Service account "only" for Google Sheets

Clem · 10-30-2024 03:26 PM

Hello everyone,

My current workflow involves using Python and Pandas to create scripts, with the results exported to Google Sheets. I’m trying to use the Google Sheets API without having to create a service account and manage a local JSON credential key, but I haven’t found a way to do this with gcloud auth.

Since I am currently using a JSON credential key (which I know has security risks), I’d like to make sure that, if the key is ever compromised, the service account linked to it has only access to the Google Sheets API.

Does anyone know how I can set up these restrictions? I’m relatively new to this and would prefer to stick to the console over the terminal if possible.

I appreciate you.
Clem

sahilnaircool

To minimize risks with the JSON credential key for your Google Sheets API access, you can limit your service account's permissions directly through the Google Cloud Console by following these steps :-

1. Restrict the Service Account’s Access

2. Set an OAuth Scope Restriction

3. Consider IAM Conditions for Extra Security

These steps should allow you to use the JSON key safely with minimal access exposure.

Clem

Thank sahilnaircool,

Any chance you could provide more detail (sub-steps) , especially for 1.

Thank you

sahilnaircool

Follow These Steps :-

Step 1 - Go to the IAM & Admin Console

Step 2 - Locate your service account in the list, then click the pencil icon to edit it

Step 3 - In the permissions panel, remove any roles you don’t need. Add the “Viewer” role specifically for the Google Sheets API, which will restrict the service account's access.

Clem

Hey sahilnaircool,

I don't think this would work since I need writing access to export my dataframe to Google Sheets. What I am trying to achieve is to limit this service account's access to other APIs (Bigquery, Cloud Storage, etc.)

Thanks again for your help.