Administrators

Administrators

• Administrator roles documentation
• API documentation
• Definitions
• Display administrative privileges
• Manage administrative roles
• Display administrative roles
• Create an administrator
• Delete an administrator
• Display administrators

Administrator roles documentation

• https://support.google.com/a/answer/33325?ref_topic=4514341

API documentation

• https://developers.google.com/admin-sdk/directory/reference/rest/v1/privileges
• https://developers.google.com/admin-sdk/directory/reference/rest/v1/roles
• https://developers.google.com/admin-sdk/directory/reference/rest/v1/roleAssignments

Definitions

<DomainName> ::= <String>(.<String>)+
<EmailAddress> ::= <String>@<DomainName>
<OrgUnitID> ::= id:<String>
<OrgUnitPath> ::= /|(/<String)+
<OrgUnitItem> ::= <OrgUnitID>|<OrgUnitPath>
<Privilege> ::= <String>
<PrivilegeList> ::= "<Privilege>(,<Privilege)*"
<RoleAssignmentID> ::= <String>
<RoleItem> ::= id:<String>|uid:<String>|<String>
<UniqueID> ::= uid:<String>
<UserItem> ::= <EmailAddress>|<UniqueID>|<String>

Display administrative privileges

gam print privileges [todrive <ToDriveAttribute>*]
gam show privileges

Manage administrative roles

gam create adminrole <String> privileges all|all_ou|<PrivilegeList> [description <String>]
gam update adminrole <RoleItem> [name <String>] [privileges all|all_ou|<PrivilegeList>] [description <String>]
gam delete adminrole <RoleItem>

• privileges all - All defined privileges
• privileges all_ou - All defined privileges than can be scoped to an OU
• privileges <PrivilegeList> - A specific list of privileges

Display administrative roles

gam print adminroles|roles [todrive <ToDriveAttribute>*] [privileges]
gam show adminroles|roles [todrive <ToDriveAttribute>*]

• privileges - show privileges associated with each role.

Create an administrator

gam create admin <UserItem> <RoleItem> customer|(org_unit <OrgUnitItem>)

• customer - The administrator can manage all organization units
• org_unit <OrgUnitItem> - The administrator can manage the specified organization unit

Delete an administrator

gam delete admin <RoleAssignmentId>

Display administrators

gam print admins [todrive <ToDriveAttribute>*] [(user <UserItem>)|(role <RoleItem>)]
gam show admins [(user <UserItem>)|(role <RoleItem>)]

By default, all administrators and roles are displayed; choose one of the following mutually exclusive options to limit the display:

• user <UserItem> - Display only this administrator
• role <RoleItem> - Display only administrators with this role

If you want to limit the display to a particular role for a user you can use output row filtering to achieve what you want:

gam config csv_output_row_filter "roleId:regex:597407939166209" print admin user [email protected]
gam config csv_output_row_filter "assignedToUser:regex:^[email protected]$" print admin role id:597407939166209