Improved adminrole commands

2025-05-11 11:47:21 +00:00 · 2025-05-05 21:33:02 -07:00 · 2025-05-05 21:33:02 -07:00 · b39a0efd83
commit b39a0efd83
parent bcd327a7f4
4 changed files with 42 additions and 16 deletions
--- a/wiki/Administrators.md
+++ b/wiki/Administrators.md
@ -7,13 +7,14 @@
 - [Create an administrator](#create-an-administrator)
 - [Delete an administrator](#delete-an-administrator)
 - [Display administrators](#display-administrators)
+- [Copy privileges from one role to a new role](#copy-privileges-from-one-role-to-a-new-role)
 - [Copy roles from one administrator to another](#copy-roles-from-one-administrator-to-another)

 ## API documentation
 * [About Administrator roles](https://support.google.com/a/answer/33325?ref_topic=4514341)
 * [Directory API - Privileges](https://developers.google.com/admin-sdk/directory/reference/rest/v1/privileges)
 * [Directory API - Roles](https://developers.google.com/admin-sdk/directory/reference/rest/v1/roles)
-* [Directory API - Role SAssignments](https://developers.google.com/admin-sdk/directory/reference/rest/v1/roleAssignments)
+* [Directory API - Role Assignments](https://developers.google.com/admin-sdk/directory/reference/rest/v1/roleAssignments)

 ## Definitions
 ```
@ -36,7 +37,7 @@ gam print privileges [todrive <ToDriveAttribute>*]
 gam show privileges
 ```

-Here is the output from `gam show privileges`; use this to find `<Privilege>`.
+Here is the output from `gam show privileges`; use this to find a specific `<Privilege>`.
 ```
 Show 111 Privileges
  Privilege: REPORTS_ACCESS (1/111)
@ -1381,24 +1382,33 @@ Show 111 Privileges

 ## Manage administrative roles
 ```
-gam create adminrole <String> privileges all|all_ou|<PrivilegeList> [description <String>]
-gam update adminrole <RoleItem> [name <String>] [privileges all|all_ou|<PrivilegeList>] [description <String>]
+gam create adminrole <String> [description <String>]
+        privileges all|all_ou|<PrivilegeList>|(select <FileSelector>|<CSVFileSelector>>)
+gam update adminrole <RoleItem> [name <String>] [description <String>]
+        [privileges all|all_ou|<PrivilegeList>|(select <FileSelector>|<CSVFileSelector>>)] 
 gam delete adminrole <RoleItem>
 ```
 * `privileges all` - All defined privileges
 * `privileges all_ou` - All defined privileges than can be scoped to an OU
 * `privileges <PrivilegeList>` - A specific list of privileges
+* `privileges select <FileSelector>|<CSVFileSelector>>` - A collection of privileges from a flat or CSV file

 ## Display administrative roles
 ```
 gam info adminrole <RoleItem> [privileges]
-gam print adminroles|roles [todrive <ToDriveAttribute>*]
-        [privileges] [oneitemperrow]
-gam show adminroles|roles [todrive <ToDriveAttribute>*] [privileges]
 ```
+* `privileges` - Display privileges associated with role
+```
+gam print adminroles|roles [todrive <ToDriveAttribute>*]
+        [role <RoleItem>] [privileges] [oneitemperrow]
+gam show adminroles|roles
+        [role <RoleItem>] [privileges]
+```
+By default, all roles are displayed, use `role <RoleItem>` to sisplay a specific role.
+
 * `privileges` - Display privileges associated with each role

-By default, all privileges for a role are shown on one row as a repeating item.
+By default, with `print`, all privileges for a role are shown on one row as a repeating item.
 When `oneitemperrow` is specified, each privilege is output on a separate row/line with the other role fields.

 ## Create an administrator
@ -1438,6 +1448,14 @@ options to limit the display:
 By default, all role privileges for an admin are shown on one row as a repeating item.
 When `oneitemperrow` is specified, each role privilege is output on a separate row/line with the other admin fields.

+## Copy privileges from one role to a new role
+Get privileges for existing role; replace Role Name with actual role name
+```
+gam redirect csv ./RolePrivileges.csv print adminrole role 'Role Name' privileges oneitemperrow
+
+# Create a new role with those privileges
+gam create adminrole "New Role Name" privileges select csvfile RolePrivileges.csv:privilegeName
+
 ## Copy roles from one administrator to another
 Get roles for current admin.
 ```
--- a/wiki/GamUpdates.md
+++ b/wiki/GamUpdates.md
@ -10,6 +10,14 @@ Add the `-s` option to the end of the above commands to suppress creating the `g

 See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation

+### 7.06.14
+
+Updated `create|update adminrole` to allow specifying a collection of privileges
+with `privileges select <FileSelector>|<CSVFileSelector>` which makes copying roles much simpler.
+
+Added option `role <RoleItem>` to `gam print|show adminroles` to allow display of information
+for a specific role.
+
 ### 7.06.13

 Updated `gam print group-members ... recursive` and `gam print cigroup-members ... recursive`
--- a/wiki/How-to-Upgrade-Legacy-GAM-to-GAM7.md
+++ b/wiki/How-to-Upgrade-Legacy-GAM-to-GAM7.md
@ -251,7 +251,7 @@ writes the credentials into the file oauth2.txt.
 admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
 admin@server:/Users/admin$ gam version
 WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
-GAM 7.06.13 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.14 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@ -989,7 +989,7 @@ writes the credentials into the file oauth2.txt.
 C:\>del C:\GAMConfig\oauth2.txt
 C:\>gam version
 WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
-GAM 7.06.13 - https://github.com/GAM-team/GAM - pythonsource
+GAM 7.06.14 - https://github.com/GAM-team/GAM - pythonsource
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 Windows-10-10.0.17134 AMD64
--- a/wiki/Version-and-Help.md
+++ b/wiki/Version-and-Help.md
@ -4,7 +4,7 @@ k
 Print the current version of Gam with details
 ```
 gam version
-GAM 7.06.13 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.14 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@ -16,7 +16,7 @@ Time: 2023-06-02T21:10:00-07:00
 Print the current version of Gam with details and time offset information
 ```
 gam version timeoffset
-GAM 7.06.13 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.14 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@ -28,7 +28,7 @@ Your system time differs from www.googleapis.com by less than 1 second
 Print the current version of Gam with extended details and SSL information
 ```
 gam version extended
-GAM 7.06.13 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.06.14 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64
@ -65,7 +65,7 @@ MacOS High Sierra 10.13.6 x86_64
 Path: /Users/Admin/bin/gam7
 Version Check:
  Current: 5.35.08
-   Latest: 7.06.13
+   Latest: 7.06.14
 echo $?
 1
 ```
@ -73,7 +73,7 @@ echo $?
 Print the current version number without details
 ```
 gam version simple
-7.06.13
+7.06.14
 ```
 In Linux/MacOS you can do:
 ```
@ -83,7 +83,7 @@ echo $VER
 Print the current version of Gam and address of this Wiki
 ```
 gam help
-GAM 7.06.13 - https://github.com/GAM-team/GAM
+GAM 7.06.14 - https://github.com/GAM-team/GAM
 GAM Team <google-apps-manager@googlegroups.com>
 Python 3.13.3 64-bit final
 MacOS Sequoia 15.4.1 x86_64