Clone multiple teamdrives

Hello
In the rclone configuration file I have an account configured. This account has access to multiple teamdrives.
Can I clone teamdrives with only this account set up?
rclone copy p1:/data --drive-team-drive id-teamdrive-1 p1:/copy --drive-team-drive id-teamdrive-2
I've tried this but it's wrong
Am I required to configure all teamdrives in "config"?
I know that drive-team-drive affects both source and destination. Can't add 2?
Thank you for the help

For now - a single remote can't handle more than one team-drive. it can't understand the level above that (not yet at least - NCW said that might be possible in future).

You can define remotes on the fly in the command without putting them permanently in the config - but as you see you will start to get some problems if you try to do that for 2 remotes of identical types purely due to the flags being the same (which you can't make commandline understand).

Honestly the easiest solution may just be to make many remotes.

But if you can explain why this is important to you - perhaps I can offer a better alternative.
Is it because you need to do this via scripting or something?
If so there would be ways to create and destroy remote configs as you go - effectively achieving the same thing.

I have 30 accounts for duplicate teamdrive.
Then, I need create 30 accounts with "Check" team drive and If I want to add another teamdrive I will need to recreate 30 accounts, right?

Do you have 30 teamdrives - or 30 useraccounts that need to connect to the teamdrive?

If you know the teamdrive ID already then making new remotes can be very easy copypaste. A basic teamdrive remote can just be this:

[TD1]
type = drive
scope = drive
service_account_file = C:\rclone\SA.json
team_drive = xxxxxXXXXxxxXXXxxxXX

Example shown here using service-account rather than Oauth. Oauth will work fine too, but since that involves manually authorizing each Oath it may be far too cumbersome to do for loads of remotes. A SA could be set up once and used for them all - assuming this would be secure in your environment (which you have not detailed to me yet)

If it's 30 teamdrives for one user - then you could use a single Oauth that was the same across all remotes.

In either of those cases, you could copypaste that section as many times as you nee - make sure they all have unique names, and then only need to edit the teamdrive ID for each (as this determines which ofthe teamdrives connected to the account the remote will be using).

after that you can just
rclone sync TD1: T2:
for example.

Does this sound like a plan?

If not I can tell you how to programmatically create remotes ins scripting, but unless you are starting to talk about hundreds of them that seems a bit overkill way of going about it.

Lots of graces for help
Very interested in the option to create a json for all the drives and future teamdrives That I'd like to add
I have 2 or 3 teamdrives and multiple accounts (uploaded)
How i build this json file? Its from download credentials from cloud.google.com? This json is valid for other teamdrives? And other accounts that They have acces same teamdrive? it's possible in edu o simple account?

You can make service account from the cloud console.
check under:
IAM & admin --> service account

Let me clarify the difference between a service account and a user Oauth.

An Oauth is an authorization for some service (in this case rclone) to access a spesific users account. Confirmation is manual - as this is designed as a quick&easy way allow third-party software to access your account. Oauth keys time out and auto-refresh (under normal circumstances). They can at times fail to refresh if they haven't been used for a very long time and need re-authorization.

A service is account is not connected to a spesific user, but rather a spesific resource- like for example a spesific storage bucket (or sometimes just all resources within a spesific cloud project - it depends on the broadness of the role given to it).

Hopefully you understand the distinction between authorizing to an account (that may have permission to use a resource already), or authorizing directly to a resource. This means service accounts don't really need users to operate - and they are often used by scripts and robots. In rclone you can if you want make a service account impersonate (and effectively operate as) a certain user by logging in as them, so they are quite flexible from an advanced management standpoint. (one SA can do tasks for loads of users if needed).

Note that authorization is pre-generated (literally downloaded from the cloud dashboard), permanent (no expiry), and stored in a secure file. You lose the file the SA becomes useless and you will have to re-make. Also, you definitely don't want to get the file stolen, because as long as it's not shut down the file is the only thing anyone needs to authorize to your resource.

Thanks for the help
How create SA to a teamdrive?
I try follow manual but I've only gotten to the part of downloading the json key. After that part I don't know how to go on.
I put the file in a folder I put the data as you put in answer two and the next command
Rclone --drive-impersonate xxxx@xxxx.com lsd teamdrive:

Dont work

I would advice you open the json with a text editor.
Inside the file you will see an email address.
invite this email to your teamdrive and give it full user access - it will now have access.

The SA can technically be created from any account. I would create it with "no role".
Roles are mostly used to define access to Google Cloud resources. Google Drive is a different system - so we directly invite the account to the teamdrive to do this instead. "no role" will just leave it without any Google Cloud permissions, which is fine for this use.

This is the sort of information I'd rather you didn't discuss openly because such thgings are often part of "how to abuse the system" requests, and we don't do that here. Regular users should use Oauth. SAs are for systems engineers who need special setups. I share the info because you seem like you may actually need them for the sort of thing they were intended for,

Thank you so much for the help
Greetings

This line
I would advice you open the json with a text editor.
Inside the file you will see an email address.
invite this email to your teamdrive and give it full user access - it will now have access.
When i invite the email the command is the same?
Rclone --drive-impersonate xxxx@xxxx.com.....
Rclone --drive-impersonate bbbb@bbbb.com...
All emails have acces Through the json key?

No, you don't impersonate using that email you found in the SA file.
If you wanted to impersonate a user you'd use the users email. (or maybe I misunderstood you and that's what you meant).

If you invite the SA to the drive it won't have to impersonate anyone to gain access to files.
If you didn't invite it - impersonating a user would have been the alternative (as it would borrow that users permissions). But I think this might only be possible if you have admin-access to a Gsuite domain directly - because you need to change some settings there to allow "domain wide SA access". (you can see the documentation for instructions on this and what is required for impersonate with SAs).

Either will work fine (they both have situations where one is more appropriate), but direct SA access like I showed you is generally more flexible because then you are not limited to acting as a single user.

Thank you. Now I understand better.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.