GAM Download user file - Permission denied - Urgent-

[J Rogers]

Good afternoon! 

We need to collect files from users, for specific purposes, but keep running into an odd problem and we're thinking the permissions are being denied due to the user account in a suspended state. The owner of the file is suspended, but the file exists within our drive. We don't want to add ourselves to the file in order to download the file, nor do we want to enable (un-suspend) the user in order to download the file.

Is there another way we can accomplish this task with GAM, without adding our accounts or enabling the user?

gam user user...@domain.com get drivefile -id "xXxXxXxXXxXXXxxxXXXx" format microsoft targetfolder /Users/path/folder targetname testfile

send: b'GET /drive/v3/files/....

...reply: 'HTTP/1.1 403 Forbidden\r\n'

...Download Failed: The user does not have sufficient permissions for this file.

Thank you very much in advance for your time and feedback!

Best Regards,

J. Rogers

[Ross Scroggs]

J,

Drop the -id

gam user user...@domain.com get drivefile "xXxXxXxXXxXXXxxxXXXx" format microsoft targetfolder /Users/path/folder targetname testfile

Ross

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/5e2482cd-dc90-4cce-ae0e-74148fc59c09n%40googlegroups.com.

--

Ross Scroggs

ross.s...@gmail.com

[Ross Scroggs]

J,

Do: gam user user...@domain.com show fileinfo  "xXxXxXxXXxXXXxxxXXXx" fields id,name,permissions

Ross

--

Ross Scroggs

ross.s...@gmail.com

[Ross Scroggs]

J

I can successfully download files from suspended users.

Ross

--

Ross Scroggs

ross.s...@gmail.com

[Ross Scroggs]

J,

gam user user...@domain.com show fileinfo  "xXxXxXxXXxXXXxxxXXXx" fields id,name,permissions,capabilities

What is the value of canDownload?

Ross

--

Ross Scroggs

ross.s...@gmail.com

[Ross Scroggs]

J,

Please send me a Meet/Zoom invitation and we can do some real-time investigation.

Ross

On Fri, Feb 26, 2021 at 1:22 PM J Rogers <jr96...@gmail.com> wrote:

The value for - canDownload: True. 

If a user state is not a blocker and the file is visible via the viewWebLink - Could the permissions issue be from the service accounts running the command? If yes, would I be looking at the API Scopes / Permissions for the service account?

Or, what would you recommend checking?

J

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/ebe09a3b-2325-444d-84ee-fdd6479c3ba0n%40googlegroups.com.

--

Ross Scroggs

ross.s...@gmail.com

[Ross Scroggs]

J,

The same service account scope to get the file info is the same as the one for downloading the file so that shouldn't be the problem.

https://www.googleapis.com/auth/drive                                     PASS (15/20)

You can do this: gam user us...@domain.com check serviceaccount

Ross

On Fri, Feb 26, 2021 at 1:22 PM J Rogers <jr96...@gmail.com> wrote:

The value for - canDownload: True. 

If a user state is not a blocker and the file is visible via the viewWebLink - Could the permissions issue be from the service accounts running the command? If yes, would I be looking at the API Scopes / Permissions for the service account?

Or, what would you recommend checking?

J

On Thursday, February 25, 2021 at 5:03:28 PM UTC-8 Ross Scroggs wrote:

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/ebe09a3b-2325-444d-84ee-fdd6479c3ba0n%40googlegroups.com.

--

Ross Scroggs

ross.s...@gmail.com

[Robert Smith]

Hi,

I also have this problem that I can't download files if user is suspended

gam user xxx get drivefile query " modifiedTime < '2016-01-01' and viewedByMeTime < '2016-01-01' and 'me' in owners and mimeType = 'application/vnd.google-apps.document' " targetfolder /Users/xxx/Documents/TEMP