Hi
I only start with FFS. My case can be described as "backup to google drive". And i see FFS asks a full access to all my files on google drive. Accordingly can i grant an access only to files created by FFS? Like "drive.files" scope instead "drive" scope how it works with other apps for example.
Change full access scope to google drive files
- Posts: 3
- Joined: 25 Apr 2025
-
- Posts: 2946
- Joined: 22 Aug 2012
I am not familiar with Google Drive, but from what you describe you are possibly able to use the FFS Include Filter for that purpose.
- Posts: 3
- Joined: 25 Apr 2025
Not quite. I don't want to give FFS access to the entire Google Drive. So that, for example, I don't delete something there with my clumsy actions. I would like to give access only to individual folders. Or use the Google Drive scope "drive.files" which gives the application access only to those files that it itself created. Which, in my opinion, is quite logical if I want to use FFS for backups to Google Drive.
- Posts: 162
- Joined: 5 Jan 2024
Hi,
Here are all of the instructions that you need to follow in the Google console to create the environment that you're interested in.
I don't think free file sync can work with a client ID and Secret and therefore be restricted to the environment that you created at Google.
Fear not. You can use the tool rclone to mount the Google Drive and tell it to use a specific client ID and Secret which is what you need to do to accomplish what you want to do.
Then point FFS to the mount point.
This is the scope you need to use.
https://www.googleapis.com/auth/drive.file
Go to the Google Cloud Console.
https://console.cloud.google.com
Yes, you can configure a Google Cloud project to have a Client ID and Secret with access limited to a single directory in Google Drive. Here's a step-by-step guide:
1. Create a New Google Cloud Project
Go to the Google Cloud Console.
Click Select a project > New Project.
Give it a name and create the project.
2. Enable Google Drive API
Inside your project, go to APIs & Services > Library.
Search for Google Drive API and enable it.
3. Create OAuth 2.0 Credentials
Go to APIs & Services > Credentials.
Click Create Credentials > OAuth 2.0 Client ID.
Configure the consent screen (for internal use, choose "Internal").
Set application type to Web application, desktop, or other as needed.
Note down the Client ID and Client Secret.
4. Set Restricted Scope for Directory Access
When requesting access tokens, specify a restricted scope.
To limit access to a specific folder, use the scope:
https://www.googleapis.com/auth/drive.file This grants access only to files created by or opened by the app.
To target a specific folder, store its folder ID and restrict file operations to that directory.
5. Share the Target Folder with the Service Account (If Needed)
If using a service account, share the Google Drive folder with that account’s email (found under IAM & Admin).
Use the Drive API to operate only within that shared folder.
Here are all of the instructions that you need to follow in the Google console to create the environment that you're interested in.
I don't think free file sync can work with a client ID and Secret and therefore be restricted to the environment that you created at Google.
Fear not. You can use the tool rclone to mount the Google Drive and tell it to use a specific client ID and Secret which is what you need to do to accomplish what you want to do.
Then point FFS to the mount point.
This is the scope you need to use.
https://www.googleapis.com/auth/drive.file
Go to the Google Cloud Console.
https://console.cloud.google.com
Yes, you can configure a Google Cloud project to have a Client ID and Secret with access limited to a single directory in Google Drive. Here's a step-by-step guide:
1. Create a New Google Cloud Project
Go to the Google Cloud Console.
Click Select a project > New Project.
Give it a name and create the project.
2. Enable Google Drive API
Inside your project, go to APIs & Services > Library.
Search for Google Drive API and enable it.
3. Create OAuth 2.0 Credentials
Go to APIs & Services > Credentials.
Click Create Credentials > OAuth 2.0 Client ID.
Configure the consent screen (for internal use, choose "Internal").
Set application type to Web application, desktop, or other as needed.
Note down the Client ID and Client Secret.
4. Set Restricted Scope for Directory Access
When requesting access tokens, specify a restricted scope.
To limit access to a specific folder, use the scope:
https://www.googleapis.com/auth/drive.file This grants access only to files created by or opened by the app.
To target a specific folder, store its folder ID and restrict file operations to that directory.
5. Share the Target Folder with the Service Account (If Needed)
If using a service account, share the Google Drive folder with that account’s email (found under IAM & Admin).
Use the Drive API to operate only within that shared folder.
- Posts: 3
- Joined: 25 Apr 2025
Hmm... It was a little bit difficult, but it looks like its work! Thanks.
- Posts: 162
- Joined: 5 Jan 2024
You're very welcome🙏.
