Update limited command data access

wiki/Command-Data-From-Google-Docs-Sheets-Storage.md

@@ -83,14 +83,20 @@ gam csv gsheet you@exmaple.com <DriveFileIDEntity> "Sheet 1" gam create user fir
 
 ## Limited Service Account Access
 If you want to disable a user's service account access to Drive and Sheets but still allow reading command data from Google Docs and Sheets,
-issue the following command and make these settings:
+issue the following commands. The admin specified in `gam oauth create` can read command data from Docs and Sheets to which it has access.
 ```
-gam user user@domain.com update serviceaccount
+gam config commanddata_clientaccess true save
+gam oauth create
+Enable the following and proceed to authorization.
 
-[ ] 20)  Drive API (supports readonly)
-[*] 21)  Drive API - read command data
-[ ] 42)  Sheets API (supports readonly)
-[*] 43)  Sheets API - read command data
+[*] 42)  Drive API - commanddata_clientaccess
+[*] 54)  Sheets API - commanddata_clientaccess
+```
+In these options, the `<EmailAddress> is not used, but for clarity you may want to specify the
+email address of the  admin specified in `gam oauth create`.
+```
+gdoc <EmailAddress> <DriveFileIDEntity>|<DriveFileNameEntity>|(<SharedDriveEntity> <SharedDriveFileNameEntity>)
+gsheet <EmailAddress> <DriveFileIDEntity>|<DriveFileNameEntity>|(<SharedDriveEntity> <SharedDriveFileNameEntity>) <SheetEntity>
 ```
 
 ## Read data from a Google Cloud Storage File

wiki/GamUpdates.md

@@ -10,6 +10,29 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
 
 See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
 
+### 7.25.00
+
+Removed a capabilty added in 7.24.00 that allowed reading command data from Google Docs and Sheets
+when a user's service account access to Drive and Sheets had been disabled. Jay was concerned
+that this change could be exploited to give access to all user's files.
+
+This capability has been replaced by issuing the following commands. The admin specified in `gam oauth create`
+can read command data from Docs and Sheets to which it has access.
+```
+gam config commanddata_clientaccess true save
+gam oauth create
+Enable the following and proceed to authorization.
+
+[*] 42)  Drive API - commanddata_clientaccess
+[*] 54)  Sheets API - commanddata_clientaccess
+```
+
+* See: https://github.com/GAM-team/GAM/wiki/Command-Data-From-Google-Docs-Sheets-Storage#limited-service-account-access
+
+Fixed in bug in `gam report` that caused a trap with either of the `thismonth` or `previousmonths` options were used.
+
+Upgraded to Python 3.14.0.
+
 ### 7.24.01
 
 Updated GAM to handle the following error that occurs when GAM tries to authenticate

wiki/How-to-Upgrade-Legacy-GAM-to-GAM7.md

@@ -252,9 +252,9 @@ writes the credentials into the file oauth2.txt.
 admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
 admin@server:/Users/admin$ gam version
 WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
-GAM 7.24.01 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.25.00 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
-Python 3.13.7 64-bit final
+Python 3.14.0 64-bit final
 macOS Tahoe 26.0.1 x86_64
 Path: /Users/admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -990,9 +990,9 @@ writes the credentials into the file oauth2.txt.
 C:\>del C:\GAMConfig\oauth2.txt
 C:\>gam version
 WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
-GAM 7.24.01 - https://github.com/GAM-team/GAM - pythonsource
+GAM 7.25.00 - https://github.com/GAM-team/GAM - pythonsource
 GAM Team <google-apps-manager@googlegroups.com>
-Python 3.13.7 64-bit final
+Python 3.14.0 64-bit final
 Windows-10-10.0.17134 AMD64
 Path: C:\GAM7
 Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com

wiki/Todrive.md

@@ -336,10 +336,10 @@ issue the following command and make these settings:
 gam user user@domain.com update serviceaccount
 
 [ ] 20)  Drive API (supports readonly)
-[*] 22)  Drive API - write todrive data
+[*] 22)  Drive API - write todrive data - has access to all Drive
 [*] 31)  Gmail API - Send Messages - including todrive
 [ ] 42)  Sheets API (supports readonly)
-[*] 44)  Sheets API - write todrive data
+[*] 44)  Sheets API - write todrive data - has access to all Sheets
 ```
 
 ## No Service Account Access

wiki/Version-and-Help.md

@@ -3,9 +3,9 @@
 Print the current version of Gam with details
 ```
 gam version
-GAM 7.24.01 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.25.00 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
-Python 3.13.7 64-bit final
+Python 3.14.0 64-bit final
 macOS Tahoe 26.0.1 x86_64
 Path: /Users/Admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -15,9 +15,9 @@ Time: 2023-06-02T21:10:00-07:00
 Print the current version of Gam with details and time offset information
 ```
 gam version timeoffset
-GAM 7.24.01 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.25.00 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
-Python 3.13.7 64-bit final
+Python 3.14.0 64-bit final
 macOS Tahoe 26.0.1 x86_64
 Path: /Users/Admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -27,9 +27,9 @@ Your system time differs from www.googleapis.com by less than 1 second
 Print the current version of Gam with extended details and SSL information
 ```
 gam version extended
-GAM 7.24.01 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.25.00 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
-Python 3.13.7 64-bit final
+Python 3.14.0 64-bit final
 macOS Tahoe 26.0.1 x86_64
 Path: /Users/Admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -68,7 +68,7 @@ MacOS High Sierra 10.13.6 x86_64
 Path: /Users/Admin/bin/gam7
 Version Check:
   Current: 5.35.08
-   Latest: 7.22.00
+   Latest: 7.25.00
 echo $?
 1
 ```
@@ -76,7 +76,7 @@ echo $?
 Print the current version number without details
 ```
 gam version simple
-7.22.00
+7.25.00
 ```
 In Linux/MacOS you can do:
 ```
@@ -86,9 +86,9 @@ echo $VER
 Print the current version of Gam and address of this Wiki
 ```
 gam help
-GAM 7.22.00 - https://github.com/GAM-team/GAM
+GAM 7.25.00 - https://github.com/GAM-team/GAM
 GAM Team <google-apps-manager@googlegroups.com>
-Python 3.13.7 64-bit final
+Python 3.14.0 64-bit final
 macOS Tahoe 26.0.1 x86_64
 Path: /Users/Admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com

wiki/gam.cfg.md

@@ -140,6 +140,11 @@ cmdlog_max_kilo_bytes
         Maximum kilobytes per log file
         Default: 1000
         Range: 100 - 10000
+commanddata_clientaccess
+        Enable/disable use of client access rather than service account access for the
+        admin specified in `gam oauth create` when reading command data from Docs and Sheets
+        to which it has access.
+        Default: False
 config_dir
         GAM config directory containing client_secrets.json, oauth2.txt, oauth2service.json
         and extra_args.txt