Domain SuperAdmin using AppScript getting error: API call to drive.teamdrives.insert failed with error: Insufficient permissions for this file

Question

I'm working on a Google App Script that needs to create new Google TeamDrives. I'm a superadmin at my domain and when I try to execute the code (written as suggested by App Script code completion), I get an error:

API call to drive.teamdrives.insert failed with error: Insufficient permissions for this file (line 288, file "Code")

I've been having difficulties finding documentation that deals strictly with App Script, so I'm trying to adapt the API method found here: https://developers.google.com/drive/api/v3/reference/drives/create

Obviously, instead of a direct http call, I use the App Script API as shown in the code below. Also, I've noticed that the API v3 uses the create method, rather than insert used in v2. The App Scripts still appear to be using the insert method. Replacing the insert with create results in an error message indicating the underlying API version is 2:

TypeError: Cannot find function create in object AdvancedServiceIdentifier{name=drive, version=v2}.

The insert method in v2 is very similar to create in v3: https://developers.google.com/drive/api/v2/reference/drives/insert

I had a similar error trying to retrieve permissions on existing drives and the solution was to pass "supportsAllDrives=true" argument with the request (using optional arguments parameter of the API call). Unfortunately, the "insert" method does not have a parameter I could use to pass optional arguments - the resource representation and the request ID are the only parameters of the "insert" method.

My code:

function createSharedDrive() {
  var resource = {
    name: "TestDriveChrisD6"
  };
  var drive = Drive.Teamdrives.insert(resource, "testRequestId_TestDriveChrisD6");
  Logger.log(JSON.stringify(drive)); // to see the result if it works eventually
}

I was hoping this API call would result in a response containing the drive representation, instead I get the error message:

API call to drive.teamdrives.insert failed with error: Insufficient permissions for this file (line 288, file "Code")

The line number in the error message is just my source code line number that contains the code:

var drive = Drive.Teamdrives.insert(resource, "testRequestId_TestDriveChrisD6");

What am I doing wrong? Should I call the http method by a direct request?

Answer 1

My problem has been solved as follows:

1. Going to Admin Console -> Apps -> G Suite -> Drive and Docs -> Sharing settings
2. In my domain at the "Shared drive creation" section the setting "Prevent users in <domain name> from creating new shared drives" is ON in the global domain settings and OFF (overridden) for Administrators Organizational Unit. It turns out my user was in the Administrators group, but not in the Administrators Organizational Unit. Moving my user to the admin OU fixed the problem.