Google Apps 管理员可以使用 Drive SDK 管理用户文件吗? [英] Can a Google Apps Admin manage users files with Drive SDK?
问题描述
新的 Drive SDK 非常适合经过身份验证的用户.是否可以使用 Drive SDK 使用 Google Apps 管理权限来模拟其他域用户?
The new Drive SDK is very good for the authenticated user. Is it possible use Drive SDK using Google Apps administrative access to impersonate other domain users?
doclist API 可以做到,但无法使用此工具管理和复制文件(pdf、jpg).
The doclist API can do it but it's not possible manage and copy files (pdf, jpg) with this tool.
我在这段代码中使用 Java:
I'm using Java with this code:
credential_origine = new GoogleCredential.Builder().setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId("[email from console api]")
.setServiceAccountScopes(DriveScopes.DRIVE)
.setServiceAccountUser("user@domain.com")
.setServiceAccountPrivateKeyFromP12File(new File("key.p12")).build();
但是当我尝试检索 user@domain.com 的数据时出现错误.如果我评论 .setServiceAccountUser("user@domain.com") 该代码适用于我用于创建密钥的同一帐户.
But I get an error when I try to retrieve data for the user@domain.com. If I comment .setServiceAccountUser("user@domain.com") the code works great for the same account I used for creating the key.
在旧的 DOCList API 中,我们通过请求的 URL 模拟了另一个用户.是不是类似的东西?
In the old DOCList API we impersonated another user by the URL of the requests. Is it something similar?
推荐答案
你可以使用 Service帐户并在构建断言声明时指定要模拟的用户.
You can do that using Service Accounts and specifying the user to impersonate when building your assertion claim.
在 API 项目中创建服务帐户密钥后(来自 APIs 控制台),您必须将此项目添加到 cPanel 中的授权第三方应用程序列表中.可以在此处找到更多信息.您需要使用的客户端 ID"是绑定到服务帐户密钥的 ID,类似于 <APP_ID>-<OTHER_KEY>.apps.googleusercontent.com
Once you have created a Service Account key in your API project (from the APIs Console), you will have to add this project to the list of authorized third party app in the cPanel. More information about this can be found here.
The "Client Id" you need to use is the one bound to the Service Account key and looks like <APP_ID>-<OTHER_KEY>.apps.googleusercontent.com
由于您要管理其他用户文件,因此您必须对 Drive 范围进行授权:https://www.googleapis.com/auth/drive.
Since you want to manage other users file, you will have to authorize the Drive wide scope: https://www.googleapis.com/auth/drive.
我们的大多数客户端库都负责为开发人员抽象声明生成.如果您可以指定您计划使用的语言,我可以通过提供代码片段来帮助您入门来更新此答案.
Most of our client libraries take care of abstracting the claim generation for developers. If you could specify which language your are planning to use, I can update this answer by providing a code snippet to help you get started.
这篇关于Google Apps 管理员可以使用 Drive SDK 管理用户文件吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
