What are Service Accounts (SA)? How to create Service Accounts Google Drive

By Posted on

What are Service Accounts?

Google offers us with 4 sorts of accounts to deal with and use Google Cloud Platform sources:

  • Google Account ( abc@gmail.com )
  • Google Workspace Account (earlier G Suite) ( abc@companyname.com )
  • Group Account ( abc@googlegroups.com )
  • Service Account ( abc@cloud-service.gserviceaccount.com )

Service Accounts are Service Accounts

  • Service Accounts has no password and cannot be logged in by means of browsers or cookies.
  • Service Accounts are associated to a personal/public RSA key pair used to authenticate with Google.
  • You presumably can allow totally different prospects or Service Accounts to impersonate Service Accounts.
  • Service accounts mustn’t members of your Google Workspace space, in distinction to particular person accounts. Must you share Google Workspace content material materials, much like paperwork or events, with all members of your Google Workspace space, they will not be shared with service accounts. Equally, Google Workspace content material materials created by a service account is not created in your Google Workspace space. Due to this, your Google Workspace and Cloud Id admins can’t private or deal with these property.

Why use Service Accounts (SA)?

The Service Accounts might be utilized to beat the prohibit add 750GB / day set by Google in Google Drive. Which suggests it’s best to use them so as to add higher than 750Gb per day, copy plenty of of knowledge…

Each Service Accounts has a 750Gb daily add prohibit. You presumably can create as a lot as 100 SA per Enterprise on Google Cloud. So with just one Enterprise, you could add/copy as a lot as 75Tb a day!

Instructions for creating Service Accounts

  1. First, go to Google Cloud Console and for individuals who don’t have a endeavor, create a model new one
  2. Then, activate Google Drive API up
  3. Go to OAuth Consent Show and select “ Exterior ” after which click on on “ Create
  4. Fill inside the required data (with a crimson *) and click on on “ Save and Proceed ” 3 events (the “Scopes” and “Check out prospects” sections do not enter one thing)
  5. Click on on Publish and Validate
  6. Go to Credentials tab , click on on on “ Create Credentials ” select “ OAuth shopper ID ”, then select “ Desktop app
  7. Click on on the acquire button to the appropriate of your OAuth Client IDs and save as: credentials.json
  8. Get hold of and arrange Python in your laptop and procure this script to the folder the place the file credentials.jsonwas beforehand.
  9. Create a folder with the title “ accounts ” (created accounts might be downloaded proper right here)
  10. To run the script, acquire the requirements.txt file and run the pip3 arrange -U -r requirements.txt

Observe: To create a service account you might need diverse selections, nevertheless evidently one SA can clone 750Gb a day and 1 endeavor generate 100 SA, so 750 * 100 = 75Tb a day. Creating additional is just not going to be.

Should you want to create some SAs using current Duties (with out creating additional Duties), run the command py gen_sa_accounts.py –quick-setup -1

⚠️ It’ll overwrite current SAs.

To create SA by making a model new Enterprise, run the command: py gen_sa_accounts.py –quick-setup 1replace “1” with the number of Enterprise you want to create

⚠️This command creates SA in all current Duties, even these which have been deleted.

Add Service Accounts to Shared Drives

To deal with and manipulate data (copy, duplicate, and plenty of others.) to Shared Storage with Service Accounts, it’s important to create a Google Group

Then get the Service Accounts e mail cope with in one in all many following strategies:

Method 1:

Arrange Email correspondence Extractor extension in your browser: For Chrome | For FireFox
Go to Google Cloud Console , Select Enterprise with Service Accounts and go to Credentials tab (you’ll discover Service Accounts)
Scroll to the underside of the net web page and see “ Rows per internet web page: ” select 100

Then open Extension Email correspondence Extractor and duplicate all e mail addresses (apart from your e mail), lastly add them to the Google Group merely created.
Observe: In 24 hours you could solely add 100 SA/member to a Google Group.

Lastly, add your Google Group e mail cope with to your Shared Storage!

Method 2:

On Residence home windows

Open PowerShell and sort cd to the folder containing the SA file (.json file)
Run command: $emails = Get-ChildItem .**.json |Get-Content material materials -Raw |ConvertFrom-Json |Select -ExpandProperty client_email >>emails.txt
On Linux/MacOs

Run command: grep -oPh ‘”client_email”: “Okay[^”]+’ *.json > emails.txt
Accomplished:

Open the knowledge emails.txt, copy all e mail addresses to the Google Group merely created.
Observe: In 24 hours you could solely add 100 SA/member to a Google Group.

Lastly, add your Google Group e mail cope with to your Shared Storage!

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements