I am having hard times understanding permission on the google drive api. With the current service account (owner role) with a broad scope (https://www.googleapis.com/auth/drive, which should cover all). I have no problems mainpulating files, files permissions, etc..
Once I get into the drive/teamDrive, things get stuck; everything is forbidden except listing.
Ex.:
https://developers.google.com/drive/api/v3/reference/drives/create
When trying, it invariably returns the following :
{
"error": {
"code": 403,
"message": "The user does not have sufficient permissions for this file.",
"errors": [
{
"message": "The user does not have sufficient permissions for this file.",
"domain": "global",
"reason": "insufficientFilePermissions"
}
]
}
}
According to the doc, the are no specific permissions for drive/teamDrive
A service account is its own entity sort of. It has its one drive account. In order to have access to a file it must be granted access to that file, either by having it shared with it or by setting up domain wide delegation via google workspace.
"The user does not have sufficient permissions for this file."
Means exactly that the user who you are authenticating with in this instance the service account user does not have access to the file.
So if you are using google workspace have the admin configure deligation just change all the admin stuff in that sample with google drive.
If its not workspace. Then open the google drive web app, find the file and share it with the service account. Open the service account key json file find the service account email address its the only one with a @ in it and share the file with that.