.gdrive_folder is the folderId)

drive_service = self.get_drive_service()
query = f"'{self.gdrive_folder}' in parents"
try:
    response = drive_service.files().list(
        q=query,
        spaces='drive',
        fields='files(id, name)'
    ).execute()

I get HttpError 403 when requesting https://www.googleapis.com/drive/v3/files?q=<REDACTED FOLDERID>+in+parents&spaces=drive&fields=files%28id%2C+name%29&alt=json returned "Request had insufficient authentication scopes.". Details: "Request had insufficient authentication scopes."
Everywhere I look suggests that 

https://www.googleapis.com/auth/drive

Is the scope I need.  What additional scopes are needed?  Is there another way these scopes should be added to the service account besides in the call or in the Airflow connection for Google Cloud?


Solved Solved
0 2 772
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ronnelg
Staff
Reply posted on --/--/---- --:-- AM

Hi @Renee_Cooper,

Welcome to Google Cloud Community!

Your service account for your Google Drive doesn't need any role or permission. You just need to enable the Google Drive API and create a service account in the Credentials section. After creating the service account, you need to create a JSON key file and download it. 

Then on your Google Drive, create a new folder, right-click the folder, click the Share and add the email address of the service account you just created and make it as Editor. After the role is provided you can now move into the coding part. You can check this blog from Medium for your reference.

I recommend also checking out Google Workspace Community as they have a dedicated community and resources that might be more helpful with your project.

I hope the above information is helpful.

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
ronnelg
Staff
Reply posted on --/--/---- --:-- AM

Hi @Renee_Cooper,

Welcome to Google Cloud Community!

Your service account for your Google Drive doesn't need any role or permission. You just need to enable the Google Drive API and create a service account in the Credentials section. After creating the service account, you need to create a JSON key file and download it. 

Then on your Google Drive, create a new folder, right-click the folder, click the Share and add the email address of the service account you just created and make it as Editor. After the role is provided you can now move into the coding part. You can check this blog from Medium for your reference.

I recommend also checking out Google Workspace Community as they have a dedicated community and resources that might be more helpful with your project.

I hope the above information is helpful.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Renee_Cooper
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

We will move to another method since downloadable json keys are considered a security risk in our org.  But it's good to know so I can be unstuck on this.  Thanks!

Jump to Solution
0 Likes
Top Labels in this Space
Top Solution Authors
View all