I wrote a tutorial on how to use GCP Service Accounts with Apps Script automations

[Jeffrey Daube]

Apps Script Community

Good day.  I just published on a tutorial on Medium that may be useful; also, I am always interested in any and all feedback:

https://medium.com/@daubejb/how-to-use-gcp-service-accounts-with-google-apps-script-projects-to-automate-actions-in-g-suite-7020a520bef7

Here is the Introduction:

My work associates create amazing automations in Google Apps Script that empower their own productivity. Naturally, they want to share the work with their peers; however, they struggle due to security and permissions. This tutorial will use a simple case study of generating a Google Slides presentation based on the input gathered in a Google Form. Although this case study is basic, the pattern of obtaining structured information using a form to then inject that information in a template can be extended to many use cases. This tutorial will:

• Define a service account
• Introduce a sample automation as a case study
• Provide instructions to setup the basic automation
• Provide instructions to create a GCP Project, create a service account, enable the Drive API, and create an API key
• Provide instructions to add the Google OAuth2 Library to the Apps Script project
• Provide instructions to incorporate the service account in Apps Script
• Conclude with a comparison between the basic and service account automations

Thank you

Jeff

[Martin Hawksey]

Thanks for sharing Jeff - I've added a link to your post to AppsScriptPulse  https://pulse.appsscript.info/p/2020/01/how-to-use-gcp-service-accounts-with-google-apps-script-projects-to-automate-actions-in-g-suite/

--
You received this message because you are subscribed to the Google Groups "Google Apps Script Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-script-c...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/f4e84ccd-1879-43a8-baf0-da81051e9e68%40googlegroups.com.

--

Martin Hawksey

Google Expert (Apps Script)

Tw: @mhawksey

Latest tweet (see how):

My little downtime project this year is to use #GoogleAppsScript to send some personalised images extending the G Suite based bulk email solution I shared earlier in the year... #GSuiteDevs https://t.co/mTHKQsULxT

— Martin Hawksey #altc (@mhawksey) December 24, 2019

[Jeffrey Daube]

Martin

Awesome!  Thank you sir

Jeff

[Alan Wells]

It looks like the service account set up that you are describing is for use only within a domain, and the code is also in a Shared Drive.  What is the advantage of using both the Shared Drive and a Service account?  Could this also be done with just a Shared Drive, or just a Service Account?  The Shared Drive is not user specific, and the Service account is hidden I guess.  I know that one advantage is to avoid disruptions from depending upon a user account that could become inaccessible if the user leaves, even though I guess the administrator could still get the file, but they'd need to re-deploy it if they wanted to disable the user account.

[Jeffrey Daube]

Alan

Great questions.  Attempted answers below in blue:

"What is the advantage of using both the Shared Drive and a Service account?"

Exactly right about use within a GCP / G Suite domain.  Using both the Shared Drive and the Service Account in conjunction provides the most protection against losing both the Apps Script file, the template file, and the files generated from the template.  All files created on OR moved to a Shared Drive are owned by the Shared Drive --> thus removing the exercise of transferring ownership upon associate departure.

The best reason to use the service account is to have the files created in the name of the Application / Service Account (example, "Pitch Generator" in the case of creating automated sales pitches from something like Salesforce)

"Could this also be done with just a Shared Drive, or just a Service Account?"

This solution could be leveraged without the Shared Drive; however, if you remove the Service Account, the generated files will always be initially owned by a discrete user.  Also---using a service account allows extending the use case.  The service account can be granted access to entire systems; whereas, you may not want to grant the same access to a named user.

Thank you

Jeff

--
You received this message because you are subscribed to a topic in the Google Groups "Google Apps Script Community" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-script-community/7LrAgNYI-jg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-script-c...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/6a484f7e-16d1-488d-810d-a2a5dee8a3e1%40googlegroups.com.

--

Sincerely

Jeffrey B. Daube

7920 Belgium Drive

Raleigh, NC  27606

703.674.6055
dau...@gmail.com

[Alan Wells]

I understand better now.  If you looked at the ownership of a file created by the Service Account, what would it have as the setting for the owner?  No owner?  Owned by an App?  Owned by the shared drive?

To unsubscribe from this group and all its topics, send an email to google-apps-script-community+unsub...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/6a484f7e-16d1-488d-810d-a2a5dee8a3e1%40googlegroups.com.