Announcing new policy commands in GAM 7.00.27
367 views
Skip to first unread message
Jay Lee
Oct 23, 2024, 5:20:49 AM10/23/24
to google-ap...@googlegroups.com
I'm excited to announce that GAM 7.00.27 includes support for a new API to read a significant number of Workspace / Cloud Identity policies and settings. You can use the following commands to understand your domain's policies and settings.
gam print policies
gam show policies
More information about policy API is available in Google's developer documentation. These are the supported policies GAM can show today:
user_takeout_status (is takeout enabled for service)
blogger
books
location_history
maps
pay
photos
play
play_console
youtube
service_status (is service enabled)
ad_manager
ads
adsense
alerts
analytics
applied_digital_skills
appsheet
arts_and_culture
beyondcorp_enterprise
blogger
bookmarks
books
calendar
campaign_manager
chat
chrome_canvas
chrome_remote_desktop
chrome_sync
chrome_web_store
classroom
cloud
cloud_search
colab
cs_first
data_studio
developers
domains
drive_and_docs
earth
enterprise_service_restrictions
experimental_apps
feedburner
fi
gmail
groups
groups_for_business
jamboard
keep
location_history
managed_play
maps
material_gallery
meet
merchant_center
messages
migrate
my_business
my_maps
news
partner_dash
pay
pay_for_business
photos
pinpoint
play
play_books_partner_center
play_console
public_data
question_hub
scholar_profiles
search_ads_360
search_and_assistant
search_console
sites
socratic
takeout
tasks
third_party_app_backups
translate
trips
vault
voice
work_insights
youtube
calendar.appointment_schedules
enablePayments
chat.chat_apps_access
enableApps
enableWebhooks
chat.chat_file_sharing
externalFileSharing
internalFileSharing
chat.chat_history
enableChatHistory
historyOnByDefault
allowUserModification
chat.external_chat_restriction
allowExternalChat
chat.space_history
historyState
classroom.api_data_access
enableApiAccess
classroom.class_membership
whoCanJoinClasses
whichClassesCanUsersJoin
classroom.guardian_access
allowAccess
whoCanManageGuardianAccess
classroom.originality_reports
enableOriginalityReportsSchoolMatches
classroom.roster_import
rosterImportOption
classroom.student_unenrollment
whoCanUnenrollStudents
classroom.teacher_permissions
whoCanCreateClasses
cloud_sharing_options.cloud_data_sharing
sharingOptions
detector.regular_expression
displayName
regularExpression
createTime
updateTime
detector.word_list
displayName
wordList
createTime
updateTime
description
drive_and_docs.drive_for_desktop
allowDriveForDesktop
restrictToAuthorizedDevices
showDownloadLink
allowRealTimePresence
drive_and_docs.external_sharing
externalSharingMode
allowReceivingExternalFiles
warnForSharingOutsideAllowlistedDomains
allowReceivingFilesOutsideAllowlistedDomains
allowNonGoogleInvitesInAllowlistedDomains
warnForExternalSharing
allowNonGoogleInvites
allowPublishingFiles
accessCheckerSuggestions
allowedPartiesForDistributingContent
drive_and_docs.file_security_update
securityUpdate
allowUsersToManageUpdate
drive_and_docs.shared_drive_creation
allowSharedDriveCreation
orgUnitForNewSharedDrives
customOrgUnit
allowManagersToOverrideSettings
allowExternalUserAccess
allowNonMemberAccess
allowedPartiesForDownloadPrintCopy
allowContentManagersToShareFolders
gmail.auto_forwarding
enableAutoForwarding
gmail.confidential_mode
enableConfidentialMode
gmail.email_attachment_safety
enableEncryptedAttachmentProtection
encryptedAttachmentProtectionConsequence
enableAttachmentWithScriptsProtection
attachmentWithScriptsProtectionConsequence
enableAnomalousAttachmentProtection
anomalousAttachmentProtectionConsequence
allowedAnomalousAttachmentFiletypes
applyFutureRecommendedSettingsAutomatically
encryptedAttachmentProtectionQuarantineId
attachmentWithScriptsProtectionQuarantineId
anomalousAttachmentProtectionQuarantineId
gmail.email_image_proxy_bypass
imageProxyBypassPattern
enableImageProxy
gmail.enhanced_pre_delivery_message_scanning
enableImprovedSuspiciousContentDetection
gmail.enhanced_smime_encryption
enableSmimeEncryption
allowUserToUploadCertificates
gmail.gmail_name_format
allowCustomDisplayNames
defaultDisplayNameFormat
gmail.imap_access
enableImapAccess
gmail.links_and_external_images
enableShortenerScanning
enableExternalImageScanning
enableAggressiveWarningsOnUntrustedLinks
applyFutureSettingsAutomatically
gmail.per_user_outbound_gateway
allowUsersToUseExternalSmtpServers
gmail.pop_access
enablePopAccess
gmail.spoofing_and_authentication
detectDomainNameSpoofing
detectEmployeeNameSpoofing
detectDomainSpoofingFromUnauthenticatedSenders
detectUnauthenticatedEmails
domainNameSpoofingConsequence
employeeNameSpoofingConsequence
domainSpoofingConsequence
unauthenticatedEmailConsequence
detectGroupsSpoofing
groupsSpoofingVisibilityType
groupsSpoofingConsequence
applyFutureSettingsAutomatically
domainNameSpoofingQuarantineId
employeeNameSpoofingQuarantineId
domainSpoofingQuarantineId
unauthenticatedEmailQuarantineId
groupsSpoofingQuarantineId
gmail.user_email_uploads
enableMailAndContactsImport
gmail.workspace_sync_for_outlook
enableGoogleWorkspaceSyncForMicrosoftOutlook
groups_for_business.groups_sharing
ownersCanAllowIncomingMailFromPublic
collaborationCapability
createGroupsAccessLevel
ownersCanAllowExternalMembers
ownersCanHideGroups
newGroupsAreHidden
viewTopicsDefaultAccessLevel
meet.safety_access
meetingsAllowedToJoin
meet.safety_domain
usersAllowedToJoin
meet.safety_external_participants
enableExternalLabel
meet.safety_host_management
enableHostManagement
meet.video_recording
enableRecording
rule.dlp
displayName
description
triggers
condition
action
state
createTime
updateTime
ruleTypeMetadata
rule.system_defined_alerts
displayName
description
action
state
createTime
updateTime
security.advanced_protection_program
enableAdvancedProtectionSelfEnrollment
securityCodeOption
security.less_secure_apps
allowLessSecureApps
security.login_challenges
enableEmployeeIdChallenge
security.password
allowedStrength
minimumLength
maximumLength
enforceRequirementsAtLogin
allowReuse
expirationDuration
security.session_controls
webSessionDuration
security.super_admin_account_recovery
enableAccountRecovery
security.user_account_recovery
enableAccountRecovery
sites.sites_creation_and_modification
allowSitesCreation
allowSitesModification
workspace_marketplace.apps_allowlist
apps
blogger
books
location_history
maps
pay
photos
play
play_console
youtube
service_status (is service enabled)
ad_manager
ads
adsense
alerts
analytics
applied_digital_skills
appsheet
arts_and_culture
beyondcorp_enterprise
blogger
bookmarks
books
calendar
campaign_manager
chat
chrome_canvas
chrome_remote_desktop
chrome_sync
chrome_web_store
classroom
cloud
cloud_search
colab
cs_first
data_studio
developers
domains
drive_and_docs
earth
enterprise_service_restrictions
experimental_apps
feedburner
fi
gmail
groups
groups_for_business
jamboard
keep
location_history
managed_play
maps
material_gallery
meet
merchant_center
messages
migrate
my_business
my_maps
news
partner_dash
pay
pay_for_business
photos
pinpoint
play
play_books_partner_center
play_console
public_data
question_hub
scholar_profiles
search_ads_360
search_and_assistant
search_console
sites
socratic
takeout
tasks
third_party_app_backups
translate
trips
vault
voice
work_insights
youtube
calendar.appointment_schedules
enablePayments
chat.chat_apps_access
enableApps
enableWebhooks
chat.chat_file_sharing
externalFileSharing
internalFileSharing
chat.chat_history
enableChatHistory
historyOnByDefault
allowUserModification
chat.external_chat_restriction
allowExternalChat
chat.space_history
historyState
classroom.api_data_access
enableApiAccess
classroom.class_membership
whoCanJoinClasses
whichClassesCanUsersJoin
classroom.guardian_access
allowAccess
whoCanManageGuardianAccess
classroom.originality_reports
enableOriginalityReportsSchoolMatches
classroom.roster_import
rosterImportOption
classroom.student_unenrollment
whoCanUnenrollStudents
classroom.teacher_permissions
whoCanCreateClasses
cloud_sharing_options.cloud_data_sharing
sharingOptions
detector.regular_expression
displayName
regularExpression
createTime
updateTime
detector.word_list
displayName
wordList
createTime
updateTime
description
drive_and_docs.drive_for_desktop
allowDriveForDesktop
restrictToAuthorizedDevices
showDownloadLink
allowRealTimePresence
drive_and_docs.external_sharing
externalSharingMode
allowReceivingExternalFiles
warnForSharingOutsideAllowlistedDomains
allowReceivingFilesOutsideAllowlistedDomains
allowNonGoogleInvitesInAllowlistedDomains
warnForExternalSharing
allowNonGoogleInvites
allowPublishingFiles
accessCheckerSuggestions
allowedPartiesForDistributingContent
drive_and_docs.file_security_update
securityUpdate
allowUsersToManageUpdate
drive_and_docs.shared_drive_creation
allowSharedDriveCreation
orgUnitForNewSharedDrives
customOrgUnit
allowManagersToOverrideSettings
allowExternalUserAccess
allowNonMemberAccess
allowedPartiesForDownloadPrintCopy
allowContentManagersToShareFolders
gmail.auto_forwarding
enableAutoForwarding
gmail.confidential_mode
enableConfidentialMode
gmail.email_attachment_safety
enableEncryptedAttachmentProtection
encryptedAttachmentProtectionConsequence
enableAttachmentWithScriptsProtection
attachmentWithScriptsProtectionConsequence
enableAnomalousAttachmentProtection
anomalousAttachmentProtectionConsequence
allowedAnomalousAttachmentFiletypes
applyFutureRecommendedSettingsAutomatically
encryptedAttachmentProtectionQuarantineId
attachmentWithScriptsProtectionQuarantineId
anomalousAttachmentProtectionQuarantineId
gmail.email_image_proxy_bypass
imageProxyBypassPattern
enableImageProxy
gmail.enhanced_pre_delivery_message_scanning
enableImprovedSuspiciousContentDetection
gmail.enhanced_smime_encryption
enableSmimeEncryption
allowUserToUploadCertificates
gmail.gmail_name_format
allowCustomDisplayNames
defaultDisplayNameFormat
gmail.imap_access
enableImapAccess
gmail.links_and_external_images
enableShortenerScanning
enableExternalImageScanning
enableAggressiveWarningsOnUntrustedLinks
applyFutureSettingsAutomatically
gmail.per_user_outbound_gateway
allowUsersToUseExternalSmtpServers
gmail.pop_access
enablePopAccess
gmail.spoofing_and_authentication
detectDomainNameSpoofing
detectEmployeeNameSpoofing
detectDomainSpoofingFromUnauthenticatedSenders
detectUnauthenticatedEmails
domainNameSpoofingConsequence
employeeNameSpoofingConsequence
domainSpoofingConsequence
unauthenticatedEmailConsequence
detectGroupsSpoofing
groupsSpoofingVisibilityType
groupsSpoofingConsequence
applyFutureSettingsAutomatically
domainNameSpoofingQuarantineId
employeeNameSpoofingQuarantineId
domainSpoofingQuarantineId
unauthenticatedEmailQuarantineId
groupsSpoofingQuarantineId
gmail.user_email_uploads
enableMailAndContactsImport
gmail.workspace_sync_for_outlook
enableGoogleWorkspaceSyncForMicrosoftOutlook
groups_for_business.groups_sharing
ownersCanAllowIncomingMailFromPublic
collaborationCapability
createGroupsAccessLevel
ownersCanAllowExternalMembers
ownersCanHideGroups
newGroupsAreHidden
viewTopicsDefaultAccessLevel
meet.safety_access
meetingsAllowedToJoin
meet.safety_domain
usersAllowedToJoin
meet.safety_external_participants
enableExternalLabel
meet.safety_host_management
enableHostManagement
meet.video_recording
enableRecording
rule.dlp
displayName
description
triggers
condition
action
state
createTime
updateTime
ruleTypeMetadata
rule.system_defined_alerts
displayName
description
action
state
createTime
updateTime
security.advanced_protection_program
enableAdvancedProtectionSelfEnrollment
securityCodeOption
security.less_secure_apps
allowLessSecureApps
security.login_challenges
enableEmployeeIdChallenge
security.password
allowedStrength
minimumLength
maximumLength
enforceRequirementsAtLogin
allowReuse
expirationDuration
security.session_controls
webSessionDuration
security.super_admin_account_recovery
enableAccountRecovery
security.user_account_recovery
enableAccountRecovery
sites.sites_creation_and_modification
allowSitesCreation
allowSitesModification
workspace_marketplace.apps_allowlist
apps
Jay Lee
Marcus Jackson
Oct 23, 2024, 11:59:53 AM10/23/24
to google-ap...@googlegroups.com, Lucy Lang
--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CA%2BVVBp9-LPcf%3DPYJOdg5%3D6Ax633p9mwbJ3xbvy3DQ1sgXyCsyw%40mail.gmail.com.
Martin Främke
Oct 30, 2024, 1:26:17 AM10/30/24
to GAM for Google Workspace
Hi Jay,
I'm on GAM 7.00.28, but when I run
gam show policies
I get an error:
Policy Show Failed: Request had insufficient authentication scopes.
What am I missing? Doesn't this use the cloudidentiy API? I think that is enabled for me:
API: cloudidentity.googleapis.com, Already enabled (12/41)
Are there other steps to take? Is this because it is an open beta, and I have to opt in somehow?
Thanks for any help.
Cheers,
Ma♪ti♫
Jay Lee
Oct 30, 2024, 6:30:06 AM10/30/24
to google-ap...@googlegroups.com
Run:
gam oauth revoke
gam oauth create
To authorize the new scope.
Jay
International School of Hamburg
Hemmingstedter Weg 130
22609 Hamburg, Germany
+49 (0)40 8000 50 0
www.ishamburg.orgThank you for not printing this!
This message and any attachments are to be read only by intended recipients. If you are not the intended recipient, please inform the sender and delete this message and its contents from your system. Information in this message may be confidential, privileged, or copyrighted. Unauthorized copying, disclosure, or distribution of any of the contents of this message is prohibited and may be unlawful. Thank you for your understanding. Deutsche Übersetzung
Legal Identity: Internationale Schule Hamburg e.V., in...@ishamburg.org, VR 5935, Amtsgerichts Hamburg, USt.-IdNr.DE118716561. Dr. Alan Knobloch, Head of School. Monica Birkel, Board Chair. Michal Brylinski, Vice Chair.
Privacy Policy
--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/f839925f-3ebf-4ec6-a865-788a0a7dc77bn%40googlegroups.com.
Martin Främke
Oct 30, 2024, 7:38:58 AM10/30/24
to GAM for Google Workspace
Great! Thank you very much, Jay.
Cheers,
Ma♪ti♫
Ma♪ti♫
Reply all
Reply to author
Forward
0 new messages