New to GAM, Need Help to Transfer Ownership

[Sarah Poulin]

I was getting the error "Sorry, you have exceeded your sharing quota." when I was trying to transfer ownership in Google Drive. That brought me to this post so I installed and configured GAM (I'm on Ubuntu). I am trying to do the following:

Super Admin: Has the main storage of files under My Drive > Storage and shared Storage with Other User.

Other User (not an admin): Can access Storage under Shared with me.

I am trying to transfer ownership of thousands of files from Other User to to Super Admin so Super Admin has all the files (and ownership) in My Drive.

I don't understand how to configure GAM to allow Other User access to the Shared with me folder and transfer the ownership. I attempted to set up "Domain-wide Delegation" in the Workspace Admin Console, but I kept getting:

```

WARNING: Config File: /home/myuser/.gam/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /home/myuser/.gam/oauth2.txt, Not Found

```

So then I ran `gam oauth create` and it asked for the administrator account, so I put in Super Admin's email address. If I try to run any kind of query for Other User, I get something like:

```

ERROR: Service Account OAuth2 File: /home/myuser/.gam/oauth2service.json, Does not exist or has invalid format, Unable to load PEM file. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details. MalformedFraming
Please run

gam create|use project
gam user <user> update serviceaccount

to create and authorize a Service account.

```

If I run `gam user <user> update serviceaccount`, I get the same error. I'm really lost. How do I authorize Other User to be able to transfer ownership?

[Sarah Poulin]

Thanks so much to Ross Scroggs for helping me! I have 8558 files/folders that need to transfer ownership, and it would have taken SO LONG TO DO if I could only do 20 at a time, waiting 24 hours in between because of Google's frustrating policies.

There were a couple of issues. For one thing, my setup wasn't configured properly. In Authorize Service Account Key Uploads in Organization Policies where I was to type `iam.managed.disableServiceAccountKeyUpload` in the filter, I needed to also needed to override the parent policy for iam.disableServiceAccountKeyUpload as well (not just iam.managed.disableServiceAccountKeyUpload).

Then I could run `gam upload sakey`. I was properly authorized and connected after this, verifying with `gam user super...@domain.com show fileinfo <filepathkeyfromdrive> fullpath` which showed the folder information for my folder that I wanted to claim ownership for (and everything in it).

Then I took the nuclear option and did `gam user super...@domain.com claim ownership query "'<filepathkeyfromdrive>' in parents" keepuser retainrole none` to claim full ownership of everything in that folder, recursively.