Installation with Custom Admin
176 views
Skip to first unread message
Brian Scheller
Aug 6, 2021, 10:19:40 AM8/6/21
to GAM for Google Workspace
I'm trying to do a fresh install with a custom admin role, which has the 'Delete' permission turned off in the API permissions for Users, Groups, and OU's, but when I get to the API Scopes section of the installation, I cannot enable permissions. When I click the link provided in the installation I get this error:
403. That’s an error.
We're sorry, but you do not have access to this page. That’s all we know.
Is there some other method I should be using to install with this custom admin role?
Jay Lee
Aug 6, 2021, 11:18:27 AM8/6/21
to google-ap...@googlegroups.com
Can you show what command you are running and a screenshot of the error page?
Jay Lee
--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/554b3a34-531f-459a-a090-fd5ab6c1d7dan%40googlegroups.com.
Jay Lee
Aug 6, 2021, 11:45:52 AM8/6/21
to google-ap...@googlegroups.com
That's the page for setting up domain-wide delegation and access to user data (Gmail, Drive, etc).
Are you sure you want the delegated admin to have that access?
In any case, you need to use a super admin account to grant the domain-wide delegation.
Jay Lee
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/799ff739-9ec7-41b7-b435-fd8f57ddd1ffn%40googlegroups.com.
Brian Scheller
Aug 6, 2021, 11:47:46 AM8/6/21
to GAM for Google Workspace
Oh ok, how can I grant access to this custom admin? The role has access to all API's except for delete, this is the setup we're looking for. If I use a super admin account to grant the delegation, will it give this install delete permissions?
Jay Lee
Aug 6, 2021, 1:30:42 PM8/6/21
to google-ap...@googlegroups.com
Run a gam command like:
gam info user
and authorize as the custom admin.
Jay Lee
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/004fbb20-9933-4036-9dab-4d9bd264111cn%40googlegroups.com.
Brian Scheller
Aug 6, 2021, 1:36:12 PM8/6/21
to GAM for Google Workspace
I can't run that command now, as I am still in the middle of the installation process. This is the state of GAM:
Are you ready to authorize GAM to manage Google Workspace user data and settings? (yes or no)
What are the next steps from here? I initiated the installation with the custom admin from the beginning.
Jay Lee
Aug 6, 2021, 1:40:01 PM8/6/21
to google-ap...@googlegroups.com
Say no. You don't want your custom admin to have access to user data.
Jay Lee
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/a6338cab-df99-4028-9b96-c32b21dc54e9n%40googlegroups.com.
Brian Scheller
Aug 6, 2021, 1:59:31 PM8/6/21
to GAM for Google Workspace
Perfect, thanks for walking me through this! Do you have a coffee fund anywhere? Your work and ongoing support is highly appreciated!
Marie Kennedy
Aug 6, 2021, 2:16:52 PM8/6/21
to GAM for Google Workspace
Coffee fund! I'd contribute! They have saved my bacon on more than one occasion. =)
~~~~~~~~~~~~~~~~~~~~~
Marie Kennedy
Systems Administrator
Oregon Trail School District
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/4604806a-b6dd-4e54-9737-d6a5f3c3f0f1n%40googlegroups.com.
Randy Wheaton
Jul 20, 2023, 2:43:27 PM7/20/23
to GAM for Google Workspace
Hi Jay,
If we wanted to delegate OU admin and other elevated permissions for the various OU's could we allow other helpdesk and admins run the various GAM commands without being a super admin. We are trying to build elevated access groups for a number of our agencies but need to reserver Super admin for a select few individuals. Is this possible and how could we accomplish this.
Ross Scroggs
Jul 20, 2023, 5:06:15 PM7/20/23
to google-ap...@googlegroups.com
Randy,
I'm in California and will be around for another hour today and then I'll be available tomorrow starting at 7:30 PDT.
Ross
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/d7380df8-0a01-4d62-973d-1b6389e0bc89n%40googlegroups.com.
Ross Scroggs
Randy Wheaton
Jul 20, 2023, 7:53:33 PM7/20/23
to google-ap...@googlegroups.com
Hey Ross
Thanks for reaching out and providing the link. My team will review snd setup a test environment to see if we can install gam and allow only those with elevated permissions to run the APIs. We dont want to give super admin to all our level 2 google admins who have various group, drive, and calendar permissions.
You received this message because you are subscribed to a topic in the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/KMuGjsA5ta0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAJkvRS_wCwSe%3Do%2BU7c-%2BnH1JYDGzSGyxh1iaHvu_MYfMpubabw%40mail.gmail.com.
Regards,
Randy Wheaton
Randy....@azdoa.gov
602-803-0629
“The impediment to action advances action. What stands in the way becomes the way.”
Randy Wheaton
Randy....@azdoa.gov
602-803-0629
“The impediment to action advances action. What stands in the way becomes the way.”
Reply all
Reply to author
Forward
0 new messages