How to show a real email address instead of the se...

GazGo · 03-30-2024 11:36 PM

We need to create an App Engine project that creates a Docs folder which is then shared with an external user, Fred.

We would like to hide the service account email address so that Fred would see the Docs folder as:

A. Owned by our admin.

B. The 'shared by' by field should also be admin and not the service account. (This seems the tricky bit.)

How would we go about this considering the user should see the folder is being owned and shared by a real user of our organisation and not by a service account?

Does the service account impersonate admin?

Does admin impersonate the service account?

Or ... ?

christianpaula

Hi @GazGo,

Welcome to Google Cloud Community!

You can't directly impersonate a user to share Google Docs securely.

Here's a better approach:

Domain-Wide Delegation: Set up the service account to act for your domain's Drive API access.
Share the Folder: Use the service account to create the folder and share it with Fred (by email) granting him access.
Ownership and Shared By: Fred sees the folder:
- Owned by: Unattributed (no owner shown).
- Shared by: Your organization (domain associated with the service account).

This achieves your goal of hiding the service account and using a real email for sharing.

GazGo

Thanks for the help, I'll experiment with this workflow. I don't think I've ever seen a Drive file that was not owned by some principal.

Do you have any example Go code I can examine please? Code that will run locally and on App Engine.

Cheers

How to show a real email address instead of the service account when sharing a Google Doc by GAE?