I'm trying to disable download/print/copy content using the method setViewersCanCopyContent(false) and setWritersCanShare(false) when creating a file with a Service Account, but if I open the file in a browser that I'm not logged in in a Google account, I'm still able to execute those functionalities.
EDIT (added more info)
Here is how I am working: I have this service account and, also, I have what I've called a "service account owner", that is the email I used to create the service account in developer console > IAM. When I call my application, my code creates a folder in service account's Drive and then I move it to my service account owner's Drive and set it as owner (using setTransferOwnership(true)) - I use this approach because, as I could note, service account's Drive is not accessible via browser (only via API).
Then, when I create a file, I call setParents({FOLDER_ID}) where FOLDER_ID is the ID of the folder in service account owner's Drive. Then, when I login service account owner's Drive and select a file, I can see that the service account is the owner of the file and anyone with the link can view file, but everyone that can view the file, can also download/print/copy content.
Here is the code I'm using:
HttpTransport transport = GoogleNetHttpTransport.newTrustedTransport();
JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();
final Credential credential = new GoogleCredential.Builder()
.setTransport(transport)
.setJsonFactory(jsonFactory)
.setServiceAccountId({SERVICE_ACCOUNT_ID})
.setServiceAccountScopesArrays.asList(DriveScopes.DRIVE_METADATA_READONLY, DriveScopes.DRIVE, DriveScopes.DRIVE_FILE, DriveScopes.DRIVE_APPDATA)
.setServiceAccountPrivateKeyFromP12File(new File("{PATH_TO_P12_FILE}")
.build();
Drive drive = new Drive.Builder(transport, jsonFactory, credential)
.setHttpRequestInitializer(new HttpRequestInitializer() {
@Override
public void initialize(HttpRequest httpRequest) throws IOException {
credential.initialize(httpRequest);
httpRequest.setConnectTimeout(2 * 60000); // 2 minutes connect timeout
httpRequest.setReadTimeout(2 * 60000); // 2 minutes read timeout
}
})
.setApplicationName("{MY_APP}")
.build();
File fileMetadata = new File();
fileMetadata.setName("test.doc");
fileMetadata.setMimeType("application/vnd.google-apps.document");
fileMetadata.setViewersCanCopyContent(false);
fileMetadata.setWritersCanShare(false);
fileMetadata.setParents(Arrays.asList("{SERVICE_ACCOUNT_OWNER_FOLDER_ID}"));
File file = null;
try {
FileContent mediaContent = new FileContent("application/vnd.openxmlformats-officedocument.wordprocessingml.document", new java.io.File("{PATH_TO_FILE.doc}"));
file = this.drive.files()
.create(fileMetadata, mediaContent)
.setFields("id, webViewLink")
.execute();
} catch (IOException e) {
e.printStackTrace();
}
Permission readPermission = new Permission();
readPermission.setType("anyone");
readPermission.setRole("reader");
drive.getDrive().permissions().create(file.getId(), readPermission)
.execute();
Is it possible to disable these functionalities with a Service Account?
I noted that if I update file like this (after creation):
File updatedFile = new File();
updatedFile.setViewersCanCopyContent(false);
updatedFile.setWritersCanShare(false);
drive.files().update(file.getId(), updatedFile).execute();
Then it disables download/print/copy. I am still not able disable it on file creation, but this way is enough for my requirements.