Reputation: 613
Gsuit admin sdk how to find what role a particular user assigned
It is well documneted here that in Gsuit there are 6 Pre-built administrator roles and we can assign any custom role to user
- Super Admin
- Groups Admin
- User Management Admin
- Help Desk Admin
- Services Admin
- Reseller Admin
I can fetch all the roles in any gsuit account using admin.directory.rolemanagement,in response items contains list of all 6 roles-
- _SEED_ADMIN_ROLE
- _GROUPS_ADMIN_ROLE
- _USER_MANAGEMENT_ADMIN_ROLE
- _HELP_DESK_ADMIN_ROLE
- _SERVICE_ADMIN_ROLE
- _PLAY_FOR_WORK_ADMIN_ROLE
below is sample response.
{
"kind": "admin#directory#roles",
"etag": "\"BHP2ZsIq1HPrqEG_xY7Tkngn4lU/aNSm49szAAWjtQ6SLWG_peDst5I\"",
"items": [
{
"kind": "admin#directory#role",
"etag": "\"BHP2ZsIq1HPrqEG_xY7Tkngn4lU/GNyl5JrVAyPUAIIlrwnibCSKClQ\"",
"roleId": "11870025812017153",
"roleName": "_SEED_ADMIN_ROLE",
"roleDescription": "Google Apps Administrator Seed Role",
"isSystemRole": true,
"isSuperAdminRole": true
},
{
...Role2
},
....
]
}
But I am unable to find what role a particular user assigned
when I fetch any user details using G Suite Admin SDK getting below sample json
{
"kind": "admin#directory#user",
"id": "1071482697096977",
"etag": "\"BHP2ZsIq1HPrqEG_xY7Tkngn4lU/xqnEb7WwzCINHQT7UJn28\"",
"primaryEmail": "[email protected]",
"name": {},
"isAdmin": false,
"isDelegatedAdmin": false,,
"suspended": false,
"ipWhitelisted": false,
"emails": [
{
"address": "",
"primary": true
}
],
"nonEditableAliases": [""],
"customerId": "accounts customerId",
"orgUnitPath": "/",
"isMailboxSetup": true,
"isEnrolledIn2Sv": false,
"isEnforcedIn2Sv": false,
"includeInGlobalAddressList": true
}
Is there any way to Identify which of above 6 roles is assigned to user,since in admin sdk API is returning a single key isAdmin.Is this isAdmin would be true if any type of admin role is assigned to user.
Upvotes: 2
Views: 967
Answers (1)
Reputation: 21
You can use this API to list all the users who have been assigned a particular role (by passing the role ID) and a particular domain(the customer id).
There is an optional query parameter for user key which if passed, will help you know if that particular user has been assigned that role or not.
It will work for all delegated admins, and I guess that's what you need, because a super admin (isAdmin) anyway will have an access to that particular role.
P.S I know it's probably too late for the guy who asked this question but anyone who needed this to be figured out, this answer is for you.
Upvotes: 2
Related Questions
- Determine Whether User is Group Member
- Google Admin SDK: Get a list of groups that a user belongs to
- Is there an API to get which user groups are assigned to a certain application in Google Workspace?
- How can I get assigned custom roles of a G Suite user from Google API?
- Is there an google (REST) API to list the Admin Roles in a Google Apps account?
- How do I know if a Google Apps user is not an admin?
- How can I find the Google Apps Owner / Admin via Google APIs?
- Getting list of users in Google Admin SDK
- Google groups admin SDK owners and members
- How to get the admin status of a Google Apps user