Google Drive settings

Wevion's Creative Hub is backed by Google Drive via a Service Account (NOT individual user OAuth). All files are owned by the Service Account; visibility within Wevion is controlled by Wevion's RBAC (ch-109); external sharing is handled by Drive's permissions API (ch-105). Configured at workspace level — per-user OAuth is NOT available.

Who is this for

Admins setting up Wevion or troubleshooting Drive integration issues. Owners auditing the workspace's Drive setup.

The setup model

A Google Cloud project hosts a Service Account: an automated identity that Wevion uses to authenticate against Drive. The Service Account has its own Drive (Shared Drive) where Creative Hub files live.

Configuration:

• GOOGLE_SERVICE_ACCOUNT_EMAIL — env var with the service account's email

• GOOGLE_SERVICE_ACCOUNT_PRIVATE_KEY — env var with the private key for signing requests

Both are set at the Wevion deployment level (not in the UI). Workspace-wide; one service account per Wevion deployment.

Where to see it

/settings → Integrations → Google Drive shows:

For deeper setup walkthrough (env vars, Google Cloud project, Shared Drive), see com-113 Google Drive setup.

Why Service Account (not user OAuth)

Service Account trade-off: file ownership is the Service Account, not individuals. This means: users see files in Drive only if Wevion explicitly shared them (ch-105).

Admin actions

View status

Visit /settings → Integrations → Google Drive. Quick health view.

Trigger health check

Some Wevion versions show Re-check connection button. Calls Drive API; updates status badge.

View storage usage

Same page shows total + per-folder breakdown (top-level folders by size).

Rotate credentials

If service account credentials need rotation:

1. In Google Cloud Console: generate new private key for the service account

2. Update GOOGLE_SERVICE_ACCOUNT_PRIVATE_KEY env var in Wevion deployment

3. Restart Wevion services

4. Trigger health check

Coordinate with admin / DevOps — env var change requires deploy or restart.

Audit shared files

Drive sharing audit: query /api/v1/audit-logs?action=creative_share to see all active grants.

Limits + quotas

• Drive quota: depends on Google Workspace plan (Shared Drive has separate quota from individual users)

• API rate limits: Drive API has per-project quotas; Wevion respects them with retry + backoff

• Files per folder: Drive's max is 500K but Wevion's UI degrades past 1K per folder — subfolder!

• Concurrent operations: per-second limits on Drive API; bulk operations queued

Troubleshooting

Connection status "Error"

• Service account credentials expired or rotated without env update

• Service account lost Drive permissions (someone in Cloud Console removed it)

• Drive API quota exhausted for the day (rare)

Action: check /settings → Integrations → Google Drive status detail; coordinate with DevOps to verify env vars + Cloud Console.

Quota near full

• Files accumulate; periodic cleanup needed

• Delete old _archive folder contents

• Or upgrade Drive storage in Google Workspace

File operations slow

• Drive API latency spike

• Or high concurrent load (many users uploading simultaneously)

• Usually resolves on its own

"Permission denied" on file operations

• Service account lost write permission to the Shared Drive

• Service account email changed in Cloud Console without env update

Action: verify Service Account email matches in env + Cloud Console.

Common mistakes

• Trying to configure Drive in Wevion UI: not possible — it's env-var-based (deployment level)

• Sharing Service Account credentials: never share the private key; treat as a secret

• Switching Service Account without migration plan: existing files will become orphaned (new SA can't see old SA's files); coordinate carefully

• Expecting users to see all files in their personal Drive: they only see what Wevion explicitly shared via ch-105

Related

• Google Drive setup — full setup walkthrough

• Google Drive RBAC — two-layer permission model

• Share external — granting Drive access to specific files