0

I have a Google Workspace account and am a Super Admin on the domain I want to pull together a list of all files owned by all users using Google Apps Script so I can use the triggers to run it every day to update the numbers

I have a script that gets all users and loops through each user to get a list of files where the user is the owner using the Drive API. This works, however it doesn't get all the files a user owns, just the files that the account running the script has access to that are owned by the user. For example user1@domain.com has 712 files, 12 of which are shared with admin@domain.com. When admin@domain.com runs the script the API returns 12 files for user1@domain.com. If user1@domain.com runs the script the API returns all 712 files.

This is the section of script I currently have:

  // Get all users in the domain
  do {
    page = AdminDirectory.Users.list({
      domain: myDomain,
      orderBy: 'givenName',
      maxResults: 100,
      pageToken: pageToken
    });
    const users = page.users;
    
    if (!users) {
      console.log('No users found.');
      return;
    }
    
    // For each user, count the number of file types
    for (const user of users) {
      
     // set the query to look for all files onwed by the user and not trashed
     const query = '"' + user.primaryEmail + '" in owners and trashed = false';
     
     // Clear the filesAll array, the files holding array, the counter and the pageToken ready for the next user
      const filesAll = [];
      let files;
      let fileCount = 0;
      let pageToken2;
      do {
        try {
          files = Drive.Files.list({
          q: query,
          corpora: 'allDrives',
          includeItemsFromAllDrives: true,
          supportsAllDrives: true,
          maxResults: 100,
          pageToken: pageToken2
          });

So what I think I need to do is to run the Drive API "as the user" and not as the admin, is this possible? I found the script and service account in Cloud Platform and got the Client ID then added this to Domain Wide Delegation, so that side is done, it is just how I tell the script to access the Drive API as the user and not as the Admin, there doesn't seem to be an option to do that in the API itself from within Apps Script.

I have tried googling for a solution, but the only things I have found are very old and use features no longer available, or else give options for using something other than Apps Script

user22221368
  • 1
  • I would drop app script and use a service account with domain wide deligation configured I think you will have better luck – Linda Lawton - DaImTo Jul 13 '23 at 13:52
  • @LindaLawton-DaImTo thanks for your reply. Would dropping Apps Script provide some other way of passing the username to the Drive API? I don't understand how changing the app used would open up the API more? Also, what would you recommend as an alternative for a beginner such as myself? Thank you – user22221368 Jul 17 '23 at 10:27
  • by using a service account you can configure domain wide deligation which will allow you to access any user on the domain by simply supplying the user to impersonate you won't need to authorize it. sorry I am mobile so can't give you an example right now – Linda Lawton - DaImTo Jul 17 '23 at 12:46
  • Appreciate your help @LindaLawton-DaImTo, I have setup a Service Account and configured Domain Wide Delegation for that account in the admin console. I am struggling with the "simply supplying the user to impersonate" part, the Developer API pages don't give details on how to do this. Am I missing a parameter to pass the service account details or something? – user22221368 Jul 25 '23 at 08:30
  • 1
    Ignore that, found a way to do it using https://stackoverflow.com/questions/64863335/google-service-accounts-api-i-keep-getting-the-error-access-not-granted-or - once I realised I needed the actual key and not the Key ID then it worked! Now I just need to incorporate that into my code to make it all work – user22221368 Jul 25 '23 at 08:55
  • glad to hear you got it working maybe post an anwser to help someone else in the future? – Linda Lawton - DaImTo Jul 25 '23 at 15:37

0 Answers0