Email announcer

[Christian Holton]

Hi,

Historically, we've always had email groups that only allow owners or managers to send messages, for good reason. My boss swears up and down that there was a way to put people in a special group she calls email announcers that let people send to these protected groups as though they were a group owner or manager, but I can't figure out how.

Is there a way to do this in GAM?

--

	Christian Holton Senior Sysadmin
	(512) 486-9298 | christia...@portx.io

[Ross Scroggs]

It's not a concept I'm familiar with, have your boss identify the group for you.

Ross

----

Ross Scroggs

Ross.S...@gmail.com

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/CAFKj9Rgb4MDxY0Eza7ANrf2YbaeohWPZ1xebamM3jaFU2x0sJw%40mail.gmail.com.

[Ⓚ② Kevin Melillo]

If you create a group called annou...@domain.com then add that group as a manager to your other groups (and turn off email delivery of course), members of the annou...@domain.com group should be able to send to any group set for managers send.  I would test this thoroughly though.

To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/E4F1482C-426A-4685-A8A3-B57AE4D43181%40gmail.com.

[Danny Dillon - NOAA Affiliate]

Another alternative is to restrict manager access to an "announcer" account used for assigning delegates and sending to a set of groups. Delegates can also be managed via group membership. Delegates can then send that to the group as the "announcer."

Danny

To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/CAKM%3DboagrTomyNOd2_VZfJh%2B89Q9%2Bq7uLWc6u4r%3Dnu3s-zA8Gg%40mail.gmail.com.

[Christian Holton]

Thanks all!

@Danny, can you set a group as a delegate, e.g. annou...@email.com then add announcers to that group?

To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/CAPt271Z7U6fevaB6zPJECb%3DB-fEHQLiCmsKcFqfdULfVzFfdng%40mail.gmail.com.

[Danny Dillon - NOAA Affiliate]

We do exactly that, yes.

It has the advantage of granting send permissions without full group access.

Nested groups across "permission silos" are problematic.

Danny

To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/CAFKj9RiDEPCkWA_miDsR-VB9PH%3DO1tZj4yr8TKjZDz6n1HBpKw%40mail.gmail.com.

[Christian Holton]

something odd I noticed is that if I add email-an...@email.com to mana...@email.com, the only option I have for role is "member". I tried running the command:

gam update group _mana...@portx.io add Manager user _email-an...@portx.io

but GAM reports that _mana...@portx.io does not exist. FWIW, the announcer group is flagged as a security group while managers group is not.

To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/CAPt271bjbv9J-RWT1i_x_ctSOONWp0JGbuOjVGp7jsZiUXZxPQ%40mail.gmail.com.

[Danny Dillon - NOAA Affiliate]

I cannot speak to security groups, we have none. We manage groups externally and sync them with GCDS.

Here is how we do it.

The group to be restricted is set to all_managers_can_post

gam update group restricted.group@domain whocanpostmessage all_managers_can_post

A "broadcaster" account is assigned to the manager role of the group that needs restriction.

gam update group restricted.group@domain add manager broadcaster.account@domain  

( the word user is not needed between manager and addy above )

A populated group of broadcaster delegates is assigned AS a delegate OF the manager account.

gam user broadcaster.account@domain add delegate broadcaster.delegates@domain

The broadcaster.delegates@domain group members log in as themselves, and can then open the broadcaster.account@domain mailbox as a delegate. From that tab they can send to restricted.group@domain.

We do not provide login access to the broadcaster/manager accounts; our groups are managed externally.

We have 30+ sets of these manager/delegate.groups broadcasting to ~150 groups. 

Knowing what I know now, I would have done 8 orgs/sets, and cut out the suborgs.

Danny

To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/CAFKj9Rh2Fk0H0WW-zXWYTN7cAoMJV2wjjan1wq0eSQkmBTV6Dw%40mail.gmail.com.

[Christian Holton]

Perfect. Thanks Danny!

To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/CAPt271YKNB5vQGUD0-KJS%3D%3D%2B3gnWqah_r3kcqRbk1oiGshhfcA%40mail.gmail.com.