1

I am trying to access google sheet using a Service account in a .net core console application. I can read the google sheet from my personal account. It has no issues. But trying to access google sheet in an organizational domain, it says Don't have permission to access the sheet. I have shared the google sheet with the service account.

   GoogleCredential credential;
            using(var stream = new FileStream("client_secret.json",FileMode.Open,FileAccess.Read))
            {
                credential = GoogleCredential.FromStream(stream).CreateScoped(Scopes);

            }
            
            service = new SheetsService(new Google.Apis.Services.BaseClientService.Initializer()
            {
                HttpClientInitializer = credential,
                ApplicationName = ApplicationName,
            });



  var range = $"{Sheet}!A:F";
           
            var request = service.Spreadsheets.Values.Get(SpreadsheetId, range);
            var response = request.Execute();

But It throws a permission error on execution. Is there any way to access using the organization domain? is it because the organization restricts users to access files from the organization's domain only

Milad Dastan Zand
  • 1,062
  • 1
  • 10
  • 21
Tech sghave
  • 13
  • 1
  • 4

1 Answers1

1

The reason you are receiving the access is due to the organization's policies, the reason you stated yourself too.

Service accounts are a special kind of account used by an application, not a person and they do not belong to your Google Workspace domain, unlike user accounts.

A method for this would be to use the service account in order to delegate domain wide authority. What does this mean? Well, essentially, you would end up impersonating a user in the domain which has access to the sheet and execute the request at this user through the service account.

However, the access to this service account needs to be granted by the admin of the domain and not by a regular user. The steps for performing this operation can be found here.

Reference

ale13
  • 5,679
  • 3
  • 10
  • 25
  • thanks for quick response. But it works for personal account. So google meant service account with out domain delegation only for personal use ? @ale13 – Tech sghave Oct 27 '21 at 10:19
  • Using a personal account is different from a service account - so of course you are not receiving the error, because the request is executed as yourself. The main purpose of service accounts is to impersonate another user in the domain. Simply creating a service account is not enough as this will essentially act like any other account with the mention that you **cannot** log into it. – ale13 Oct 27 '21 at 10:51