如何 select 一些用户对 Gsuite 服务帐户进行非个性化
How to select some users for impersonalize Gsuite service account
我有 3 个电子邮件指示(在 GSuite 中)用于自动发送电子邮件,比方说:
- emai1@domain.com
- email2@domain.com
- email3@domain.com
实际上,我使用的是启用全域委派的服务帐户,以及 Gmail API 范围:https://www.googleapis.com/auth/gmail.send
我使用服务帐户将文件上传到云端硬盘。
我的代码按预期工作,我可以使用 Gmail API 使用此授权码发送电子邮件:
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: f,
scope: g_scope
)
credentials.sub ='email1@domain.com'
credentials.fetch_access_token
我的问题是我想将用户限制为只有三个。有办法让 select 用户进行服务帐户委派吗?
My problem is that I want to restrict the users to only three. There
is a way to select users for Service Account Delegation?
不,您不能将服务帐户限制为仅对某些用户帐户授权。您可以将服务帐户限制为特定权限(阅读电子邮件、发送电子邮件等)。
从安全角度来看,您要小心委托帐户。
Note: Although you can use service accounts in applications that run
from a G Suite domain, service accounts are not members of your G
Suite account and aren’t subject to domain policies set by G Suite
administrators. For example, a policy set in the G Suite admin console
to restrict the ability of G Suite end users to share documents
outside of the domain would not apply to service accounts.
我有 3 个电子邮件指示(在 GSuite 中)用于自动发送电子邮件,比方说:
- emai1@domain.com
- email2@domain.com
- email3@domain.com
实际上,我使用的是启用全域委派的服务帐户,以及 Gmail API 范围:https://www.googleapis.com/auth/gmail.send
我使用服务帐户将文件上传到云端硬盘。
我的代码按预期工作,我可以使用 Gmail API 使用此授权码发送电子邮件:
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: f,
scope: g_scope
)
credentials.sub ='email1@domain.com'
credentials.fetch_access_token
我的问题是我想将用户限制为只有三个。有办法让 select 用户进行服务帐户委派吗?
My problem is that I want to restrict the users to only three. There is a way to select users for Service Account Delegation?
不,您不能将服务帐户限制为仅对某些用户帐户授权。您可以将服务帐户限制为特定权限(阅读电子邮件、发送电子邮件等)。
从安全角度来看,您要小心委托帐户。
Note: Although you can use service accounts in applications that run from a G Suite domain, service accounts are not members of your G Suite account and aren’t subject to domain policies set by G Suite administrators. For example, a policy set in the G Suite admin console to restrict the ability of G Suite end users to share documents outside of the domain would not apply to service accounts.