Skip to content

Administrators

Jump to bottom
Ross Scroggs edited this page Jul 6, 2022 · 20 revisions

Administrators

Administrator roles documentation

API documentation

Definitions

<DomainName> ::= <String>(.<String>)+
<EmailAddress> ::= <String>@<DomainName>
<OrgUnitID> ::= id:<String>
<OrgUnitPath> ::= /|(/<String)+
<OrgUnitItem> ::= <OrgUnitID>|<OrgUnitPath>
<Privilege> ::= <String>
<PrivilegeList> ::= "<Privilege>(,<Privilege)*"
<RoleAssignmentID> ::= <String>
<RoleItem> ::= id:<String>|uid:<String>|<String>
<UniqueID> ::= uid:<String>
<UserItem> ::= <EmailAddress>|<UniqueID>|<String>

Display administrative privileges

gam print privileges [todrive <ToDriveAttribute>*]
gam show privileges

Here is the output from gam show privileges; use this to find <Privilege>.

Show 82 Privileges
  Privilege: MANAGE_CSE_SETTINGS (1/82)
    serviceId: 02pta16n4hxgyp2
    serviceName: Unknown
    isOuScopable: False
  Privilege: MANAGE_PLAY_FOR_WORK_STORE (2/82)
    serviceId: 00tyjcwt49hs5nq
    serviceName: play_for_work
    isOuScopable: False
  Privilege: MANAGE_ENTERPRISE_PRIVATE_APPS (3/82)
    serviceId: 00tyjcwt49hs5nq
    serviceName: play_for_work
    isOuScopable: False
  Privilege: MANAGE_EXTERNALLY_HOSTED_APK_UPLOAD_IN_PLAY (4/82)
    serviceId: 00tyjcwt49hs5nq
    serviceName: play_for_work
    isOuScopable: False
  Privilege: MANAGE_PLAY_FOR_WORK_STORE (5/82)
    serviceId: 02w5ecyt3pkeyqi
    serviceName: Unknown
    isOuScopable: False
  Privilege: MANAGE_ENTERPRISE_PRIVATE_APPS (6/82)
    serviceId: 02w5ecyt3pkeyqi
    serviceName: Unknown
    isOuScopable: False
  Privilege: MANAGE_EXTERNALLY_HOSTED_APK_UPLOAD_IN_PLAY (7/82)
    serviceId: 02w5ecyt3pkeyqi
    serviceName: Unknown
    isOuScopable: False
  Privilege: APP_ADMIN (8/82)
    serviceId: 01ci93xb43sd8me
    serviceName: Unknown
    isOuScopable: True
    childPrivileges: 2
      Privilege: DELEGATES_READ (1/2)
        serviceId: 01ci93xb43sd8me
        serviceName: Unknown
        isOuScopable: True
      Privilege: DELEGATES_WRITE (2/2)
        serviceId: 01ci93xb43sd8me
        serviceName: Unknown
        isOuScopable: True
  Privilege: APP_ADMIN (9/82)
    serviceId: 03cqmetx3hnlpuf
    serviceName: gplus
    isOuScopable: False
  Privilege: GPLUS_SQUARE_BATCH_ADD (10/82)
    serviceId: 03cqmetx3hnlpuf
    serviceName: gplus
    isOuScopable: False
  Privilege: GPLUS_CONTENT_MANAGER_PRIVILEGE (11/82)
    serviceId: 03cqmetx3hnlpuf
    serviceName: gplus
    isOuScopable: False
  Privilege: APP_ADMIN (12/82)
    serviceId: 039kk8xu49mji9t
    serviceName: gmail
    isOuScopable: False
  Privilege: ACCESS_EMAIL_LOG_SEARCH (13/82)
    serviceId: 039kk8xu49mji9t
    serviceName: gmail
    isOuScopable: False
  Privilege: ACCESS_ADMIN_QUARANTINE (14/82)
    serviceId: 039kk8xu49mji9t
    serviceName: gmail
    isOuScopable: False
  Privilege: ACCESS_RESTRICTED_QUARANTINE (15/82)
    serviceId: 039kk8xu49mji9t
    serviceName: gmail
    isOuScopable: False
  Privilege: APP_ADMIN (16/82)
    serviceId: 01tuee744837sjz
    serviceName: Unknown
    isOuScopable: False
  Privilege: MANAGE_COURSE_SETTINGS (17/82)
    serviceId: 037m2jsg4g9nirj
    serviceName: Unknown
    isOuScopable: True
  Privilege: MANAGE_LTI_CREDENTIAL_MANAGEMENT_MODE (18/82)
    serviceId: 037m2jsg4g9nirj
    serviceName: Unknown
    isOuScopable: True
  Privilege: APP_ADMIN (19/82)
    serviceId: 01yyy98l4k9lq4l
    serviceName: directory
    isOuScopable: False
    childPrivileges: 3
      Privilege: DIRECTORY_SETTINGS_READONLY (1/3)
        serviceId: 01yyy98l4k9lq4l
        serviceName: directory
        isOuScopable: False
        childPrivileges: 2
          Privilege: PROFILE_EDITABILITY_READONLY (1/2)
            serviceId: 01yyy98l4k9lq4l
            serviceName: directory
            isOuScopable: False
          Privilege: CUSTOM_DIRECTORY_READONLY (2/2)
            serviceId: 01yyy98l4k9lq4l
            serviceName: directory
            isOuScopable: False
      Privilege: PROFILE_EDITABILITY_READWRITE (2/3)
        serviceId: 01yyy98l4k9lq4l
        serviceName: directory
        isOuScopable: False
      Privilege: CUSTOM_DIRECTORY_READWRITE (3/3)
        serviceId: 01yyy98l4k9lq4l
        serviceName: directory
        isOuScopable: False
  Privilege: LDAP_MANAGER (20/82)
    serviceId: 02lwamvv18la4iw
    serviceName: ldap
    isOuScopable: False
  Privilege: LDAP_PASSWORD_REBIND (21/82)
    serviceId: 02lwamvv18la4iw
    serviceName: ldap
    isOuScopable: True
    childPrivileges: 1
      Privilege: LDAP_PASSWORD_REBIND_READONLY
        serviceId: 02lwamvv18la4iw
        serviceName: ldap
        isOuScopable: True
  Privilege: APP_ADMIN (22/82)
    serviceId: 0319y80a15kueje
    serviceName: Unknown
    isOuScopable: False
  Privilege: APP_ADMIN (23/82)
    serviceId: 044sinio4cntx2o
    serviceName: Unknown
    isOuScopable: False
  Privilege: APP_ADMIN (24/82)
    serviceId: 01ksv4uv2d2noaq
    serviceName: sites
    isOuScopable: False
  Privilege: ADMIN_DASHBOARD (25/82)
    serviceId: 01ci93xb3tmzyin
    serviceName: admin
    isOuScopable: True
  Privilege: SERVICES (26/82)
    serviceId: 01ci93xb3tmzyin
    serviceName: admin
    isOuScopable: False
  Privilege: SECURITY_SETTINGS (27/82)
    serviceId: 01ci93xb3tmzyin
    serviceName: admin
    isOuScopable: False
  Privilege: SUPPORT (28/82)
    serviceId: 01ci93xb3tmzyin
    serviceName: admin
    isOuScopable: False
  Privilege: ADMIN_DOMAIN_SETTINGS (29/82)
    serviceId: 01ci93xb3tmzyin
    serviceName: admin
    isOuScopable: False
  Privilege: REPORTS (30/82)
    serviceId: 01ci93xb3tmzyin
    serviceName: admin
    isOuScopable: False
  Privilege: ADMIN_DASHBOARD (31/82)
    serviceId: 01ci93xb3tmzyin
    serviceName: admin
    isOuScopable: True
  Privilege: SERVICES (32/82)
    serviceId: 01ci93xb3tmzyin
    serviceName: admin
    isOuScopable: False
  Privilege: SUPPORT (33/82)
    serviceId: 01ci93xb3tmzyin
    serviceName: admin
    isOuScopable: False
  Privilege: REPORTS (34/82)
    serviceId: 01ci93xb3tmzyin
    serviceName: admin
    isOuScopable: False
  Privilege: APP_ADMIN (35/82)
    serviceId: 03fwokq01e2ht7x
    serviceName: Unknown
    isOuScopable: False
    childPrivileges: 1
      Privilege: UDM_NETWORK_ADMIN
        serviceId: 03fwokq01e2ht7x
        serviceName: Unknown
        isOuScopable: True
  Privilege: ADMIN_MATTER (36/82)
    serviceId: 03l18frh45c63dw
    serviceName: vault
    isOuScopable: True
  Privilege: REMOVE_HOLD (37/82)
    serviceId: 03l18frh45c63dw
    serviceName: vault
    isOuScopable: True
  Privilege: MANAGE_SEARCHES (38/82)
    serviceId: 03l18frh45c63dw
    serviceName: vault
    isOuScopable: True
  Privilege: MANAGE_EXPORTS (39/82)
    serviceId: 03l18frh45c63dw
    serviceName: vault
    isOuScopable: True
  Privilege: MANAGE_RETENTION_POLICY (40/82)
    serviceId: 03l18frh45c63dw
    serviceName: vault
    isOuScopable: False
    childPrivileges: 1
      Privilege: VIEW_RETENTION_POLICY
        serviceId: 03l18frh45c63dw
        serviceName: vault
        isOuScopable: False
  Privilege: AUDIT_SYSTEM (41/82)
    serviceId: 03l18frh45c63dw
    serviceName: vault
    isOuScopable: False
  Privilege: ACCESS_ALL_MATTERS (42/82)
    serviceId: 03l18frh45c63dw
    serviceName: vault
    isOuScopable: False
  Privilege: APP_ADMIN (43/82)
    serviceId: 02afmg282jiquyg
    serviceName: device_management
    isOuScopable: False
  Privilege: APP_ADMIN (44/82)
    serviceId: 037m2jsg3ckz96v
    serviceName: calendar
    isOuScopable: False
    childPrivileges: 2
      Privilege: CALENDAR_SETTINGS (1/2)
        serviceId: 037m2jsg3ckz96v
        serviceName: calendar
        isOuScopable: False
      Privilege: CALENDAR_RESOURCE (2/2)
        serviceId: 037m2jsg3ckz96v
        serviceName: calendar
        isOuScopable: False
        childPrivileges: 2
          Privilege: ROOM_INSIGHTS_DASHBOARD_ACCESS (1/2)
            serviceId: 037m2jsg3ckz96v
            serviceName: calendar
            isOuScopable: False
          Privilege: CALENDAR_RESOURCE_MANAGE (2/2)
            serviceId: 037m2jsg3ckz96v
            serviceName: calendar
            isOuScopable: False
  Privilege: APP_ADMIN (45/82)
    serviceId: 03dy6vkm2sk0pzo
    serviceName: docs
    isOuScopable: False
    childPrivileges: 5
      Privilege: DOCS_TEMPLATE_ADMIN (1/5)
        serviceId: 03dy6vkm2sk0pzo
        serviceName: docs
        isOuScopable: False
      Privilege: MIGRATE_TO_TEAM_DRIVE (2/5)
        serviceId: 03dy6vkm2sk0pzo
        serviceName: docs
        isOuScopable: False
      Privilege: WRITE_APPS_METADATA_SCHEMAS (3/5)
        serviceId: 03dy6vkm2sk0pzo
        serviceName: docs
        isOuScopable: False
      Privilege: VIEW_SITE_DETAILS (4/5)
        serviceId: 03dy6vkm2sk0pzo
        serviceName: docs
        isOuScopable: False
      Privilege: MANAGE_CLASSIC_GOOGLE_SITES (5/5)
        serviceId: 03dy6vkm2sk0pzo
        serviceName: docs
        isOuScopable: False
  Privilege: APP_ACCESS (46/82)
    serviceId: 03cqmetx1vygwki
    serviceName: Unknown
    isOuScopable: False
  Privilege: ORGANIZATION_UNITS_ALL (47/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: True
    childPrivileges: 4
      Privilege: ORGANIZATION_UNITS_CREATE (1/4)
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: True
      Privilege: ORGANIZATION_UNITS_RETRIEVE (2/4)
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: True
      Privilege: ORGANIZATION_UNITS_UPDATE (3/4)
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: True
      Privilege: ORGANIZATION_UNITS_DELETE (4/4)
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: True
  Privilege: USERS_ALL (48/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: True
    childPrivileges: 5
      Privilege: USERS_CREATE (1/5)
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: True
      Privilege: USERS_RETRIEVE (2/5)
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: True
      Privilege: USERS_UPDATE (3/5)
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: True
        childPrivileges: 6
          Privilege: USERS_ALIAS (1/6)
            serviceId: 00haapch16h1ysv
            serviceName: admin_apis
            isOuScopable: True
          Privilege: USERS_MOVE (2/6)
            serviceId: 00haapch16h1ysv
            serviceName: admin_apis
            isOuScopable: True
          Privilege: USERS_RESET_PASSWORD (3/6)
            serviceId: 00haapch16h1ysv
            serviceName: admin_apis
            isOuScopable: True
          Privilege: USERS_FORCE_PASSWORD_CHANGE (4/6)
            serviceId: 00haapch16h1ysv
            serviceName: admin_apis
            isOuScopable: True
          Privilege: USERS_ADD_NICKNAME (5/6)
            serviceId: 00haapch16h1ysv
            serviceName: admin_apis
            isOuScopable: True
          Privilege: USERS_SUSPEND (6/6)
            serviceId: 00haapch16h1ysv
            serviceName: admin_apis
            isOuScopable: True
      Privilege: USERS_UPDATE_CUSTOM_ATTRIBUTES_USER_PRIVILEGE_GROUP (4/5)
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: True
      Privilege: USERS_DELETE (5/5)
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: True
  Privilege: GROUPS_ALL (49/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: False
    childPrivileges: 4
      Privilege: GROUPS_CREATE (1/4)
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: False
      Privilege: GROUPS_RETRIEVE (2/4)
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: False
      Privilege: GROUPS_UPDATE (3/4)
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: False
      Privilege: GROUPS_DELETE (4/4)
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: False
  Privilege: USER_SECURITY_ALL (50/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: True
  Privilege: DATATRANSFER_API_PRIVILEGE_GROUP (51/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: False
  Privilege: DOMAIN_REGISTRATION_MANAGEMENT (52/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: False
  Privilege: SCHEMA_MANAGEMENT (53/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: False
    childPrivileges: 1
      Privilege: SCHEMA_RETRIEVE
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: False
  Privilege: LICENSING (54/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: False
    childPrivileges: 1
      Privilege: LICENSING_READ
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: False
  Privilege: BILLING (55/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: False
    childPrivileges: 1
      Privilege: BILLING_READ
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: False
  Privilege: SAML2_SERVICE_PROVIDER (56/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: False
  Privilege: DOMAIN_MANAGEMENT (57/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: False
  Privilege: UPGRADE_CONSUMER_CONVERSION (58/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: False
  Privilege: TRUSTED_DOMAIN_WHITELIST_WRITE (59/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: False
    childPrivileges: 1
      Privilege: TRUSTED_DOMAIN_WHITELIST_READ
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: False
  Privilege: GROUPS_MANAGE_SECURITY_LABEL (60/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: False
  Privilege: ADMIN_REPORTING_ACCESS (61/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: False
    childPrivileges: 1
      Privilege: REPORTING_AUDIT_ACCESS
        serviceId: 00haapch16h1ysv
        serviceName: admin_apis
        isOuScopable: False
  Privilege: SUPPORT_PRIVILEGE_GROUP (62/82)
    serviceId: 00haapch16h1ysv
    serviceName: admin_apis
    isOuScopable: False
  Privilege: APPS_INCIDENTS_FULL_ACCESS (63/82)
    serviceId: 02pta16n3efhw69
    serviceName: Unknown
    isOuScopable: False
    childPrivileges: 2
      Privilege: APPS_INCIDENTS_READONLY (1/2)
        serviceId: 02pta16n3efhw69
        serviceName: Unknown
        isOuScopable: False
      Privilege: APPS_INCIDENTS_VIEW_VIRUSTOTAL_REPORTS (2/2)
        serviceId: 02pta16n3efhw69
        serviceName: Unknown
        isOuScopable: False
  Privilege: APP_ADMIN (64/82)
    serviceId: 019c6y1840fzfkt
    serviceName: classroom
    isOuScopable: True
  Privilege: APP_ADMIN (65/82)
    serviceId: 037m2jsg46www3g
    serviceName: Unknown
    isOuScopable: False
  Privilege: MANAGE_DYNAMITE_SETTINGS (66/82)
    serviceId: 03whwml44f3n4vd
    serviceName: Unknown
    isOuScopable: False
  Privilege: APP_ADMIN (67/82)
    serviceId: 03hv69ve4bjwe54
    serviceName: Unknown
    isOuScopable: True
    childPrivileges: 6
      Privilege: MANAGE_CHROME_USER_SETTINGS (1/6)
        serviceId: 03hv69ve4bjwe54
        serviceName: Unknown
        isOuScopable: True
        childPrivileges: 2
          Privilege: MANAGE_CHROME_APPLICATION_SETTINGS (1/2)
            serviceId: 03hv69ve4bjwe54
            serviceName: Unknown
            isOuScopable: True
          Privilege: MANAGE_CHROME_WEB_SETTINGS (2/2)
            serviceId: 03hv69ve4bjwe54
            serviceName: Unknown
            isOuScopable: True
      Privilege: MANAGE_CHROME_BROWSERS (2/6)
        serviceId: 03hv69ve4bjwe54
        serviceName: Unknown
        isOuScopable: True
        childPrivileges: 1
          Privilege: MANAGED_CHROME_BROWSERS_READ_ONLY
            serviceId: 03hv69ve4bjwe54
            serviceName: Unknown
            isOuScopable: True
      Privilege: VIEW_CHROME_REPORTS (3/6)
        serviceId: 03hv69ve4bjwe54
        serviceName: Unknown
        isOuScopable: True
        childPrivileges: 4
          Privilege: VIEW_CHROME_EXTENSIONS_REPORT (1/4)
            serviceId: 03hv69ve4bjwe54
            serviceName: Unknown
            isOuScopable: True
          Privilege: VIEW_CHROME_VERSION_REPORT (2/4)
            serviceId: 03hv69ve4bjwe54
            serviceName: Unknown
            isOuScopable: True
          Privilege: VIEW_CHROME_INSIGHTS_REPORT (3/4)
            serviceId: 03hv69ve4bjwe54
            serviceName: Unknown
            isOuScopable: True
          Privilege: VIEW_CHROME_PRINTERS_REPORT (4/4)
            serviceId: 03hv69ve4bjwe54
            serviceName: Unknown
            isOuScopable: True
      Privilege: MANAGE_PRINTERS (4/6)
        serviceId: 03hv69ve4bjwe54
        serviceName: Unknown
        isOuScopable: True
      Privilege: MANAGE_DEVICES (5/6)
        serviceId: 03hv69ve4bjwe54
        serviceName: Unknown
        isOuScopable: True
        childPrivileges: 2
          Privilege: MANAGE_DEVICES_READ_ONLY (1/2)
            serviceId: 03hv69ve4bjwe54
            serviceName: Unknown
            isOuScopable: True
            childPrivileges: 1
              Privilege: TELEMETRY_API
                serviceId: 03hv69ve4bjwe54
                serviceName: Unknown
                isOuScopable: True
                childPrivileges: 19
                  Privilege: TELEMETRY_API_AUDIO_REPORT (1/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_BUS_DEVICE_INFO (2/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_DEVICE_ID (3/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_NETWORK_DIAGNOSTICS_REPORT (4/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_ORG_UNIT_ID (5/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_OS_REPORT (6/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_SERIAL_NUMBER (7/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_CPU_INFO (8/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_CPU_REPORT (9/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_MEMORY_INFO (10/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_MEMORY_REPORT (11/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_GRAPHICS_INFO (12/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_GRAPHICS_REPORT (13/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_BATTERY_INFO (14/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_BATTERY_REPORT (15/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_STORAGE_INFO (16/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_STORAGE_REPORT (17/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_NETWORK_INFO (18/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
                  Privilege: TELEMETRY_API_NETWORK_REPORT (19/19)
                    serviceId: 03hv69ve4bjwe54
                    serviceName: Unknown
                    isOuScopable: True
          Privilege: DEVICE_ACTION_CRD (2/2)
            serviceId: 03hv69ve4bjwe54
            serviceName: Unknown
            isOuScopable: True
      Privilege: MANAGE_DEVICE_SETTINGS (6/6)
        serviceId: 03hv69ve4bjwe54
        serviceName: Unknown
        isOuScopable: True
  Privilege: MANAGE_DIRECTORY_SYNC_SETTINGS (68/82)
    serviceId: 0147n2zr1ynkkmf
    serviceName: Unknown
    isOuScopable: False
    childPrivileges: 1
      Privilege: READ_DIRECTORY_SYNC_SETTINGS
        serviceId: 0147n2zr1ynkkmf
        serviceName: Unknown
        isOuScopable: False
  Privilege: APP_ADMIN (69/82)
    serviceId: 0279ka651l5iy5q
    serviceName: Unknown
    isOuScopable: False
    childPrivileges: 1
      Privilege: ADMIN_QUALITY_DASHBOARD_ACCESS
        serviceId: 0279ka651l5iy5q
        serviceName: Unknown
        isOuScopable: False
  Privilege: SECURITY_SETTINGS (70/82)
    serviceId: 00vx122734tbite
    serviceName: Unknown
    isOuScopable: False
    childPrivileges: 1
      Privilege: INBOUND_SSO_SETTINGS
        serviceId: 00vx122734tbite
        serviceName: Unknown
        isOuScopable: False
  Privilege: VIEW_DLP_RULE (71/82)
    serviceId: 02250f4o3hg8pg8
    serviceName: Unknown
    isOuScopable: False
  Privilege: MANAGE_DLP_RULE (72/82)
    serviceId: 02250f4o3hg8pg8
    serviceName: Unknown
    isOuScopable: False
  Privilege: APP_ADMIN (73/82)
    serviceId: 00nmf14n14wtgcf
    serviceName: app_maker
    isOuScopable: False
  Privilege: VIEW_ALL_PROJECTS (74/82)
    serviceId: 00nmf14n14wtgcf
    serviceName: app_maker
    isOuScopable: False
  Privilege: APP_ADMIN (75/82)
    serviceId: 02zbgiuw2wdxo5p
    serviceName: youtube
    isOuScopable: False
  Privilege: APP_ADMIN (76/82)
    serviceId: 03as4poj2zjehv7
    serviceName: Unknown
    isOuScopable: False
  Privilege: APP_ADMIN (77/82)
    serviceId: 02afmg283v5nmx6
    serviceName: Unknown
    isOuScopable: False
    childPrivileges: 1
      Privilege: ADMIN_QUALITY_DASHBOARD_ACCESS
        serviceId: 02afmg283v5nmx6
        serviceName: Unknown
        isOuScopable: False
  Privilege: APP_ADMIN (78/82)
    serviceId: 00upglbi0qz687j
    serviceName: takeout
    isOuScopable: False
  Privilege: CLOUD_PRINT_MANAGER (79/82)
    serviceId: 02bn6wsx379ol8g
    serviceName: cloud_print
    isOuScopable: False
  Privilege: MANAGE_AGE_BASED_ACCESS_SETTINGS_AGE_LABEL (80/82)
    serviceId: 046r0co22dnadsi
    serviceName: Unknown
    isOuScopable: True
    childPrivileges: 1
      Privilege: AGE_BASED_ACCESS_SETTINGS_AGE_LABEL_READ
        serviceId: 046r0co22dnadsi
        serviceName: Unknown
        isOuScopable: True
  Privilege: APP_ADMIN (81/82)
    serviceId: 04f1mdlm0ki64aw
    serviceName: cros
    isOuScopable: True
    childPrivileges: 7
      Privilege: MANAGE_DEVICES (1/7)
        serviceId: 04f1mdlm0ki64aw
        serviceName: cros
        isOuScopable: True
      Privilege: MANAGE_USER_SETTINGS (2/7)
        serviceId: 04f1mdlm0ki64aw
        serviceName: cros
        isOuScopable: True
        childPrivileges: 1
          Privilege: MANAGE_APPLICATION_SETTINGS
            serviceId: 04f1mdlm0ki64aw
            serviceName: cros
            isOuScopable: True
      Privilege: MANAGE_DEVICE_SETTINGS (3/7)
        serviceId: 04f1mdlm0ki64aw
        serviceName: cros
        isOuScopable: True
      Privilege: MANAGE_BROWSERS (4/7)
        serviceId: 04f1mdlm0ki64aw
        serviceName: cros
        isOuScopable: True
      Privilege: VIEW_EXTENSIONS_REPORT (5/7)
        serviceId: 04f1mdlm0ki64aw
        serviceName: cros
        isOuScopable: True
      Privilege: VIEW_VERSION_REPORT (6/7)
        serviceId: 04f1mdlm0ki64aw
        serviceName: cros
        isOuScopable: True
      Privilege: MANAGE_PRINTERS (7/7)
        serviceId: 04f1mdlm0ki64aw
        serviceName: cros
        isOuScopable: True
  Privilege: APP_ADMIN (82/82)
    serviceId: 02et92p02l9sq0n
    serviceName: Unknown
    isOuScopable: True

Manage administrative roles

gam create adminrole <String> privileges all|all_ou|<PrivilegeList> [description <String>]
gam update adminrole <RoleItem> [name <String>] [privileges all|all_ou|<PrivilegeList>] [description <String>]
gam delete adminrole <RoleItem>
  • privileges all - All defined privileges
  • privileges all_ou - All defined privileges than can be scoped to an OU
  • privileges <PrivilegeList> - A specific list of privileges

Display administrative roles

gam print adminroles|roles [todrive <ToDriveAttribute>*] [privileges]
gam show adminroles|roles [todrive <ToDriveAttribute>*]
  • privileges - show privileges associated with each role.

Create an administrator

gam create admin <UserItem> <RoleItem> customer|(org_unit <OrgUnitItem>)
        [condition securitygroup|nonsecuritygroup]
  • customer - The administrator can manage all organization units
  • org_unit <OrgUnitItem> - The administrator can manage the specified organization unit

The option condition limits the conditions for delegate admin access. This currently only works with the _GROUPS_EDITOR_ROLE and _GROUPS_READER_ROLE roles.

  • condition securitygroup - limit the delegated admin to managing security groups
  • condition nonsecuritygroup - limit the delegated admin to managing non-security groups

Delete an administrator

gam delete admin <RoleAssignmentId>

Display administrators

gam print admins [todrive <ToDriveAttribute>*] [user <UserItem>] [role <RoleItem>] [condition]
gam show admins [user <UserItem>] [role <RoleItem>] [condition]

By default, all administrators and roles are displayed; choose from the following options to limit the display:

  • user <UserItem> - Display only this administrator
  • role <RoleItem> - Display only administrators with this role

Use condition to display any conditions associated with a role assignment.

In versions prior to 6.07.01, specification of both user <UserItem> and role <RoleItem> generated no output due to an undocumented API rule that disallows both.

Need more help? Ask on the GAM Discussion Group

Update History

Installation

Configuration

Notes and Information

Definitions

Command Processing

Collections

Client Access

Special Service Account Access

Service Account Access

Clone this wiki locally