Hi,
So I have just hired a developer to help me add files from a google drive folder to a spreadsheet with transcribed text.
When granting access to both Make.com and including the google console Client ID and Client Secret, I came to wonder what I have actually given the developer access to?
Does he now have access to all my google drive folders and files?
Where can I restrict the access so that he only has access to one particular folder?
All help greatly appreciated.
PS: Im not a developer, coder or too familiar with make.com.
Hey Axel,
just to clarify - this issue has nothing to do with Make.com specifically. It would be best to head to a google forum instead to see about limiting access.
With that said, did you give them your credentials and your client ID and secret? Or did you create an account with limited access and used those credentials? Cause if you gave them yours, then they have access, yes.
Since we are usually on the other end of this interaction, we always include NDA agreements in our contracts and never start working until they are signed.
1 Like
Hello Stoyan,
Thank you so much for responding! You are probably right that the settings can be set inside google console.
I have created an account at make.com and then invited a consultant in as a team member.
He has been given the client id and secret from the google console. But, as I came to think about this I deleted the key and cancelled hit team member access.
I really dont want anyone to be able to access anything but the specific files/folders necessary for setting up the make.com scenario.
Do you know of any step-by-step instructions on how to set up the google api access so correctly in order to set up a make scenario that:
- Takes video files from a google drive folder
- Creates transcripts from them
- Ads transcript and video to a spreadsheet
- Automatically uploads the sheet into as draft in a social media manager(social pilot feks)
Best wishes,
Axel
I suppose you could create a new google user and share that folder specifically with them. Then get a client ID and client secret for that user. In this case they should only have access to the shared folder.
Then both the videos and the google sheet can live in that folder. This way any Make scenario made with that user’s credentials will only have data to the actual things it needs and nothing else in your account.
Hello Stoyan,
Thank you for responding!
Do you think that this is the standard protocol for setting up this scenario? It seems a bit heavy to having to create new google drive users, and maybe even subscriptions just to set up a scenario without risking being vulnerable in terms of privacy.
Hey Axel,
like I said - for us the standard protocol is to sign an NDA and then get full access either with the user account, or get invited with our own account. Maybe you can look into this and have your developer sign one. Usually we get invited to the Make workspace with our accounts and then the user creates connections to the necessary apps with their own accounts, so afterwards the scenarios are not dependent on us remaining within the organization.
But if you don’t want the developer to have access at all, then a user with restricted access is the way to go.