Update docs; improve error message on missing SA scope

docs/Authorization.md

@@ -340,8 +340,8 @@ Use an existing project to create and download two files: `client_secrets.json`
 * `<ServiceAccountDescription>` - `<ServiceAccountDisplayName>`
 
 ### Basic
-Use an existing project with default values for the service account. This is typically used when
+Use an existing uninitialized/uncredentialed project and configure it to be a GAM project; this typically used when
-the system administrators have created a basic project and you now want to configure it as a GAM project.
+the GCP  administrators have created a basic project because project creation is not available for most users.
 ```
 gam use project [<EmailAddress>] [project <ProjectID>]
 ```

docs/CSV-Input-Filtering.md

@@ -83,11 +83,17 @@ Name:value form.
 * Each `<FieldNameFilter>:<RowValueFilter>` pair should be enclosed in `'`.
 * If `<FieldNameFilter>` contains a `:` or a space, it should be enclosed in `\"`.
 * If `<RegularExpression>` or `<DataSelector>` in `<RowValueFilter>` contain a space, it should be enclosed in `\"`.
+* If `<FieldNameFilter>` or `<RegularExpression>` in `<RowValueFilter>` contain a `\` to escape a special character
+or enter a special sequence, enter `\\\` on Linux and Mac OS, `\\` on Windows,
 
-Example:
+Examples:
 ```
 csv_input_row_filter "'\"accounts:used_quota_in_mb\":count>15000'"
 csv_input_row_filter "'email:data:\"csvfile gsheet:email user@domain.com FileID Sheet1\"'"
+Linux and Mac OS
+csv_input_row_filter "'phones.\\\d+.value:regex:(?:^\\\(510\\\) )|(?:^510[- ])\\\d{3}-\\\d{4}'"
+Windows
+csv_input_row_filter "'phones.\\d+.value:regex:(?:^\\(510\\) )|(?:^510[- ])\\d{3}-\\d{4}'"
 ```
 JSON form.
 ```

docs/CSV-Output-Filtering.md

@@ -89,13 +89,16 @@ Name:value form.
 * If `<FieldNameFilter>` contains a `:` or a space, it should be enclosed in `\"`.
 * If `<RegularExpression>` or `<DataSelector>` in `<RowValueFilter>` contain a space, it should be enclosed in `\"`.
 * If `<FieldNameFilter>` or `<RegularExpression>` in `<RowValueFilter>` contain a `\` to escape a special character
-or enter a special sequence, enter `\\\`.
+or enter a special sequence, enter `\\\` on Linux and Mac OS, `\\` on Windows,
 
-Example:
+Examples:
 ```
 csv_output_row_filter "'\"accounts:used_quota_in_mb\":count>15000'"
 csv_output_row_filter "'email:data:\"csvfile gsheet:email user@domain.com FileID Sheet1\"'"
+Linux and Mac OS
 csv_output_row_filter "'phones.\\\d+.value:regex:(?:^\\\(510\\\) )|(?:^510[- ])\\\d{3}-\\\d{4}'"
+Windows
+csv_output_row_filter "'phones.\\d+.value:regex:(?:^\\(510\\) )|(?:^510[- ])\\d{3}-\\d{4}'"
 ```
 JSON form.
 ```

docs/Context-Aware-Access-Levels.md

@@ -23,7 +23,7 @@ gam update project
 ```
 
 ## API documentation
-* https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies/list
+* https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies
 
 ## Grant Service Account Rights to Manage CAA
 In order for GAM to manage CAA access levels, you need to grant your service account a special role for your GCP organization.

docs/Groups-Membership.md

@@ -1,5 +1,6 @@
  Groups - Membership
 - [API documentation](#api-documentation)
+- [Query documentation](#query-documentation)
 - [Python Regular Expressions](Python-Regular-Expressions) Match function
 - [Definitions](#definitions)
 - [Collections of Users](#collections-of-users)
@@ -18,6 +19,10 @@
 ## API documentation
 * https://developers.google.com/admin-sdk/directory/v1/reference/members
 
+## Query documentation
+* https://developers.google.com/admin-sdk/directory/v1/guides/search-groups
+* https://cloud.google.com/identity/docs/reference/rest/v1/groups#dynamicgroupquery
+
 ## Definitions
 See [Collections of Items](Collections-of-Items)
 ```

docs/Install-GAM-as-Python-Library.md

@@ -9,7 +9,7 @@ Scroll down to Install Git
 
 You can install GAM as a Python library with pip.
 ```
-pip install git+https://github.com/taers232c/GAMADV-XTD3.git#subdirectory=src --use-pep517
+pip install git+https://github.com/taers232c/GAMADV-XTD3.git#subdirectory=src
 ```
 
 Or as a PEP 508 Requirement Specifier, e.g. in requirements.txt file:
@@ -29,7 +29,7 @@ dependencies = [
 
 Target a specific revision or tag:
 ```
-advanced-gam-for-google-workspace @ git+https://github.com/taers232c/GAMADV-XTD3.git@v6.58.00#subdirectory=src
+advanced-gam-for-google-workspace @ git+https://github.com/taers232c/GAMADV-XTD3.git@v6.76.01#subdirectory=src
 ```
 
 ## Using the library

docs/Users-Gmail-Messages-Threads.md

@@ -556,6 +556,7 @@ By default, Gam displays all messages.
   * `labelmatchpattern xyz` - Label must start with xyz
   * `labelmatchpattern .*xyz.*` - Label must contain xyz
   * `labelmatchpattern .*xyz` - Label must end with xyz
+  * `labelmatchpattern ^xyz$` - Label must extctly match xyz
 * `sendermatchpattern <RegularExpression>` - Only display messages if the sender matches the `<RegularExpression>`
 
 When `matchlabel <LabelName>` is specified, the following characters are replaced with a `-` in the generated query.

src/gam/__init__.py

@@ -672,7 +672,7 @@ def SvcAcctAPIAccessDeniedExit():
   apiOrScopes = API.getAPIName(GM.Globals[GM.CURRENT_SVCACCT_API]) if GM.Globals[GM.CURRENT_SVCACCT_API] else ','.join(sorted(GM.Globals[GM.CURRENT_SVCACCT_API_SCOPES]))
   writeStderr(Msg.API_CHECK_SVCACCT_AUTHORIZATION.format(GM.Globals[GM.OAUTH2SERVICE_CLIENT_ID],
                                                          apiOrScopes,
-                                                         GM.Globals[GM.CURRENT_SVCACCT_USER] or 'user@domain.com'))
+                                                         GM.Globals[GM.CURRENT_SVCACCT_USER] or _getAdminEmail()))
   systemErrorExit(API_ACCESS_DENIED_RC, None)
 
 def SvcAcctAPIDisabledExit():