Permission required to allow non-super admins to grant delegate access
390 views
Skip to first unread message
Raffi Parikian
Aug 20, 2013, 5:26:04 PM8/20/13
to google-ap...@googlegroups.com
We have some admins who are not super admins and they need to setup people as delegates. They are unable to run the command. See below.
COMMAND
gam user jane.doe delegate to john.doe
ERROR
Giving john...@dreamworks.com delegate access to jane.doe@dreamworks.com (1 of 1)
Error: 600: Unknown Error: {'status': 403, 'body': '<HTML>\n<HEAD>\n<TITLE>You are not authorized to access this API</TITLE>\n</HEAD>\n<BODY BGCOLOR="#FFFFFF" TEXT="#000000">\n<H1>You are not authorized to access this API</H1>\n<H2>Error 403</H2>\n</BODY>\n</HTML>\n', 'reason': 'You are not authorized to access this API'}
I have setup a special role for these people with everything checked except for "Full Admin Rights". Anyone have any ideas?
Dave Kaminsky
Aug 20, 2013, 5:36:39 PM8/20/13
to google-ap...@googlegroups.com
what are there permissions in the admin panel?
If you go to admin roles you should find it there. I do not recall a "Calendar Admin Role" there may be a permissions combination to create one.
-Dave
--
You received this message because you are subscribed to the Google Groups "Google Apps Manager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To post to this group, send email to google-ap...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-apps-manager.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/5fef987c-6eaf-4f06-8ad1-836e3875302e%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Jay Lee
Aug 21, 2013, 7:11:30 AM8/21/13
to google-ap...@googlegroups.com
Only Super Admins can delegate mailboxes and calendars, there's no delegate setting for this privilege. However, you can create an oauth2.txt file with GAM, select only the email settings option and authenticate with a super admin account. Then give that file to the delegated admins. They'll be able to perform email settings actions with that token as super admins but won't have super admin access to other areas. They'll need to switch between tokens by changing their OAUTHFILE environment variable.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAFGH%2B0MACxf_OP9Dpq-o5dWOp0-yNTpKGAiTvktX5SqJVYzvdQ%40mail.gmail.com.
Raffi Parikian
Aug 21, 2013, 5:05:05 PM8/21/13
to google-ap...@googlegroups.com
Thanks Jay. I was hoping that was not the answer. where can I find out more about the OAUTHFILE variable and its usage?
Jay Lee
Aug 22, 2013, 8:46:48 AM8/22/13
to google-ap...@googlegroups.com
On Wednesday, August 21, 2013 5:05:05 PM UTC-4, Raffi Parikian wrote:
Thanks Jay. I was hoping that was not the answer. where can I find out more about the OAUTHFILE variable and its usage?
On Tuesday, August 20, 2013 2:26:04 PM UTC-7, Raffi Parikian wrote:
We have some admins who are not super admins and they need to setup people as delegates. They are unable to run the command. See below.
COMMANDgam user jane.doe delegate to john.doeERROR
Giving john...@dreamworks.com delegate access to jane.doe...@dreamworks.com (1 of 1)
Error: 600: Unknown Error: {'status': 403, 'body': '<HTML>\n<HEAD>\n<TITLE>You are not authorized to access this API</TITLE>\n</HEAD>\n<BODY BGCOLOR="#FFFFFF" TEXT="#000000">\n<H1>You are not authorized to access this API</H1>\n<H2>Error 403</H2>\n</BODY>\n</HTML>\n', 'reason': 'You are not authorized to access this API'}
Reply all
Reply to author
Forward
0 new messages