Problem Description
Due to recent changes in Google policies, service accounts created after 15 April 2025 are no longer able to store files in personal Google Drive (even with proper sharing settings).
Currently, service accounts can only write to Shared Drives, which requires an enterprise or organizational Google Workspace account.
References:
- Shared drives overview
Service accounts don't have storage quota and can't own any files. Instead, they must upload files and folders into shared drives, or use OAuth 2.0 to upload items on behalf of a human user.
Possible Alternative
A feasible workaround is using OAuth 2.0 authorization, which allows users to access their own Google Drive with their personal accounts.
This way, files can still be stored directly in a personal Google Drive.
Feature Request
Would it be possible to add support for OAuth 2.0 authentication as an alternative to service accounts?
Reference Email from Google
The following email was originally shared on the rclone forum:
[Action Advised] Review the creation of new Google Cloud IAM service accounts using Workspace Storage
Hello Google Cloud customer,
We're writing to inform you about upcoming changes to how Google Cloud Identity and Access Management (IAM) service accounts interact with Google Workspace Storage. You are receiving this message because your organization may have used these accounts with Workspace APIs or Workspace Storage.
Previously, Google Cloud IAM service accounts had access to 15 GB of Google Workspace Storage. However, because they aren't directly managed by administrators, any new service accounts created after April 15, 2025, won't receive this storage. Existing service accounts created before this date will retain their storage.
What you need to know
- Starting April 15, 2025 for new Service Accounts:
- New service accounts will not be able to own any Drive items.
- At this time, Google Workspace will maintain access to the My Drive of pre-existing service accounts to allow customers to keep existing internal workflows and services that rely on this storage without needing to migrate to other methods for automatic item creation.
- Note: Items directly owned by service accounts do not adhere to the Google Workspace admin settings and policies since service accounts are not managed users within your Google Workspace domain.
What you need to do
- We recommend that you migrate workflows and services using the Drive storage of existing service accounts for governance and security purposes.
- To be able to upload items to Drive with service accounts created after April 15, 2025:
- Upload items to Shared Drives
- Set up OAuth consent to upload items on behalf of a human user
- Use impersonation via domain wide delegation
We’re here to help
We understand that making this change may require some planning. If you have any questions or require assistance navigating this change, please feel free to contact Google Workspace support or review the Workspace Help Center.
Thanks for choosing Google Cloud.
Problem Description
Due to recent changes in Google policies, service accounts created after 15 April 2025 are no longer able to store files in personal Google Drive (even with proper sharing settings).
Currently, service accounts can only write to Shared Drives, which requires an enterprise or organizational Google Workspace account.
References:
Possible Alternative
A feasible workaround is using OAuth 2.0 authorization, which allows users to access their own Google Drive with their personal accounts.
This way, files can still be stored directly in a personal Google Drive.
Feature Request
Would it be possible to add support for OAuth 2.0 authentication as an alternative to service accounts?
Reference Email from Google
The following email was originally shared on the rclone forum: