I have 3 email directions (in GSuite) for automatic send email, let's say:
Actually I use a Service Account with Domain-wide Delegation enable, and with Gmail API Scope: https://www.googleapis.com/auth/gmail.send
I use service account for upload documents to Drive.
My code works as expected, I can send emails with Gmail API with this auth code:
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: f,
scope: g_scope
)
credentials.sub ='[email protected]'
credentials.fetch_access_token
My problem is that I want to restrict the users to only three. There is a way to select users for Service Account Delegation?
My problem is that I want to restrict the users to only three. There is a way to select users for Service Account Delegation?
No, you cannot restrict the service account to being authorized for only certain user accounts. You can restrict the service account to specific permissions (read email, send email, etc.).
From a security posture, you want to be careful with delegated accounts.
Note: Although you can use service accounts in applications that run from a G Suite domain, service accounts are not members of your G Suite account and aren’t subject to domain policies set by G Suite administrators. For example, a policy set in the G Suite admin console to restrict the ability of G Suite end users to share documents outside of the domain would not apply to service accounts.