I am working against the Google drive API and would like to allow my users to fetch the name of a given file by ID from any shared drive within their GSuite organization.
I am using a service account to authenticate and have granted my service account user the appropriate permissions/scopes within the organization's admin console:
https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/admin.directory.group.readonly https://www.googleapis.com/auth/admin.directory.group.member.readonly https://www.googleapis.com/auth/admin.directory.domain.readonly https://www.googleapis.com/auth/drive
Because the admin user of the account does not have access to every file in every Drive, requests attempting to find a single file by fileID will fail if the admin user does not have access. It seems that the only way to query for this specific file would be to find a user that has access to each Shared Drive and then query that Shared Drive for the fileID to see if it exists.
For example, if I query Drives:list with the admin user setting useDomainAdminAccess = true I am able to see all of the Drives within the organization (including ones I do not have access to as the admin).
If I attempt to list files from those Drives using Files:list with the following code.
corpora=drive&driveId={xxxxx}&includeItemsFromAllDrives=true&includeTeamDriveItems=true
I'll receive a 403 and an error stating:
{ "message": "The attempted action requires shared drive membership." }
From the documentation there does not seem to be an analogue to useDomainAdminAccess when querying against files.
If the admin user cannot access files on these Drives, is the only method to retrieve them to find a user that has access to the Drive while impersonating as them?
Shared Drives are owned by the OU itself, not by any user. They can be assigned managers though, which may or may not include the domain admin. Also keep in mind the shared drive settings for the OU are governed by the super admin, who could set preventive rules for managers of shared drives in the OU. Taking the above into account, your question "If the admin user cannot access files on these Drives, is the only method to retrieve them to find a user that has access to the Drive while impersonating as them" I would say that is true if you don't want to make the admin a manager of the drive.
See https://support.google.com/a/answer/7337554?hl=en for Shared drives access levels.