Home > Software engineering >  Google Sheet API error The caller does not have permission
Google Sheet API error The caller does not have permission

Time:10-28

I am trying to access google sheet using a Service account in a .net core console application. I can read the google sheet from my personal account. It has no issues. But trying to access google sheet in an organizational domain, it says Don't have permission to access the sheet. I have shared the google sheet with the service account.

   GoogleCredential credential;
            using(var stream = new FileStream("client_secret.json",FileMode.Open,FileAccess.Read))
            {
                credential = GoogleCredential.FromStream(stream).CreateScoped(Scopes);

            }
            
            service = new SheetsService(new Google.Apis.Services.BaseClientService.Initializer()
            {
                HttpClientInitializer = credential,
                ApplicationName = ApplicationName,
            });



  var range = $"{Sheet}!A:F";
           
            var request = service.Spreadsheets.Values.Get(SpreadsheetId, range);
            var response = request.Execute();

But It throws a permission error on execution. Is there any way to access using the organization domain? is it because the organization restricts users to access files from the organization's domain only

CodePudding user response:

The reason you are receiving the access is due to the organization's policies, the reason you stated yourself too.

Service accounts are a special kind of account used by an application, not a person and they do not belong to your Google Workspace domain, unlike user accounts.

A method for this would be to use the service account in order to delegate domain wide authority. What does this mean? Well, essentially, you would end up impersonating a user in the domain which has access to the sheet and execute the request at this user through the service account.

However, the access to this service account needs to be granted by the admin of the domain and not by a regular user. The steps for performing this operation can be found here.

Reference

  • Related