gam ADV Group calendar does not exist
269 views
Skip to first unread message
Duncan Isaksen-Loxton
Aug 16, 2023, 3:56:58 AM8/16/23
to GAM for Google Workspace
Hi Folks,
I've got a user trying to add calendar to her view in calendar.google.com as a secondary.
From what I can tell listing out all the calendars (gam all users print calendars) it is one that ends in xxx...@group.calendar.google.com
However, when I look for it and try to find ACLs
gam calendar xxx...@group.calendar.google.com showacl
Calendar: xxx...@group.calendar.google.com, Show Failed: Does not exist
Calendar: xxx...@group.calendar.google.com, Show Failed: Does not exist
What is going on?
Ross Scroggs
Aug 16, 2023, 10:09:51 AM8/16/23
to google-ap...@googlegroups.com
Duncan,
Typically these calendars are named: domain.co...@group.calendar.com
Try: gam calendar domain.co...@group.calendar.google.com showacl
Ross
--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/03b178cf-d076-4bb4-a39e-189fe9361891n%40googlegroups.com.
Ross Scroggs
Duncan Isaksen-Loxton
Aug 17, 2023, 12:28:00 AM8/17/23
to google-ap...@googlegroups.com
Hi Ross,
I'm not having much luck there either
gam calendar axxxxxxxe.com.au_c_...@group.calendar.google.com showacl
Also tried:
gam calendar axxxxxxxe.com.au_0...@group.calendar.google.com showacl
What is going on?!
You received this message because you are subscribed to a topic in the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/ehOwwGXby6w/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAJkvRS8SynvetJmyJbwjHh7neZp5hx1sFuLQz4MLUKhb5EBB9Q%40mail.gmail.com.
Duncan Isaksen-Loxton
Aug 20, 2023, 7:18:38 PM8/20/23
to GAM for Google Workspace
Hi Ross,
Any chance I could get 10 minutes on one of your legendary screenshares?
Ross Scroggs
Aug 20, 2023, 10:21:35 PM8/20/23
to google-ap...@googlegroups.com
I'm available now, 7:21PM PDT.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/c0e2ceb8-ce48-4d47-89c5-b8fa19ec9d0bn%40googlegroups.com.
Duncan Isaksen-Loxton
Aug 20, 2023, 10:24:32 PM8/20/23
to google-ap...@googlegroups.com
Hi Ross,
I just sent you an invite - thank you!
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/F4B4A9C4-2EF1-4E09-B809-DB98FAD8105F%40gmail.com.
Duncan Isaksen-Loxton
Aug 22, 2023, 12:12:08 AM8/22/23
to GAM for Google Workspace
For anyone else's sanity in the future here is what we found. Thanks Ross for your time as always.
The goal was to help a user get access to a calendar without knowing the exact name, and having only a calendar URL to go by. We also didn't know who the primary owner is of the calendar.
If you have nothing more than a Calendar name, you will find anything pretty hard, so you would need to index out all the calendars in the organisation
gam all users print calendars minaccessrole owner nosystem
In there you should be able to then find the Id of the calendar (by searching for its name) that can look like this u6xxxxxxxx...@group.calendar.google.com or have the primary domain prepended like this domain.com_u6xx...@group.calendar.google.com - at this point I'm not sure what the difference is.
We tried the domain prefix first:
Running the super admin version gam calendar domain.com_u6xx...@group.calendar.google.com show acls results in a "Show Failed: Does not exist"
Running as a best guess user with rights gam user chanel show calendaracls domain.com_u6xx...@group.calendar.google.com results in a "Show Failed: Forbidden"
So no luck with the domain prepended version.
Trying the non prepended version: gam calendar u6xxxxxxxx...@group.calendar.google.com show acls results in a "Show Failed: Does not exist" - this is because super admins can't deal in calendars of this type (we believe it to be a secondary calendar.
So we had to go hunting for an actor that had this power, via reports, that made a change to the calendar ACLS
gam report calendars events change_calendar_acls filter "calendar_id==u6xxxxxxxx...@group.calendar.google.com"
This also meant this user was able to modify ACLs via the API as well
One of the columns here would be `actor.email` - these would be the people that have sufficient power to provide access `access_level` to the `grantee_email`. Using this actor email we then had success:
gam user chanel show calendaracls u6xxxxxxxx...@group.calendar.google.com
User: cha...@domain.com, Show Calendar ACLs from 1 Calendar
Calendar: u6xxxxxxxx...@group.calendar.google.com, Show 17 Calendar ACLs
Scope: user:u6xxxxxxxx...@group.calendar.google.com, Role: owner (1/17)
Scope: user:ven...@domain.com, Role: owner (2/17)
Calendar: u6xxxxxxxx...@group.calendar.google.com, Show 17 Calendar ACLs
Scope: user:u6xxxxxxxx...@group.calendar.google.com, Role: owner (1/17)
Scope: user:ven...@domain.com, Role: owner (2/17)
This also meant this user was able to modify ACLs via the API as well
gam user chanel add calendaracls u6xxxxxxxx...@group.calendar.google.com freeBusyReader steven
eh voila.
Sam Greilick
May 28, 2024, 7:44:05 PM5/28/24
to GAM for Google Workspace
Thank you so much. Fantastic explanation.
Reply all
Reply to author
Forward
0 new messages