Give drive permission to service account in Google Developer Console - node.js

I'm trying to create a Google service account which has access to a Drive folder so I can use google-spreadsheets to read and write to files in the folder. During development I created a service account under my unmanaged Google account. The user account has owner access. In order to be allowed access I needed to change the document sharing settings to public (with link access). For development this is no issue, but of course in production I do not want my data to be publicly accessible.
How do I make sure the service account has access to the document while it is not publicly shared (shared within organisation is preferred)? Setting it to organisation access only, the api gives me a 403 (Forbidden) code.

Service accounts are dummy users. You can take the service account email address and share a folder on your personal drive account with the service account. Give it write access and it will be able to read and write to this folder.
Just remember that when uploading to this folder you will need to have the service account grant your personal user access to the file or your going to have files on your drive account that you dont own and cant access.

Related

Can you export an SSRS Subscription to an Azure File Share

I created an Azure file share on a blob v1 storage account. I can connect to it from the OS on the report server, so I know the credentials are good, but when I configure a subscription via the reporting web site, it fails to connect, claiming "A log on error occurred when attempting to access the file share. The user account or password is not valid."
The azure account password is crazy long, so I'm wondering if it's having an issue storing it.
Any advice would be appreciated.
You will get the error if you don't offer the correct account and password (or even do not have an account) for file share. You could check the subscription setting, see here, and you need to make sure the account and password are all right. Also, you could store your azure account password in the tab.

Azure file share mapped drive with multiple usernames

I have created an azure file share and I was able to create mapped drive on my system , but I need to share different folders to different users
currently I have only one username which is the storage name provided by azure
By default mapping of an Azure File Share happens using SMB protocol that makes use of your storage account name/key.
However, you can also enable Azure Active Directory Domain Services (Azure AD DS) authentication over SMB for Azure Files which will let you grant granular NTFS permissions on folders and files inside a share to users.
Please visit this link for detailed instructions on how you can accomplish that: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-enable.

How to move an Azure application created under a personal account to a directory?

I have an application in Azure that's listed under 'App registrations' -> 'Applications from personal account' that I would like to move to a directory so other users in the company can manage it.
There's an info message that has this to say about personal account applications:
These applications are associated with the account xxxxxxxxxxxxx but
are not contained within any directory. They are shown here so you
can manage them, but will not be available to other users or admins in
this directory.
Is there any way to move it? I haven't been able to find any info on this, and seeing as it's in use in the wild by thousands of users I would prefer not to create a new one and have them re-authorize.
I have confirmed this with Azure support engineer. The answer is no. Here is the reply. Hope it helps.
Your applications were created in converged app portal by your
Microsoft account. After lab tested, the Apps owner cannot be changed
to a work account because the MSA account is not contained within any
AAD. The workaround would be re-create it in the new tenant for your
application.

Azure - restrict access to app service only

Ive created a website in Azure and I want to allow users to login and use the app, but im slightly confused by azure active directory access. I want users to only have acces to the web app, not to the portal. Users will be from within my organisation and from outside it so its vitally important that access is locked down, If a user somehow ends up at the azure portal they must not be able to access it. If I set users up in our active directory, wont they be able to login to the azure portal too ? I want to take advantage of authentication as a service and hand over authentication and multi factor authentication to azure but everytjhing Ive read so far seems to suggest If i use azure active directory, users will be able to acess the Azure portal too, is this correct or am i misinterpreting the information ? Are there any step by step guides available for these sorts of scenarios ?
If i use azure active directory, users will be able to acess the Azure
portal too, is this correct or am i misinterpreting the information ?
No, your users will not have access to Azure Portal (rather Azure Subscription as Azure Portal is an application using which a user manages one or more Azure Subscriptions) unless you grant them permission to access it. In order for your users to have access to Azure Portal, you would need to grant them permissions explicitly to do so. In the new portal, you do it by assigning roles (e.g. Owner, Contributor, Reader etc.) and in the old portal you do it by making them co-administrators.
Unless you do this, when they login into Azure Portal all they will see is a message stating no Azure Subscriptions were found.

Azure Web/API App - Mapping a shared drive

My Azure API app uses the new Windows File storage API.
In the startup on my Azure API app I need to map to a UNC path. The 3rd party application we integrate with needs to reference a local/UNC path for files.
In doing so I am getting a Error: ERROR_ACCESS_DENIED
Is it possible to map a UNC path to Azure File Store in a Web/API app?
If so - is it possible to run the app pool under an elevated account?
Or can I map this drive before using a different account somehow?
Its possible to add a UNC path to an Azure File.
You may getting an access denied due to different user contexts between file share creation and access. Please check out the Persist your storage account credentials for the virtual machine section in this article: https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-how-to-use-files/
Additionally, you could use canned user (storage account name, key) credentials to run the app pool.

Resources