Compare commits

...

31 Commits

Author SHA1 Message Date
Ross Scroggs
0781e27993 Fixed bug in gam update chromepolicy 2025-06-05 22:53:05 -07:00
Ross Scroggs
a441dddc06 Update Chrome-Policies.md 2025-06-05 22:47:12 -07:00
Ross Scroggs
4a42581e00 Update deprecated scopes checking
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
2025-06-05 08:55:54 -07:00
Ross Scroggs
de2bfb0d52 Update GamUpdates.md 2025-06-05 08:11:41 -07:00
Ross Scroggs
f418287e65 Fixed bug in gam print shareddriveorganizers that caused a trap when an organizer was a deleted user. 2025-06-05 08:11:34 -07:00
Ross Scroggs
fccf6c1278 Added enforce_expansive_access Boolean variable to gam.cfg 2025-06-04 17:35:19 -07:00
Ross Scroggs
ee874858b4 Added enforce_expansive_access Boolean variable to gam.cfg
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
2025-06-04 17:34:57 -07:00
Ross Scroggs
dde1354bd0 Remove IAM API from DWD 2025-06-03 18:17:37 -07:00
Ross Scroggs
c241c2744f Update GamUpdate.txt
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
2025-06-03 18:16:54 -07:00
Ross Scroggs
5ee1fa1b61 Merge branch 'main' of https://github.com/GAM-team/GAM 2025-06-03 18:13:14 -07:00
Ross Scroggs
f06944a1fa Remove IAM API from DWD 2025-06-03 18:13:11 -07:00
Jay Lee
27d4c37be3 [actions] rebuild for Python 3.13.4
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
2025-06-03 18:35:52 -04:00
Ross Scroggs
2f1a7eb347 Fixed bug in gam <UserTypeEntity> check|update serviceaccount 2025-06-02 16:18:38 -07:00
Ross Scroggs
a5818e144d Fixed bug in gam <UserTypeEntity> check|update serviceaccount
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
2025-06-02 16:18:08 -07:00
Ross Scroggs
4e6f1717fb Updated the defaults in gam print shareddriveorganizers to match the most common use case, not the script.
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
2025-06-02 12:50:20 -07:00
Ross Scroggs
9d347719c7 Updated the defaults in gam print shareddriveorganizers to match the most common use case, not the script. 2025-06-02 12:49:58 -07:00
Jay Lee
7235022a8e downscope IAM and off by default
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
2025-06-02 12:47:44 +00:00
Jay Lee
5db5dad576 fix CI Devices API scope 2025-06-02 12:35:50 +00:00
Ross Scroggs
72a6651a9f Update print shareddriveorganizers
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
2025-06-01 09:46:53 -07:00
Ross Scroggs
47f6dfc730 Update GamUpdates.md 2025-06-01 09:33:11 -07:00
Ross Scroggs
9e6c6138f8 Added option shareddrives to gam print shareddriveorganizers 2025-06-01 08:51:33 -07:00
Ross Scroggs
c4ec856a58 Added option shareddrives to gam print shareddriveorganizers 2025-06-01 08:51:08 -07:00
Ross Scroggs
2a32f6d2e4 teamdrive -> shareddrive
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
2025-05-31 21:13:22 -07:00
Ross Scroggs
afc6af68a4 Correct print shareddriveorganizers docs 2025-05-31 20:58:18 -07:00
Ross Scroggs
80ec0a739b Fix typo 2025-05-31 20:48:36 -07:00
Ross Scroggs
7a08fb0518 added gam print shareddriveorganizers 2025-05-31 15:03:45 -07:00
Ross Scroggs
3006d8dfe4 added gam print shareddriveorganizers 2025-05-31 15:03:13 -07:00
Ross Scroggs
f9ed16e2e3 Update Shared-Drives.md
Some checks failed
Push wiki / pushwiki (push) Has been cancelled
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
2025-05-30 17:16:29 -07:00
Ross Scroggs
9999adfb3a Update Users-Gmail-Delegates.md
Some checks failed
Push wiki / pushwiki (push) Has been cancelled
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
2025-05-30 10:46:04 -07:00
Ross Scroggs
f09a1e1bd6 Added option oneuserperrow to gam print devices 2025-05-30 06:22:49 -07:00
Ross Scroggs
a95da4e2ea Added option oneuserperrow to gam print devices 2025-05-30 06:22:30 -07:00
19 changed files with 865 additions and 181 deletions

View File

@@ -126,7 +126,7 @@ jobs:
with: with:
path: | path: |
cache.tar.xz cache.tar.xz
key: gam-${{ matrix.jid }}-20250422 key: gam-${{ matrix.jid }}-20250603
- name: Untar Cache archive - name: Untar Cache archive
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true' if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'

View File

@@ -1383,7 +1383,7 @@ gam show projects [[admin] <EmailAddress>] [all|<ProjectIDEntity>]
[states all|active|deleterequested] [showiampolicies 0|1|3] [states all|active|deleterequested] [showiampolicies 0|1|3]
gam print projects [[admin] <EmailAddress>] [all|<ProjectIDEntity>] [todrive <ToDriveAttribute>*] gam print projects [[admin] <EmailAddress>] [all|<ProjectIDEntity>] [todrive <ToDriveAttribute>*]
[states all|active|deleterequested] [showiampolicies 0|1|3 [onememberperrow]] [states all|active|deleterequested] [showiampolicies 0|1|3 [onememberperrow]]
[delimiter <Character>]] [[formatjson [quotechar <Character>]] [delimiter <Character>] [[formatjson [quotechar <Character>]]
gam info currentprojectid gam info currentprojectid
gam create|add svcacct [[admin] <EmailAddress>] [<ProjectIDEntity>] gam create|add svcacct [[admin] <EmailAddress>] [<ProjectIDEntity>]
@@ -4119,7 +4119,7 @@ gam print devices [todrive <ToDriveAttribute>*]
<DeviceFieldName>* [fields <DeviceFieldNameList>] [userfields <DeviceUserFieldNameList>] <DeviceFieldName>* [fields <DeviceFieldNameList>] [userfields <DeviceUserFieldNameList>]
[orderby <DeviceOrderByFieldName> [ascending|descending]] [orderby <DeviceOrderByFieldName> [ascending|descending]]
[all|company|personal|nocompanydevices|nopersonaldevices] [all|company|personal|nocompanydevices|nopersonaldevices]
[nodeviceusers] [nodeviceusers|oneuserperrow]
[formatjson [quotechar <Character>]] [formatjson [quotechar <Character>]]
[showitemcountonly] [showitemcountonly]
@@ -4819,6 +4819,17 @@ gam show shareddrives
[fields <SharedDriveFieldNameList>] [noorgunits [<Boolean>]] [fields <SharedDriveFieldNameList>] [noorgunits [<Boolean>]]
[formatjson] [noorgunits [<Boolean>]] [formatjson] [noorgunits [<Boolean>]]
gam print shareddriveorganizers [todrive <ToDriveAttribute>*]
[(shareddriveadminquery|query <QuerySharedDrive>) |
(shareddrives|teamdrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>)))]
[orgunit|org|ou <OrgUnitPath>]
[matchname <REMatchPattern>]
[domainlist <DomainList>]
[includetypes <OrganizerTypeList>]
[oneorganizer [<Boolean>]]
[shownorganizerdrives [false|true|only]]
[includefileorganizers [<Boolean>]]
[delimiter <Character>]
gam print oushareddrives [todrive <ToDriveAttribute>*] gam print oushareddrives [todrive <ToDriveAttribute>*]
[ou|org|orgunit <OrgUnitPath>] [ou|org|orgunit <OrgUnitPath>]
[formatjson [quotechar <Character>]] [formatjson [quotechar <Character>]]
@@ -8326,6 +8337,19 @@ gam <UserTypeEntity> show shareddrives
[fields <SharedDriveFieldNameList>] [noorgunits [<Boolean>]] [fields <SharedDriveFieldNameList>] [noorgunits [<Boolean>]]
[formatjson] [formatjson]
gam <UserTypeEntity> print shareddriveorganizers [todrive <ToDriveAttribute>*]
[adminaccess|asadmin]
[(shareddriveadminquery|query <QuerySharedDrive>) |
(shareddrives|teamdrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>)))]
[orgunit|org|ou <OrgUnitPath>]
[matchname <REMatchPattern>]
[domainlist <DomainList>]
[includetypes <OrganizerTypeList>]
[oneorganizer [<Boolean>]]
[shownorganizerdrives [false|true|only]]
[includefileorganizers [<Boolean>]]
[delimiter <Character>]
# Users - Force Signout and Turn Off 2-Step Verification # Users - Force Signout and Turn Off 2-Step Verification
gam <UserTypeEntity> signout gam <UserTypeEntity> signout

View File

@@ -1,3 +1,96 @@
7.09.01
Fixed bug in `gam <UserTypeEntity> print diskusage` where the `ownedByMe` column was
blank for the top folder.
Fixed bug in `gam update chromepolicy` where the following error was generated
when updating policies with simple numerical values.
```
ERROR: Missing argument: Expected <value>"
```
7.09.00
Removed the overly broad service account `IAM and Access Management API` scope `https://www.googleapis.com/auth/cloud-platform`
from DWD. The `gam <UserTypeEntity> check|Update serviceaccount` commands issue an error message if this scope
is enabled prompting you to update your service account authorization so that the scope can be removed.
GAM commands that need IAM access now use the more limited scope `https://www.googleapis.com/auth/iam` in a non-DWD manner.
Added `enforce_expansive_access` Boolean variable to `gam.cfg` that provides the default value
for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
It's default value is False.
```
gam <UserTypeEntity> delete permissions
gam <UserTypeEntity> delete drivefileacl
gam <UserTypeEntity> update drivefileacl
gam <UserTypeEntity> copy drivefile
gam <UserTypeEntity> move drivefile
gam <UserTypeEntity> transfer ownership
gam <UserTypeEntity> claim ownership
gam <UserTypeEntity> transfer drive
```
Fixed bug in `gam print shareddriveorganizers` that caused a trap when an organizer was a deleted user.
Updated to Python 3.13.4
7.08.02
Updated the defaults in `gam print shareddriveorganizers` to match the most common use case, not the script.
* `domainlist` - The workspace primary domain
* `includetypes` - user
* `oneorganizer` - True
* `shownoorganizerdrives` - True
* `includefileorganizers` - False
To select organizers from any domain, use: `domainlist ""`
These commands produce the same result.
```
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
```
7.08.01
Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to
`gam print shareddriveorganizers` that displays organizers for a specific list of Shared Drive IDs.
7.08.00
Added the following command that can be used instead of the `GetTeamDriveOrganizers.py` script.
```
gam [<UserTypeEntity>] print shareddriveorganizers [todrive <ToDriveAttribute>*]
[adminaccess|asadmin] [shareddriveadminquery|query <QuerySharedDrive>]
[orgunit|org|ou <OrgUnitPath>]
[matchname <REMatchPattern>]
[domainlist <DomainList>]
[includetypes <OrganizerTypeList>]
[oneorganizer [<Boolean>]]
[shownorganizerdrives [false|true|only]]
[includefileorganizers [<Boolean>]]
[delimiter <Character>]
```
The command defaults match the script defaults:
* `domainlist` - All domains
* `includetypes` - user,group
* `oneorganizer` - False
* `shownoorganizerdrives` - True
* `includefileorganizers` - False
For example, to get a single organizer from your domain for all Shared Drives including no organizer drives:
```
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
```
7.07.17
Added option `oneuserperrow` to `gam print devices` to have each of a
device's users displayed on a separate row with all of the other device fields.
7.07.16 7.07.16
Added `chromeostype`, `diskspaceusage` and `faninfo` to `<CrOSFieldName>` for use in `gam info|print cros`. Added `chromeostype`, `diskspaceusage` and `faninfo` to `<CrOSFieldName>` for use in `gam info|print cros`.

View File

@@ -11,7 +11,7 @@ if __name__ == '__main__':
# One time initialization # One time initialization
if platform.system() != 'Linux': if platform.system() != 'Linux':
multiprocessing.freeze_support() multiprocessing.freeze_support()
multiprocessing.set_start_method('spawn') multiprocessing.set_start_method('spawn', force=True)
initializeLogging() initializeLogging()
# #
CallGAMCommand(['gam', 'version']) CallGAMCommand(['gam', 'version'])

View File

@@ -11,5 +11,5 @@ from gam.__main__ import main
if __name__ == '__main__': if __name__ == '__main__':
if platform.system() != 'Linux': if platform.system() != 'Linux':
multiprocessing.freeze_support() multiprocessing.freeze_support()
multiprocessing.set_start_method('spawn') multiprocessing.set_start_method('spawn', force=True)
main() main()

View File

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
""" """
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>' __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
__version__ = '7.07.16' __version__ = '7.09.01'
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)' __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
#pylint: disable=wrong-import-position #pylint: disable=wrong-import-position
@@ -4785,6 +4785,7 @@ def defaultSvcAcctScopes():
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], False) scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], False)
saScopes = {} saScopes = {}
for scope in scopesList: for scope in scopesList:
if not scope.get('offByDefault'):
saScopes.setdefault(scope['api'], []) saScopes.setdefault(scope['api'], [])
saScopes[scope['api']].append(scope['scope']) saScopes[scope['api']].append(scope['scope'])
saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE) saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE)
@@ -12232,7 +12233,7 @@ def checkServiceAccount(users):
def authorizeScopes(message): def authorizeScopes(message):
long_url = ('https://admin.google.com/ac/owl/domainwidedelegation' long_url = ('https://admin.google.com/ac/owl/domainwidedelegation'
f'?clientScopeToAdd={",".join(checkScopes)}' f'?clientScopeToAdd={",".join(sorted(checkScopes))}'
f'&clientIdToAdd={service_account}&overwriteClientId=true') f'&clientIdToAdd={service_account}&overwriteClientId=true')
if GC.Values[GC.DOMAIN]: if GC.Values[GC.DOMAIN]:
long_url += f'&dn={GC.Values[GC.DOMAIN]}' long_url += f'&dn={GC.Values[GC.DOMAIN]}'
@@ -12244,10 +12245,12 @@ def checkServiceAccount(users):
allScopes = API.getSvcAcctScopes(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], Act.Get() == Act.UPDATE) allScopes = API.getSvcAcctScopes(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], Act.Get() == Act.UPDATE)
checkScopesSet = set() checkScopesSet = set()
saScopes = {} saScopes = {}
checkDeprecatedScopes = True
useColor = False useColor = False
while Cmd.ArgumentsRemaining(): while Cmd.ArgumentsRemaining():
myarg = getArgument() myarg = getArgument()
if myarg in {'scope', 'scopes'}: if myarg in {'scope', 'scopes'}:
checkDeprecatedScopes = False
for scope in getString(Cmd.OB_API_SCOPE_URL_LIST).lower().replace(',', ' ').split(): for scope in getString(Cmd.OB_API_SCOPE_URL_LIST).lower().replace(',', ' ').split():
api = API.getSvcAcctScopeAPI(scope) api = API.getSvcAcctScopeAPI(scope)
if api is not None: if api is not None:
@@ -12264,10 +12267,12 @@ def checkServiceAccount(users):
testPass = createGreenText('PASS') testPass = createGreenText('PASS')
testFail = createRedText('FAIL') testFail = createRedText('FAIL')
testWarn = createYellowText('WARN') testWarn = createYellowText('WARN')
testDeprecated = createRedText('DEPRECATED')
else: else:
testPass = 'PASS' testPass = 'PASS'
testFail = 'FAIL' testFail = 'FAIL'
testWarn = 'WARN' testWarn = 'WARN'
testDeprecated = 'DEPRECATED'
if Act.Get() == Act.CHECK: if Act.Get() == Act.CHECK:
if not checkScopesSet: if not checkScopesSet:
for scope in iter(GM.Globals[GM.SVCACCT_SCOPES].values()): for scope in iter(GM.Globals[GM.SVCACCT_SCOPES].values()):
@@ -12275,7 +12280,7 @@ def checkServiceAccount(users):
else: else:
if not checkScopesSet: if not checkScopesSet:
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], True) scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], True)
selectedScopes = getScopesFromUser(scopesList, False, GM.Globals[GM.SVCACCT_SCOPES]) selectedScopes = getScopesFromUser(scopesList, False, GM.Globals[GM.SVCACCT_SCOPES] if GM.Globals[GM.SVCACCT_SCOPES_DEFINED] else None)
if selectedScopes is None: if selectedScopes is None:
return False return False
i = 0 i = 0
@@ -12337,8 +12342,8 @@ def checkServiceAccount(users):
if saTokenStatus == testFail: if saTokenStatus == testFail:
invalidOauth2serviceJsonExit(f'Authentication{auth_error}') invalidOauth2serviceJsonExit(f'Authentication{auth_error}')
_getSvcAcctData() # needed to read in GM.OAUTH2SERVICE_JSON_DATA _getSvcAcctData() # needed to read in GM.OAUTH2SERVICE_JSON_DATA
if GM.Globals[GM.SVCACCT_SCOPES_DEFINED] and API.IAM not in GM.Globals[GM.SVCACCT_SCOPES]: if API.IAM not in GM.Globals[GM.SVCACCT_SCOPES]:
GM.Globals[GM.SVCACCT_SCOPES][API.IAM] = [API.CLOUD_PLATFORM_SCOPE] GM.Globals[GM.SVCACCT_SCOPES][API.IAM] = [API.IAM_SCOPE]
key_type = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA].get('key_type', 'default') key_type = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA].get('key_type', 'default')
if key_type == 'default': if key_type == 'default':
printMessage(Msg.SERVICE_ACCOUNT_CHECK_PRIVATE_KEY_AGE) printMessage(Msg.SERVICE_ACCOUNT_CHECK_PRIVATE_KEY_AGE)
@@ -12399,6 +12404,38 @@ def checkServiceAccount(users):
allScopesPass = False allScopesPass = False
printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}') printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
Ind.Decrement() Ind.Decrement()
if checkDeprecatedScopes:
deprecatedScopes = sorted(API.DEPRECATED_SCOPES)
jcount = len(deprecatedScopes)
printKeyValueListWithCount([Msg.DEPRECATED_SCOPES, '',
Ent.Singular(Ent.USER), user,
Ent.Choose(Ent.SCOPE, jcount), jcount],
i, count)
Ind.Increment()
j = 0
for scope in deprecatedScopes:
j += 1
# try with and without email scope
for scopes in [[scope, API.USERINFO_EMAIL_SCOPE], [scope]]:
try:
credentials = getSvcAcctCredentials(scopes, user)
credentials.refresh(request)
break
except (httplib2.HttpLib2Error, google.auth.exceptions.TransportError, RuntimeError) as e:
handleServerError(e)
except google.auth.exceptions.RefreshError:
continue
if credentials.token:
token_info = callGAPI(oa2, 'tokeninfo', access_token=credentials.token)
if scope in token_info.get('scope', '').split(' ') and user == token_info.get('email', user).lower():
scopeStatus = testDeprecated
allScopesPass = False
else:
scopeStatus = testPass
else:
scopeStatus = testPass
printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
Ind.Decrement()
service_account = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_id'] service_account = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_id']
if allScopesPass: if allScopesPass:
if Act.Get() == Act.CHECK: if Act.Get() == Act.CHECK:
@@ -17102,11 +17139,11 @@ DATA_TRANSFER_SORT_TITLES = ['id', 'requestTime', 'oldOwnerUserEmail', 'newOwner
# gam print datatransfers|transfers [todrive <ToDriveAttribute>*] # gam print datatransfers|transfers [todrive <ToDriveAttribute>*]
# [olduser|oldowner <UserItem>] [newuser|newowner <UserItem>] # [olduser|oldowner <UserItem>] [newuser|newowner <UserItem>]
# [status <String>] [delimiter <Character>]] # [status <String>] [delimiter <Character>]
# (addcsvdata <FieldName> <String>)* # (addcsvdata <FieldName> <String>)*
# gam show datatransfers|transfers # gam show datatransfers|transfers
# [olduser|oldowner <UserItem>] [newuser|newowner <UserItem>] # [olduser|oldowner <UserItem>] [newuser|newowner <UserItem>]
# [status <String>] [delimiter <Character>]] # [status <String>] [delimiter <Character>]
def doPrintShowDataTransfers(): def doPrintShowDataTransfers():
dt = buildGAPIObject(API.DATATRANSFER) dt = buildGAPIObject(API.DATATRANSFER)
apps = getTransferApplications(dt) apps = getTransferApplications(dt)
@@ -28081,6 +28118,7 @@ def simplifyChromeSchema(schema):
'settings': {} 'settings': {}
} }
fieldDescriptions = schema['fieldDescriptions'] fieldDescriptions = schema['fieldDescriptions']
savedSettingName = ''
for mtype in schema['definition']['messageType']: for mtype in schema['definition']['messageType']:
for setting in mtype['field']: for setting in mtype['field']:
setting_name = setting['name'] setting_name = setting['name']
@@ -28089,6 +28127,9 @@ def simplifyChromeSchema(schema):
'descriptions': [], 'descriptions': [],
'type': setting['type'], 'type': setting['type'],
} }
if setting_dict['type'] == 'TYPE_INT64' and savedSettingName:
setting_dict['name'] = savedSettingName
savedSettingName = ''
if setting_dict['type'] == 'TYPE_STRING' and setting.get('label') == 'LABEL_REPEATED': if setting_dict['type'] == 'TYPE_STRING' and setting.get('label') == 'LABEL_REPEATED':
setting_dict['type'] = 'TYPE_LIST' setting_dict['type'] = 'TYPE_LIST'
if setting_dict['type'] == 'TYPE_ENUM': if setting_dict['type'] == 'TYPE_ENUM':
@@ -28110,6 +28151,7 @@ def simplifyChromeSchema(schema):
break break
break break
elif setting_dict['type'] == 'TYPE_MESSAGE': elif setting_dict['type'] == 'TYPE_MESSAGE':
savedSettingName = setting_name
continue continue
else: else:
setting_dict['enums'] = None setting_dict['enums'] = None
@@ -28215,14 +28257,11 @@ def doDeleteChromePolicy():
entityActionFailedWarning(kvList, str(e)) entityActionFailedWarning(kvList, str(e))
CHROME_SCHEMA_SPECIAL_CASES = { CHROME_SCHEMA_SPECIAL_CASES = {
# duration
'chrome.users.AutoUpdateCheckPeriodNewV2': 'chrome.users.AutoUpdateCheckPeriodNewV2':
{'autoupdatecheckperiodminutesnew': {'autoupdatecheckperiodminutesnew':
{'casedField': 'autoUpdateCheckPeriodMinutesNew', {'casedField': 'autoUpdateCheckPeriodMinutesNew',
'type': 'duration', 'minVal': 1, 'maxVal': 720}}, 'type': 'duration', 'minVal': 1, 'maxVal': 720}},
'chrome.users.Avatar':
{'useravatarimage':
{'casedField': 'userAvatarImage',
'type': 'downloadUri'}},
'chrome.users.BrowserSwitcherDelayDurationV2': 'chrome.users.BrowserSwitcherDelayDurationV2':
{'browserswitcherdelayduration': {'browserswitcherdelayduration':
{'casedField': 'browserSwitcherDelayDuration', {'casedField': 'browserSwitcherDelayDuration',
@@ -28264,10 +28303,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
{'maxinvalidationfetchdelay': {'maxinvalidationfetchdelay':
{'casedField': 'maxInvalidationFetchDelay', {'casedField': 'maxInvalidationFetchDelay',
'type': 'duration', 'minVal': 1, 'maxVal': 30, 'default': 10}}, 'type': 'duration', 'minVal': 1, 'maxVal': 30, 'default': 10}},
'chrome.users.PrintingMaxSheetsAllowed':
{'printingmaxsheetsallowednullable':
{'casedField': 'printingMaxSheetsAllowedNullable',
'type': 'value', 'minVal': 1, 'maxVal': None}},
'chrome.users.PrintJobHistoryExpirationPeriodNewV2': 'chrome.users.PrintJobHistoryExpirationPeriodNewV2':
{'printjobhistoryexpirationperioddaysnew': {'printjobhistoryexpirationperioddaysnew':
{'casedField': 'printJobHistoryExpirationPeriodDaysNew', {'casedField': 'printJobHistoryExpirationPeriodDaysNew',
@@ -28291,10 +28326,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
'updatessuppressedstarttime': 'updatessuppressedstarttime':
{'casedField': 'updatesSuppressedStartTime', {'casedField': 'updatesSuppressedStartTime',
'type': 'timeOfDay'}}, 'type': 'timeOfDay'}},
'chrome.users.Wallpaper':
{'wallpaperimage':
{'casedField': 'wallpaperImage',
'type': 'downloadUri'}},
'chrome.devices.EnableReportUploadFrequencyV2': 'chrome.devices.EnableReportUploadFrequencyV2':
{'reportdeviceuploadfrequency': {'reportdeviceuploadfrequency':
{'casedField': 'reportDeviceUploadFrequency', {'casedField': 'reportDeviceUploadFrequency',
@@ -28303,10 +28334,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
{'uptimelimitduration': {'uptimelimitduration':
{'casedField': 'uptimeLimitDuration', {'casedField': 'uptimeLimitDuration',
'type': 'duration', 'minVal': 1, 'maxVal': 365}}, 'type': 'duration', 'minVal': 1, 'maxVal': 365}},
'chrome.devices.SignInWallpaperImage':
{'devicewallpaperimage':
{'casedField': 'deviceWallpaperImage',
'type': 'downloadUri'}},
'chrome.devices.kiosk.AcPowerSettingsV2': 'chrome.devices.kiosk.AcPowerSettingsV2':
{'acidletimeout': {'acidletimeout':
{'casedField': 'acIdleTimeout', {'casedField': 'acIdleTimeout',
@@ -28333,10 +28360,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
'batteryscreenofftimeout': 'batteryscreenofftimeout':
{'casedField': 'batteryScreenOffTimeout', {'casedField': 'batteryScreenOffTimeout',
'type': 'duration', 'minVal': 0, 'maxVal': 35000}}, 'type': 'duration', 'minVal': 0, 'maxVal': 35000}},
'chrome.devices.managedguest.Avatar':
{'useravatarimage':
{'casedField': 'userAvatarImage',
'type': 'downloadUri'}},
'chrome.devices.managedguest.BrowsingDataLifetimeV2': 'chrome.devices.managedguest.BrowsingDataLifetimeV2':
{'browsinghistoryttl': {'browsinghistoryttl':
{'casedField': 'browsingHistoryTtl', {'casedField': 'browsingHistoryTtl',
@@ -28378,6 +28401,56 @@ CHROME_SCHEMA_SPECIAL_CASES = {
{'sessiondurationlimit': {'sessiondurationlimit':
{'casedField': 'sessionDurationLimit', {'casedField': 'sessionDurationLimit',
'type': 'duration', 'minVal': 1, 'maxVal': 1440}}, 'type': 'duration', 'minVal': 1, 'maxVal': 1440}},
# value
'chrome.users.GaiaLockScreenOfflineSigninTimeLimitDays':
{'gaialockscreenofflinesignintimelimitdays':
{'casedField': 'gaiaLockScreenOfflineSigninTimeLimitDays',
'type': 'value', 'minVal': 0, 'maxVal': 365}},
'chrome.users.GaiaOfflineSigninTimeLimitDays':
{'gaiaofflinesignintimelimitdays':
{'casedField': 'gaiaOfflineSigninTimeLimitDays',
'type': 'value', 'minVal': 0, 'maxVal': 365}},
'chrome.users.PrintingMaxSheetsAllowed':
{'printingmaxsheetsallowednullable':
{'casedField': 'printingMaxSheetsAllowedNullable',
'type': 'value', 'minVal': 1, 'maxVal': None}},
'chrome.users.RemoteAccessHostClipboardSizeBytes':
{'remoteaccesshostclipboardsizebytes':
{'casedField': 'remoteAccessHostClipboardSizeBytes',
'type': 'value', 'minVal': 0, 'maxVal': 2147483647}},
'chrome.users.SamlLockScreenOfflineSigninTimeLimitDays':
{'samllockscreenofflinesignintimelimitdays':
{'casedField': 'samlLockScreenOfflineSigninTimeLimitDays',
'type': 'value', 'minVal': 0, 'maxVal': 365}},
'chrome.devices.ExtensionCacheSize':
{'extensioncachesize':
{'casedField': 'extensionCacheSize',
'type': 'value', 'minVal': 1048576, 'maxVal': None, 'default': 268435456}},
'chrome.devices.managedguest.PrintingMaxSheetsAllowed':
{'printingmaxsheetsallowednullable':
{'casedField': 'printingMaxSheetsAllowedNullable',
'type': 'value', 'minVal': 1, 'maxVal': None}},
'chrome.devices.managedguest.RemoteAccessHostClipboardSizeBytes':
{'remoteaccesshostclipboardsizebytes':
{'casedField': 'remoteAccessHostClipboardSizeBytes',
'type': 'value', 'minVal': 0, 'maxVal': 2147483647}},
# downloadUri
'chrome.users.Avatar':
{'useravatarimage':
{'casedField': 'userAvatarImage',
'type': 'downloadUri'}},
'chrome.users.Wallpaper':
{'wallpaperimage':
{'casedField': 'wallpaperImage',
'type': 'downloadUri'}},
'chrome.devices.SignInWallpaperImage':
{'devicewallpaperimage':
{'casedField': 'deviceWallpaperImage',
'type': 'downloadUri'}},
'chrome.devices.managedguest.Avatar':
{'useravatarimage':
{'casedField': 'userAvatarImage',
'type': 'downloadUri'}},
'chrome.devices.managedguest.Wallpaper': 'chrome.devices.managedguest.Wallpaper':
{'wallpaperimage': {'wallpaperimage':
{'casedField': 'wallpaperImage', {'casedField': 'wallpaperImage',
@@ -29587,7 +29660,7 @@ DEVICE_ORDERBY_CHOICE_MAP = {
# <DeviceFieldName>* [fields <DeviceFieldNameList>] [userfields <DeviceUserFieldNameList>] # <DeviceFieldName>* [fields <DeviceFieldNameList>] [userfields <DeviceUserFieldNameList>]
# [orderby <DeviceOrderByFieldName> [ascending|descending]] # [orderby <DeviceOrderByFieldName> [ascending|descending]]
# [all|company|personal|nocompanydevices|nopersonaldevices] # [all|company|personal|nocompanydevices|nopersonaldevices]
# [nodeviceusers] # [nodeviceusers|oneuserperrow]
# [formatjson [quotechar <Character>]] # [formatjson [quotechar <Character>]]
# [showitemcountonly] # [showitemcountonly]
def doPrintCIDevices(): def doPrintCIDevices():
@@ -29603,7 +29676,7 @@ def doPrintCIDevices():
queries = [None] queries = [None]
view, entityType = DEVICE_VIEW_CHOICE_MAP['all'] view, entityType = DEVICE_VIEW_CHOICE_MAP['all']
getDeviceUsers = True getDeviceUsers = True
showItemCountOnly = False oneUserPerRow = showItemCountOnly = False
while Cmd.ArgumentsRemaining(): while Cmd.ArgumentsRemaining():
myarg = getArgument() myarg = getArgument()
if csvPF and myarg == 'todrive': if csvPF and myarg == 'todrive':
@@ -29618,6 +29691,8 @@ def doPrintCIDevices():
view, entityType = DEVICE_VIEW_CHOICE_MAP[myarg] view, entityType = DEVICE_VIEW_CHOICE_MAP[myarg]
elif myarg == 'nodeviceusers': elif myarg == 'nodeviceusers':
getDeviceUsers = False getDeviceUsers = False
elif myarg in {'oneuserperrow', 'oneitemperrow'}:
getDeviceUsers = oneUserPerRow = True
elif getFieldsList(myarg, DEVICE_FIELDS_CHOICE_MAP, fieldsList, initialField='name'): elif getFieldsList(myarg, DEVICE_FIELDS_CHOICE_MAP, fieldsList, initialField='name'):
pass pass
elif getFieldsList(myarg, DEVICEUSER_FIELDS_CHOICE_MAP, userFieldsList, initialField='name', fieldsArg='userfields'): elif getFieldsList(myarg, DEVICEUSER_FIELDS_CHOICE_MAP, userFieldsList, initialField='name', fieldsArg='userfields'):
@@ -29631,6 +29706,8 @@ def doPrintCIDevices():
fields = getItemFieldsFromFieldsList('devices', fieldsList) fields = getItemFieldsFromFieldsList('devices', fieldsList)
userFields = getItemFieldsFromFieldsList('deviceUsers', userFieldsList) userFields = getItemFieldsFromFieldsList('deviceUsers', userFieldsList)
substituteQueryTimes(queries, queryTimes) substituteQueryTimes(queries, queryTimes)
if FJQC.formatJSON and oneUserPerRow:
csvPF.SetJSONTitles(['name', 'user.name', 'JSON'])
itemCount = 0 itemCount = 0
for query in queries: for query in queries:
printGettingAllAccountEntities(entityType, query) printGettingAllAccountEntities(entityType, query)
@@ -29672,6 +29749,7 @@ def doPrintCIDevices():
except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied) as e: except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied) as e:
entityActionFailedWarning([entityType, None], str(e)) entityActionFailedWarning([entityType, None], str(e))
for device in devices: for device in devices:
if not oneUserPerRow or 'users' not in device:
row = flattenJSON(device, timeObjects=DEVICE_TIME_OBJECTS) row = flattenJSON(device, timeObjects=DEVICE_TIME_OBJECTS)
if not FJQC.formatJSON: if not FJQC.formatJSON:
csvPF.WriteRowTitles(row) csvPF.WriteRowTitles(row)
@@ -29679,6 +29757,18 @@ def doPrintCIDevices():
csvPF.WriteRowNoFilter({'name': device['name'], csvPF.WriteRowNoFilter({'name': device['name'],
'JSON': json.dumps(cleanJSON(device, timeObjects=DEVICE_TIME_OBJECTS), 'JSON': json.dumps(cleanJSON(device, timeObjects=DEVICE_TIME_OBJECTS),
ensure_ascii=False, sort_keys=True)}) ensure_ascii=False, sort_keys=True)})
else:
deviceUsers = device.pop('users')
baserow = flattenJSON(device, timeObjects=DEVICE_TIME_OBJECTS)
for deviceUser in deviceUsers:
row = flattenJSON({'user': deviceUser}, flattened=baserow.copy(), timeObjects=DEVICE_TIME_OBJECTS)
if not FJQC.formatJSON:
csvPF.WriteRowTitles(row)
elif csvPF.CheckRowTitles(row):
device['user'] = deviceUser
csvPF.WriteRowNoFilter({'name': device['name'], 'user.name': deviceUser['name'],
'JSON': json.dumps(cleanJSON(device, timeObjects=DEVICE_TIME_OBJECTS),
ensure_ascii=False, sort_keys=True)})
if showItemCountOnly: if showItemCountOnly:
writeStdout(f'{itemCount}\n') writeStdout(f'{itemCount}\n')
return return
@@ -57242,6 +57332,7 @@ def printDiskUsage(users):
topFolder['path'] = f'{SHARED_DRIVES}{pathDelimiter}{topFolder["name"]}' topFolder['path'] = f'{SHARED_DRIVES}{pathDelimiter}{topFolder["name"]}'
else: else:
topFolder['path'] = topFolder['name'] topFolder['path'] = topFolder['name']
topFolder.pop('ownedByMe', None)
elif topFolder['name'] == MY_DRIVE and not topFolder.get('parents'): elif topFolder['name'] == MY_DRIVE and not topFolder.get('parents'):
topFolder['path'] = MY_DRIVE topFolder['path'] = MY_DRIVE
else: else:
@@ -57252,7 +57343,6 @@ def printDiskUsage(users):
if owners: if owners:
topFolder['Owner'] = owners[0].get('emailAddress', 'Unknown') topFolder['Owner'] = owners[0].get('emailAddress', 'Unknown')
trashFolder['Owner'] = topFolder['Owner'] trashFolder['Owner'] = topFolder['Owner']
topFolder.pop('ownedByMe', None)
topFolder.pop('parents', None) topFolder.pop('parents', None)
topFolder.update(zeroFolderInfo) topFolder.update(zeroFolderInfo)
topFolder.pop(sizeField, None) topFolder.pop(sizeField, None)
@@ -58699,7 +58789,7 @@ def initCopyMoveOptions(copyCmd):
'showPermissionMessages': False, 'showPermissionMessages': False,
'sendEmailIfRequired': False, 'sendEmailIfRequired': False,
'useDomainAdminAccess': False, 'useDomainAdminAccess': False,
'enforceExpansiveAccess': False, 'enforceExpansiveAccess': GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS],
'copiedShortcutsPointToCopiedFiles': True, 'copiedShortcutsPointToCopiedFiles': True,
'createShortcutsForNonmovableFiles': False, 'createShortcutsForNonmovableFiles': False,
'duplicateFiles': DUPLICATE_FILE_OVERWRITE_OLDER, 'duplicateFiles': DUPLICATE_FILE_OVERWRITE_OLDER,
@@ -62079,7 +62169,8 @@ def transferDrive(users):
targetUserFolderPattern = '#user# old files' targetUserFolderPattern = '#user# old files'
targetUserOrphansFolderPattern = '#user# orphaned files' targetUserOrphansFolderPattern = '#user# orphaned files'
targetIds = [None, None] targetIds = [None, None]
createShortcutsForNonmovableFiles = enforceExpansiveAccess = False createShortcutsForNonmovableFiles = False
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
mergeWithTarget = False mergeWithTarget = False
thirdPartyOwners = {} thirdPartyOwners = {}
skipFileIdEntity = initDriveFileEntity() skipFileIdEntity = initDriveFileEntity()
@@ -62385,7 +62476,8 @@ def transferOwnership(users):
body = {} body = {}
newOwner = getEmailAddress() newOwner = getEmailAddress()
OBY = OrderBy(DRIVEFILE_ORDERBY_CHOICE_MAP) OBY = OrderBy(DRIVEFILE_ORDERBY_CHOICE_MAP)
changeParents = enforceExpansiveAccess = filepath = includeTrashed = noRecursion = False changeParents = filepath = includeTrashed = noRecursion = False
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
pathDelimiter = '/' pathDelimiter = '/'
csvPF = fileTree = None csvPF = fileTree = None
addParents = '' addParents = ''
@@ -62711,7 +62803,8 @@ def claimOwnership(users):
onlyOwners = set() onlyOwners = set()
skipOwners = set() skipOwners = set()
subdomains = [] subdomains = []
enforceExpansiveAccess = filepath = includeTrashed = False filepath = includeTrashed = False
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
pathDelimiter = '/' pathDelimiter = '/'
addParents = '' addParents = ''
parentBody = {} parentBody = {}
@@ -63486,7 +63579,7 @@ def doCreateDriveFileACL():
def updateDriveFileACLs(users, useDomainAdminAccess=False): def updateDriveFileACLs(users, useDomainAdminAccess=False):
fileIdEntity = getDriveFileEntity() fileIdEntity = getDriveFileEntity()
isEmail, permissionId = getPermissionId() isEmail, permissionId = getPermissionId()
enforceExpansiveAccess = None enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
removeExpiration = showTitles = updateSheetProtectedRanges = False removeExpiration = showTitles = updateSheetProtectedRanges = False
showDetails = True showDetails = True
csvPF = None csvPF = None
@@ -63524,9 +63617,6 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess) _checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
if 'role' not in body: if 'role' not in body:
missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}') missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}')
updateKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
if enforceExpansiveAccess is not None:
updateKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects() printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects()
if csvPF and showTitles: if csvPF and showTitles:
csvPF.AddTitles(fileNameTitle) csvPF.AddTitles(fileNameTitle)
@@ -63564,7 +63654,7 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
permission = callGAPI(drive.permissions(), 'update', permission = callGAPI(drive.permissions(), 'update',
bailOnInternalError=True, bailOnInternalError=True,
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE], throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
**updateKwargs, useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration, fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration,
transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True) transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True)
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET: if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
@@ -63815,7 +63905,7 @@ def doCreatePermissions():
def deleteDriveFileACLs(users, useDomainAdminAccess=False): def deleteDriveFileACLs(users, useDomainAdminAccess=False):
fileIdEntity = getDriveFileEntity() fileIdEntity = getDriveFileEntity()
isEmail, permissionId = getPermissionId() isEmail, permissionId = getPermissionId()
enforceExpansiveAccess = None enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
showTitles = updateSheetProtectedRanges = False showTitles = updateSheetProtectedRanges = False
while Cmd.ArgumentsRemaining(): while Cmd.ArgumentsRemaining():
myarg = getArgument() myarg = getArgument()
@@ -63830,9 +63920,6 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
else: else:
unknownArgumentExit() unknownArgumentExit()
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess) _checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
deleteKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
if enforceExpansiveAccess is not None:
deleteKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
i, count, users = getEntityArgument(users) i, count, users = getEntityArgument(users)
for user in users: for user in users:
i += 1 i += 1
@@ -63865,7 +63952,7 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
break break
callGAPI(drive.permissions(), 'delete', callGAPI(drive.permissions(), 'delete',
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE], throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
**deleteKwargs, useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
fileId=fileId, permissionId=permissionId, supportsAllDrives=True) fileId=fileId, permissionId=permissionId, supportsAllDrives=True)
entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount) entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount)
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET: if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
@@ -63944,7 +64031,7 @@ def deletePermissions(users, useDomainAdminAccess=False):
jsonData = getJSON([]) jsonData = getJSON([])
PM = PermissionMatch() PM = PermissionMatch()
PM.SetDefaultMatch(False, {'role': 'owner'}) PM.SetDefaultMatch(False, {'role': 'owner'})
enforceExpansiveAccess = False enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
while Cmd.ArgumentsRemaining(): while Cmd.ArgumentsRemaining():
myarg = getArgument() myarg = getArgument()
if myarg in ADMIN_ACCESS_OPTIONS: if myarg in ADMIN_ACCESS_OPTIONS:
@@ -66033,6 +66120,191 @@ def printShowSharedDriveACLs(users, useDomainAdminAccess=False):
def doPrintShowSharedDriveACLs(): def doPrintShowSharedDriveACLs():
printShowSharedDriveACLs([_getAdminEmail()], True) printShowSharedDriveACLs([_getAdminEmail()], True)
PRINT_ORGANIZER_TYPES = {'group', 'user'}
# gam [<UserTypeEntity>] print shareddriveorganizers [todrive <ToDriveAttribute>*]
# [adminaccess|asadmin]
# [(shareddriveadminquery|query <QuerySharedDrive>) |
# (shareddrives|teamdrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>)))]
# [matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
# [domainlist <DomainList>]
# [includetypes user|group]
# [oneorganizer [<Boolean>]]
# [shownorganizerdrives false|true|only]
# [includefileorganizers [<Boolean>]]
# [delimiter <Character>]
def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
csvPF = CSVPrintFile(['id', 'name', 'organizers', 'createdTime'], 'sortall')
delimiter = GC.Values[GC.CSV_OUTPUT_FIELD_DELIMITER]
roles = set(['organizer'])
includeTypes = set()
showNoOrganizerDrives = SHOW_NO_PERMISSIONS_DRIVES_CHOICE_MAP['false']
fieldsList = ['role', 'type', 'emailAddress']
cd = entityList = orgUnitId = query = matchPattern = None
domainList = [GC.Values[GC.DOMAIN]]
oneOrganizer = True
while Cmd.ArgumentsRemaining():
myarg = getArgument()
if csvPF and myarg == 'todrive':
csvPF.GetTodriveParameters()
elif myarg == 'delimiter':
delimiter = getCharacter()
elif myarg in {'shareddrive', 'shareddrives', 'teamdrive', 'teamdrives'}:
sharedDriveArg = myarg
itemList = getString(Cmd.OB_SHAREDDRIVE_ID_LIST)
if itemList != 'select':
entityList = itemList.replace(',', ' ').split()
else:
entityList = getEntityList(Cmd.OB_SHAREDDRIVE_ID_LIST)
elif myarg in {'teamdriveadminquery', 'shareddriveadminquery', 'query'}:
queryArg = myarg
queryLocation = Cmd.Location()
query = getString(Cmd.OB_QUERY, minLen=0) or None
if query:
query = mapQueryRelativeTimes(query, ['createdTime'])
elif myarg == 'matchname':
matchPattern = getREPattern(re.IGNORECASE)
elif myarg in {'ou', 'org', 'orgunit'}:
orgLocation = Cmd.Location()
if cd is None:
cd = buildGAPIObject(API.DIRECTORY)
orgUnitPath, orgUnitId = getOrgUnitId(cd)
orgUnitId = orgUnitId[3:]
orgUnitInfo = {'orgUnit': orgUnitPath, 'orgUnitId': orgUnitId}
elif myarg in ADMIN_ACCESS_OPTIONS:
useDomainAdminAccess = True
elif myarg == 'domainlist':
domainList = set(getString(Cmd.OB_DOMAIN_NAME_LIST, minLen=0).replace(',', ' ').lower().split())
elif myarg == 'includetypes':
for itype in getString(Cmd.OB_ORGANIZER_TYPE_LIST).lower().replace(',', ' ').split():
if itype in PRINT_ORGANIZER_TYPES:
includeTypes.add(itype)
else:
invalidChoiceExit(itype, PRINT_ORGANIZER_TYPES, True)
elif myarg == 'oneorganizer':
oneOrganizer = getBoolean()
elif myarg == 'shownoorganizerdrives':
showNoOrganizerDrives = getChoice(SHOW_NO_PERMISSIONS_DRIVES_CHOICE_MAP, defaultChoice=1, mapChoice=True)
elif myarg in {'includefileorganizers', 'includecontentmanagers'}:
if getBoolean():
roles.add('fileOrganizer')
else:
unknownArgumentExit()
if query:
if not useDomainAdminAccess:
Cmd.SetLocation(queryLocation-1)
usageErrorExit(Msg.ONLY_ADMINISTRATORS_CAN_PERFORM_SHARED_DRIVE_QUERIES)
if entityList:
Cmd.SetLocation(queryLocation-1)
usageErrorExit(Msg.ARE_MUTUALLY_EXCLUSIVE.format(queryArg, sharedDriveArg))
if orgUnitId is not None:
if not useDomainAdminAccess:
Cmd.SetLocation(orgLocation-1)
usageErrorExit(Msg.ONLY_ADMINISTRATORS_CAN_SPECIFY_SHARED_DRIVE_ORGUNIT)
csvPF.AddTitles(['orgUnit', 'orgUnitId'])
if not includeTypes:
includeTypes = set(['user'])
fields = getItemFieldsFromFieldsList('permissions', fieldsList, True)
i, count, users = getEntityArgument(users)
for user in users:
i += 1
user, drive = buildGAPIServiceObject(API.DRIVE3, user, i, count)
if not drive:
continue
if entityList is None:
if useDomainAdminAccess:
printGettingAllAccountEntities(Ent.SHAREDDRIVE, query)
pageMessage = getPageMessage()
else:
printGettingAllEntityItemsForWhom(Ent.SHAREDDRIVE, user, i, count, query)
pageMessage = getPageMessageForWhom()
try:
feed = callGAPIpages(drive.drives(), 'list', 'drives',
pageMessage=pageMessage,
throwReasons=GAPI.DRIVE_USER_THROW_REASONS+[GAPI.INVALID_QUERY, GAPI.INVALID,
GAPI.QUERY_REQUIRES_ADMIN_CREDENTIALS,
GAPI.NO_LIST_TEAMDRIVES_ADMINISTRATOR_PRIVILEGE,
GAPI.FILE_NOT_FOUND],
q=query, useDomainAdminAccess=useDomainAdminAccess,
fields='nextPageToken,drives(id,name,createdTime,orgUnitId)', pageSize=100)
except (GAPI.invalidQuery, GAPI.invalid, GAPI.queryRequiresAdminCredentials,
GAPI.noListTeamDrivesAdministratorPrivilege, GAPI.fileNotFound) as e:
entityActionFailedWarning([Ent.USER, user, Ent.SHAREDDRIVE, None], str(e), i, count)
continue
except (GAPI.serviceNotAvailable, GAPI.authError, GAPI.domainPolicy) as e:
userDriveServiceNotEnabledWarning(user, str(e), i, count)
continue
else:
feed = []
jcount = len(entityList)
j = 0
for driveId in entityList:
j +=1
try:
feed.append(callGAPI(drive.drives(), 'get',
throwReasons=GAPI.DRIVE_USER_THROW_REASONS+[GAPI.NOT_FOUND],
useDomainAdminAccess=useDomainAdminAccess,
driveId=driveId, fields='id,name,createdTime,orgUnitId'))
except (GAPI.fileNotFound, GAPI.notFound) as e:
entityActionNotPerformedWarning([Ent.USER, user, Ent.SHAREDDRIVE_ID, driveId], str(e), j, jcount)
continue
except (GAPI.serviceNotAvailable, GAPI.authError, GAPI.domainPolicy) as e:
userDriveServiceNotEnabledWarning(user, str(e), i, count)
break
matchFeed = []
jcount = len(feed)
j = 0
for shareddrive in feed:
j += 1
if ((matchPattern is not None and matchPattern.match(shareddrive['name']) is None) or
(orgUnitId is not None and orgUnitId != shareddrive.get('orgUnitId'))):
continue
printGettingAllEntityItemsForWhom(Ent.PERMISSION, shareddrive['name'], j, jcount)
shareddrive['createdTime'] = formatLocalTime(shareddrive['createdTime'])
shareddrive['organizers'] = []
try:
permissions = callGAPIpages(drive.permissions(), 'list', 'permissions',
pageMessage=getPageMessageForWhom(),
throwReasons=GAPI.DRIVE3_GET_ACL_REASONS,
retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
useDomainAdminAccess=useDomainAdminAccess,
fileId=shareddrive['id'], fields=fields, supportsAllDrives=True)
for permission in permissions:
if permission['type'] in includeTypes and permission['role'] in roles and permission.get('emailAddress', ''):
if domainList:
_, domain = permission['emailAddress'].lower().split('@', 1)
if domain not in domainList:
continue
shareddrive['organizers'].append(permission['emailAddress'])
if oneOrganizer:
break
if not shareddrive['organizers']:
if showNoOrganizerDrives == 0: # no organizers and showNoOrganizerDrives False - ignore
continue
matchFeed.append(shareddrive) # no organizers and showNoOrganizerDrives Only/True - keep
continue
if showNoOrganizerDrives < 0: # organizers and showNoOrganizerDrives Only/True - ignore
continue
matchFeed.append(shareddrive)
except (GAPI.fileNotFound, GAPI.forbidden, GAPI.internalError,
GAPI.insufficientAdministratorPrivileges, GAPI.insufficientFilePermissions,
GAPI.unknownError, GAPI.invalid):
pass
if len(matchFeed) == 0:
setSysExitRC(NO_ENTITIES_FOUND_RC)
for shareddrive in matchFeed:
row = {'id': shareddrive['id'], 'name': shareddrive['name'],
'organizers': delimiter.join(shareddrive['organizers']),
'createdTime': shareddrive['createdTime']}
if orgUnitId:
row.update(orgUnitInfo)
csvPF.WriteRowTitles(row)
if csvPF:
csvPF.writeCSVfile('SharedDrive Organizers')
def doPrintSharedDriveOrganizers():
printSharedDriveOrganizers([_getAdminEmail()], True)
LOOKERSTUDIO_ASSETTYPE_CHOICE_MAP = { LOOKERSTUDIO_ASSETTYPE_CHOICE_MAP = {
'report': ['REPORT'], 'report': ['REPORT'],
'datasource': ['DATA_SOURCE'], 'datasource': ['DATA_SOURCE'],
@@ -75919,6 +76191,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
Cmd.ARG_SCHEMA: doPrintShowUserSchemas, Cmd.ARG_SCHEMA: doPrintShowUserSchemas,
Cmd.ARG_SHAREDDRIVE: doPrintShowSharedDrives, Cmd.ARG_SHAREDDRIVE: doPrintShowSharedDrives,
Cmd.ARG_SHAREDDRIVEACLS: doPrintShowSharedDriveACLs, Cmd.ARG_SHAREDDRIVEACLS: doPrintShowSharedDriveACLs,
Cmd.ARG_SHAREDDRIVEORGANIZERS: doPrintSharedDriveOrganizers,
Cmd.ARG_SITE: deprecatedDomainSites, Cmd.ARG_SITE: deprecatedDomainSites,
Cmd.ARG_SITEACL: deprecatedDomainSites, Cmd.ARG_SITEACL: deprecatedDomainSites,
Cmd.ARG_SITEACTIVITY: deprecatedDomainSites, Cmd.ARG_SITEACTIVITY: deprecatedDomainSites,
@@ -76267,6 +76540,7 @@ MAIN_COMMANDS_OBJ_ALIASES = {
Cmd.ARG_TEAMDRIVES: Cmd.ARG_SHAREDDRIVE, Cmd.ARG_TEAMDRIVES: Cmd.ARG_SHAREDDRIVE,
Cmd.ARG_TEAMDRIVEACLS: Cmd.ARG_SHAREDDRIVEACLS, Cmd.ARG_TEAMDRIVEACLS: Cmd.ARG_SHAREDDRIVEACLS,
Cmd.ARG_TEAMDRIVEINFO: Cmd.ARG_SHAREDDRIVEINFO, Cmd.ARG_TEAMDRIVEINFO: Cmd.ARG_SHAREDDRIVEINFO,
Cmd.ARG_TEAMDRIVEORGANIZERS: Cmd.ARG_SHAREDDRIVEORGANIZERS,
Cmd.ARG_TEAMDRIVETHEMES: Cmd.ARG_SHAREDDRIVETHEMES, Cmd.ARG_TEAMDRIVETHEMES: Cmd.ARG_SHAREDDRIVETHEMES,
Cmd.ARG_TOKENS: Cmd.ARG_TOKEN, Cmd.ARG_TOKENS: Cmd.ARG_TOKEN,
Cmd.ARG_TRANSFER: Cmd.ARG_DATATRANSFER, Cmd.ARG_TRANSFER: Cmd.ARG_DATATRANSFER,
@@ -76959,6 +77233,7 @@ USER_COMMANDS_WITH_OBJECTS = {
Cmd.ARG_SENDAS: printShowSendAs, Cmd.ARG_SENDAS: printShowSendAs,
Cmd.ARG_SHAREDDRIVE: printShowSharedDrives, Cmd.ARG_SHAREDDRIVE: printShowSharedDrives,
Cmd.ARG_SHAREDDRIVEACLS: printShowSharedDriveACLs, Cmd.ARG_SHAREDDRIVEACLS: printShowSharedDriveACLs,
Cmd.ARG_SHAREDDRIVEORGANIZERS: printSharedDriveOrganizers,
Cmd.ARG_SHEET: infoPrintShowSheets, Cmd.ARG_SHEET: infoPrintShowSheets,
Cmd.ARG_SHEETRANGE: printShowSheetRanges, Cmd.ARG_SHEETRANGE: printShowSheetRanges,
Cmd.ARG_SIGNATURE: printShowSignature, Cmd.ARG_SIGNATURE: printShowSignature,
@@ -77316,6 +77591,7 @@ USER_COMMANDS_OBJ_ALIASES = {
Cmd.ARG_TEAMDRIVES: Cmd.ARG_SHAREDDRIVE, Cmd.ARG_TEAMDRIVES: Cmd.ARG_SHAREDDRIVE,
Cmd.ARG_TEAMDRIVEACLS: Cmd.ARG_SHAREDDRIVEACLS, Cmd.ARG_TEAMDRIVEACLS: Cmd.ARG_SHAREDDRIVEACLS,
Cmd.ARG_TEAMDRIVEINFO: Cmd.ARG_SHAREDDRIVEINFO, Cmd.ARG_TEAMDRIVEINFO: Cmd.ARG_SHAREDDRIVEINFO,
Cmd.ARG_TEAMDRIVEORGANIZERS: Cmd.ARG_SHAREDDRIVEORGANIZERS,
Cmd.ARG_TEAMDRIVETHEMES: Cmd.ARG_SHAREDDRIVETHEMES, Cmd.ARG_TEAMDRIVETHEMES: Cmd.ARG_SHAREDDRIVETHEMES,
Cmd.ARG_THREADS: Cmd.ARG_THREAD, Cmd.ARG_THREADS: Cmd.ARG_THREAD,
Cmd.ARG_TOKENS: Cmd.ARG_TOKEN, Cmd.ARG_TOKENS: Cmd.ARG_TOKEN,

View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright (C) 2024 Ross Scroggs All Rights Reserved. # Copyright (C) 2025 Ross Scroggs All Rights Reserved.
# #
# All Rights Reserved. # All Rights Reserved.
# #
@@ -118,6 +118,7 @@ JWT_APIS = {
ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE], ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE],
CHAT: ['https://www.googleapis.com/auth/chat.bot'], CHAT: ['https://www.googleapis.com/auth/chat.bot'],
CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE], CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE],
IAM: [IAM_SCOPE],
ORGPOLICY: [CLOUD_PLATFORM_SCOPE], ORGPOLICY: [CLOUD_PLATFORM_SCOPE],
} }
# #
@@ -131,6 +132,12 @@ APIS_NEEDING_ACCESS_TOKEN = {
CBCM: ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers'] CBCM: ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers']
} }
# #
DEPRECATED_SCOPES = {
'https://www.googleapis.com/auth/cloud-identity',
'https://www.googleapis.com/auth/cloud-platform',
'https://www.googleapis.com/auth/iam',
}
#
REFRESH_PERM_ERRORS = [ REFRESH_PERM_ERRORS = [
'invalid_grant: reauth related error (rapt_required)', # no way to reauth today 'invalid_grant: reauth related error (rapt_required)', # no way to reauth today
'invalid_grant: Token has been expired or revoked', 'invalid_grant: Token has been expired or revoked',
@@ -596,7 +603,7 @@ _SVCACCT_SCOPES = [
{'name': 'Cloud Identity Devices API', {'name': 'Cloud Identity Devices API',
'api': CLOUDIDENTITY_DEVICES, 'api': CLOUDIDENTITY_DEVICES,
'subscopes': READONLY, 'subscopes': READONLY,
'scope': 'https://www.googleapis.com/auth/cloud-identity'}, 'scope': 'https://www.googleapis.com/auth/cloud-identity.devices'},
# {'name': 'Cloud Identity User Invitations API', # {'name': 'Cloud Identity User Invitations API',
# 'api': CLOUDIDENTITY_USERINVITATIONS, # 'api': CLOUDIDENTITY_USERINVITATIONS,
# 'subscopes': READONLY, # 'subscopes': READONLY,
@@ -645,10 +652,11 @@ _SVCACCT_SCOPES = [
'api': GMAIL, 'api': GMAIL,
'subscopes': [], 'subscopes': [],
'scope': 'https://www.googleapis.com/auth/gmail.settings.sharing'}, 'scope': 'https://www.googleapis.com/auth/gmail.settings.sharing'},
{'name': 'Identity and Access Management API', # {'name': 'Identity and Access Management API',
'api': IAM, # 'api': IAM,
'subscopes': [], # 'offByDefault': True,
'scope': CLOUD_PLATFORM_SCOPE}, # 'subscopes': [],
# 'scope': CLOUD_PLATFORM_SCOPE},
{'name': 'Keep API', {'name': 'Keep API',
'api': KEEP, 'api': KEEP,
'subscopes': READONLY, 'subscopes': READONLY,

View File

@@ -163,6 +163,8 @@ EMAIL_BATCH_SIZE = 'email_batch_size'
ENABLE_DASA = 'enable_dasa' ENABLE_DASA = 'enable_dasa'
# Enable Cloud Session Reauthentication by borrowing a RAPT token from gcloud command # Enable Cloud Session Reauthentication by borrowing a RAPT token from gcloud command
ENABLE_GCLOUD_REAUTH = 'enable_gcloud_reauth' ENABLE_GCLOUD_REAUTH = 'enable_gcloud_reauth'
# Value for enforceExpansiveAccess for commands that delete or update drive file ACLs/permissions.
ENFORCE_EXPANSIVE_ACCESS = 'enforce_expansive_access'
# When retrieving lists of calendar events from API, how many should be retrieved in each chunk # When retrieving lists of calendar events from API, how many should be retrieved in each chunk
EVENT_MAX_RESULTS = 'event_max_results' EVENT_MAX_RESULTS = 'event_max_results'
# Path to extra_args.txt # Path to extra_args.txt
@@ -377,6 +379,7 @@ Defaults = {
DEVICE_MAX_RESULTS: '200', DEVICE_MAX_RESULTS: '200',
DOMAIN: '', DOMAIN: '',
DRIVE_DIR: '', DRIVE_DIR: '',
ENFORCE_EXPANSIVE_ACCESS: FALSE,
DRIVE_MAX_RESULTS: '1000', DRIVE_MAX_RESULTS: '1000',
DRIVE_V3_BETA: FALSE, DRIVE_V3_BETA: FALSE,
DRIVE_V3_NATIVE_NAMES: TRUE, DRIVE_V3_NATIVE_NAMES: TRUE,
@@ -545,6 +548,7 @@ VAR_INFO = {
DEVICE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)}, DEVICE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
DOMAIN: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_DOMAIN', VAR_LIMITS: (0, None)}, DOMAIN: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_DOMAIN', VAR_LIMITS: (0, None)},
DRIVE_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMDRIVEDIR'}, DRIVE_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMDRIVEDIR'},
ENFORCE_EXPANSIVE_ACCESS: {VAR_TYPE: TYPE_BOOLEAN},
DRIVE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)}, DRIVE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
DRIVE_V3_BETA: {VAR_TYPE: TYPE_BOOLEAN}, DRIVE_V3_BETA: {VAR_TYPE: TYPE_BOOLEAN},
DRIVE_V3_NATIVE_NAMES: {VAR_TYPE: TYPE_BOOLEAN}, DRIVE_V3_NATIVE_NAMES: {VAR_TYPE: TYPE_BOOLEAN},

View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright (C) 2024 Ross Scroggs All Rights Reserved. # Copyright (C) 2025 Ross Scroggs All Rights Reserved.
# #
# All Rights Reserved. # All Rights Reserved.
# #
@@ -755,6 +755,7 @@ class GamCLArgs():
ARG_SHAREDDRIVES = 'shareddrives' ARG_SHAREDDRIVES = 'shareddrives'
ARG_SHAREDDRIVEACLS = 'shareddriveacls' ARG_SHAREDDRIVEACLS = 'shareddriveacls'
ARG_SHAREDDRIVEINFO = 'shareddriveinfo' ARG_SHAREDDRIVEINFO = 'shareddriveinfo'
ARG_SHAREDDRIVEORGANIZERS = 'shareddriveorganizers'
ARG_SHAREDDRIVETHEMES = 'shareddrivethemes' ARG_SHAREDDRIVETHEMES = 'shareddrivethemes'
ARG_SHEET = 'sheet' ARG_SHEET = 'sheet'
ARG_SHEETS = 'sheets' ARG_SHEETS = 'sheets'
@@ -784,6 +785,7 @@ class GamCLArgs():
ARG_TEAMDRIVES = 'teamdrives' ARG_TEAMDRIVES = 'teamdrives'
ARG_TEAMDRIVEACLS = 'teamdriveacls' ARG_TEAMDRIVEACLS = 'teamdriveacls'
ARG_TEAMDRIVEINFO = 'teamdriveinfo' ARG_TEAMDRIVEINFO = 'teamdriveinfo'
ARG_TEAMDRIVEORGANIZERS = 'teamdriveorganizers'
ARG_TEAMDRIVETHEMES = 'teamdrivethemes' ARG_TEAMDRIVETHEMES = 'teamdrivethemes'
ARG_THREAD = 'thread' ARG_THREAD = 'thread'
ARG_THREADS = 'threads' ARG_THREADS = 'threads'
@@ -964,6 +966,7 @@ class GamCLArgs():
OB_MOBILE_ENTITY = 'MobileEntity' OB_MOBILE_ENTITY = 'MobileEntity'
OB_NETWORK_ID = 'networkID' OB_NETWORK_ID = 'networkID'
OB_NAME = 'Name' OB_NAME = 'Name'
OB_ORGANIZER_TYPE_LIST = 'OrganizerTypeList'
OB_ORGUNIT_ENTITY = 'OrgUnitEntity' OB_ORGUNIT_ENTITY = 'OrgUnitEntity'
OB_ORGUNIT_ITEM = 'OrgUnitItem' OB_ORGUNIT_ITEM = 'OrgUnitItem'
OB_ORGUNIT_PATH = 'OrgUnitPath' OB_ORGUNIT_PATH = 'OrgUnitPath'

View File

@@ -140,12 +140,13 @@ SERVICE_ACCOUNT_PRIVATE_KEY_AGE = 'Service Account Private Key age: {0} days'
SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK = 'Skipping Private Key age check: {0} rotation not necessary' SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK = 'Skipping Private Key age check: {0} rotation not necessary'
UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS = 'Please run "gam update project" to view/manage service account keys' UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS = 'Please run "gam update project" to view/manage service account keys'
DOMAIN_WIDE_DELEGATION_AUTHENTICATION = 'Domain-wide Delegation authentication' DOMAIN_WIDE_DELEGATION_AUTHENTICATION = 'Domain-wide Delegation authentication'
DEPRECATED_SCOPES = 'Deprecated scopes that GAM should NEVER have DwD access to'
SCOPE_AUTHORIZATION_PASSED = '''All scopes PASSED! SCOPE_AUTHORIZATION_PASSED = '''All scopes PASSED!
Service Account Client name: {0} is fully authorized. Service Account Client name: {0} is fully authorized.
''' '''
SCOPE_AUTHORIZATION_UPDATE_PASSED = '''All scopes PASSED! SCOPE_AUTHORIZATION_UPDATE_PASSED = '''All scopes PASSED!
To authorize them (in case some scopes were unselected), please go to the following link in your browser: To update authorization (in case some scopes were unselected), please go to the following link in your browser:
{0} {0}
{1} {1}
@@ -156,8 +157,8 @@ Click AUTHORIZE
When the box closes you're done When the box closes you're done
After authorizing it may take some time for this test to pass so wait a few moments and then try this command again. After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
''' '''
SCOPE_AUTHORIZATION_FAILED = '''Some scopes FAILED! SCOPE_AUTHORIZATION_FAILED = '''Some scopes FAILED or should be DISABLED!
To authorize them, please go to the following link in your browser: To update authorization, please go to the following link in your browser:
{0} {0}
{1} {1}

View File

@@ -577,7 +577,7 @@ chrome.devices.DeviceAllowEnterpriseRemoteAccessConnections: Enterprise remote a
false: Prevent remote access connections from enterprise admins. false: Prevent remote access connections from enterprise admins.
chrome.devices.DeviceAuthenticationFlowAutoReloadInterval: Automatic online sign-in / lock screen refresh. chrome.devices.DeviceAuthenticationFlowAutoReloadInterval: Automatic online sign-in / lock screen refresh.
duration: TYPE_INT64 deviceAuthenticationFlowAutoReloadInterval: TYPE_INT64
chrome.devices.DeviceAuthenticationUrlAllowlist: Blocked URL exceptions on the sign-in / lock screens. chrome.devices.DeviceAuthenticationUrlAllowlist: Blocked URL exceptions on the sign-in / lock screens.
deviceAuthenticationUrlAllowlist: TYPE_LIST deviceAuthenticationUrlAllowlist: TYPE_LIST
@@ -799,7 +799,7 @@ chrome.devices.DeviceScreensaverLoginScreenEnabled: Screen saver.
false: Don't display screen saver when idle. false: Don't display screen saver when idle.
deviceScreensaverLoginScreenImages: TYPE_LIST deviceScreensaverLoginScreenImages: TYPE_LIST
Screen saver image URLs. Enter one URL per line. Images must be in JPG format(.jpg or .jpeg files. Screen saver image URLs. Enter one URL per line. Images must be in JPG format(.jpg or .jpeg files.
duration: TYPE_INT64 deviceScreensaverLoginScreenImageDisplayIntervalSeconds: TYPE_INT64
chrome.devices.DeviceScreenSettings: Screen settings. chrome.devices.DeviceScreenSettings: Screen settings.
allowUserDisplayChanges: TYPE_BOOL allowUserDisplayChanges: TYPE_BOOL
@@ -967,10 +967,10 @@ chrome.devices.EnableReportUploadFrequency: Device status report upload frequenc
duration: TYPE_STRING duration: TYPE_STRING
chrome.devices.EnableReportUploadFrequencyV2: Device status report upload frequency. chrome.devices.EnableReportUploadFrequencyV2: Device status report upload frequency.
duration: TYPE_INT64 reportDeviceUploadFrequency: TYPE_INT64
chrome.devices.ExtensionCacheSize: Apps and extensions cache size. chrome.devices.ExtensionCacheSize: Apps and extensions cache size.
value: TYPE_INT64 extensionCacheSize: TYPE_INT64
chrome.devices.ForcedReenrollment: Forced re-enrollment. chrome.devices.ForcedReenrollment: Forced re-enrollment.
reenrollmentMode: TYPE_ENUM reenrollmentMode: TYPE_ENUM
@@ -1031,7 +1031,7 @@ chrome.devices.kiosk.AcPowerSettingsV2: AC Kiosk power settings.
IDLE_ACTION_LOGOUT: Logout. IDLE_ACTION_LOGOUT: Logout.
IDLE_ACTION_SHUTDOWN: Shutdown. IDLE_ACTION_SHUTDOWN: Shutdown.
IDLE_ACTION_DO_NOTHING: Do nothing. IDLE_ACTION_DO_NOTHING: Do nothing.
duration: TYPE_INT64 acScreenOffTimeout: TYPE_INT64
chrome.devices.kiosk.Alerting: Kiosk device status alerting delivery. chrome.devices.kiosk.Alerting: Kiosk device status alerting delivery.
deviceStatusAlertDeliveryModes: TYPE_LIST deviceStatusAlertDeliveryModes: TYPE_LIST
@@ -1121,7 +1121,7 @@ chrome.devices.kiosk.BatteryPowerSettingsV2: Battery Kiosk power settings.
IDLE_ACTION_LOGOUT: Logout. IDLE_ACTION_LOGOUT: Logout.
IDLE_ACTION_SHUTDOWN: Shutdown. IDLE_ACTION_SHUTDOWN: Shutdown.
IDLE_ACTION_DO_NOTHING: Do nothing. IDLE_ACTION_DO_NOTHING: Do nothing.
duration: TYPE_INT64 batteryScreenOffTimeout: TYPE_INT64
chrome.devices.kiosk.CaretHighlightEnabled: Kiosk caret highlight. chrome.devices.kiosk.CaretHighlightEnabled: Kiosk caret highlight.
caretHighlightEnabled: TYPE_ENUM caretHighlightEnabled: TYPE_ENUM
@@ -1486,6 +1486,7 @@ chrome.devices.managedguest.apps.EnterpriseChallenge: Allows setting of whether
chrome.devices.managedguest.apps.IncludeInChromeWebStoreCollection: Specifies whether the Chrome Application should appear in the Chrome Web Store collection. chrome.devices.managedguest.apps.IncludeInChromeWebStoreCollection: Specifies whether the Chrome Application should appear in the Chrome Web Store collection.
includeInCollection: TYPE_BOOL includeInCollection: TYPE_BOOL
spotlightRecommended: TYPE_BOOL
chrome.devices.managedguest.apps.InstallationUrl: Specifies the url from which to install a self hosted Chrome Extension. chrome.devices.managedguest.apps.InstallationUrl: Specifies the url from which to install a self hosted Chrome Extension.
installationUrl: TYPE_STRING installationUrl: TYPE_STRING
@@ -1606,7 +1607,7 @@ chrome.devices.managedguest.BrowsingDataLifetime: Browsing Data Lifetime.
duration: TYPE_STRING duration: TYPE_STRING
chrome.devices.managedguest.BrowsingDataLifetimeV2: Browsing Data Lifetime. chrome.devices.managedguest.BrowsingDataLifetimeV2: Browsing Data Lifetime.
duration: TYPE_INT64 hostedAppDataTtl: TYPE_INT64
chrome.devices.managedguest.BuiltInDnsClientEnabled: Built-in DNS client. chrome.devices.managedguest.BuiltInDnsClientEnabled: Built-in DNS client.
builtInDnsClientEnabled: TYPE_ENUM builtInDnsClientEnabled: TYPE_ENUM
@@ -1900,6 +1901,8 @@ chrome.devices.managedguest.ExternalStorage: External storage devices.
READ_WRITE: Allow read and write access to all external storage devices. READ_WRITE: Allow read and write access to all external storage devices.
READ_ONLY: Allow read only access to all external storage devices. READ_ONLY: Allow read only access to all external storage devices.
DISALLOW: Do not allow read and write access to external storage devices. DISALLOW: Do not allow read and write access to external storage devices.
externalStorageAllowlist: TYPE_LIST
Specify devices to always have read and write access. USB devices which are allowlisted for read and write access. To identify a specific device, enter colon separated hexadecimal pairs of USB Vendor Identifier and Product Identifier.
chrome.devices.managedguest.FastPairEnabled: Fast Pair (fast Bluetooth pairing). chrome.devices.managedguest.FastPairEnabled: Fast Pair (fast Bluetooth pairing).
fastPairEnabled: TYPE_ENUM fastPairEnabled: TYPE_ENUM
@@ -2301,7 +2304,7 @@ chrome.devices.managedguest.MaxInvalidationFetchDelay: Policy fetch delay.
duration: TYPE_STRING duration: TYPE_STRING
chrome.devices.managedguest.MaxInvalidationFetchDelayV2: Policy fetch delay. chrome.devices.managedguest.MaxInvalidationFetchDelayV2: Policy fetch delay.
duration: TYPE_INT64 maxInvalidationFetchDelay: TYPE_INT64
chrome.devices.managedguest.MemorySaverModeSavings: Memory saver. chrome.devices.managedguest.MemorySaverModeSavings: Memory saver.
memorySaverModeSavings: TYPE_ENUM memorySaverModeSavings: TYPE_ENUM
@@ -2503,7 +2506,7 @@ chrome.devices.managedguest.PrintingBackgroundGraphicsDefault: Background graphi
ENABLED: Enable background graphics printing mode by default. ENABLED: Enable background graphics printing mode by default.
chrome.devices.managedguest.PrintingMaxSheetsAllowed: Maximum sheets. chrome.devices.managedguest.PrintingMaxSheetsAllowed: Maximum sheets.
value: TYPE_INT64 printingMaxSheetsAllowedNullable: TYPE_INT64
chrome.devices.managedguest.PrintingPaperSizeDefault: Default printing page size. chrome.devices.managedguest.PrintingPaperSizeDefault: Default printing page size.
printingPaperSizeEnum: TYPE_ENUM printingPaperSizeEnum: TYPE_ENUM
@@ -2528,7 +2531,7 @@ chrome.devices.managedguest.PrintJobHistoryExpirationPeriodNew: Print job histor
duration: TYPE_STRING duration: TYPE_STRING
chrome.devices.managedguest.PrintJobHistoryExpirationPeriodNewV2: Print job history retention period. chrome.devices.managedguest.PrintJobHistoryExpirationPeriodNewV2: Print job history retention period.
duration: TYPE_INT64 printJobHistoryExpirationPeriodDaysNew: TYPE_INT64
chrome.devices.managedguest.PrintPdfAsImage: Print PDF as image. chrome.devices.managedguest.PrintPdfAsImage: Print PDF as image.
printPdfAsImageAvailability: TYPE_BOOL printPdfAsImageAvailability: TYPE_BOOL
@@ -2595,7 +2598,7 @@ chrome.devices.managedguest.RemoteAccessHostClientDomainList: Remote access clie
Remote access client domain. Configure the required domain names for remote access clients. Remote access client domain. Configure the required domain names for remote access clients.
chrome.devices.managedguest.RemoteAccessHostClipboardSizeBytes: Clipboard sync max size. chrome.devices.managedguest.RemoteAccessHostClipboardSizeBytes: Clipboard sync max size.
value: TYPE_INT64 remoteAccessHostClipboardSizeBytes: TYPE_INT64
chrome.devices.managedguest.RemoteAccessHostDomainList: Remote access hosts. chrome.devices.managedguest.RemoteAccessHostDomainList: Remote access hosts.
remoteAccessHostDomainList: TYPE_LIST remoteAccessHostDomainList: TYPE_LIST
@@ -2740,7 +2743,7 @@ chrome.devices.managedguest.SecurityTokenSessionSettingsV2: Security token remov
IGNORE: Nothing. IGNORE: Nothing.
LOGOUT: Log the user out. LOGOUT: Log the user out.
LOCK: Lock the current session. LOCK: Lock the current session.
duration: TYPE_INT64 securityTokenSessionNotificationSeconds: TYPE_INT64
chrome.devices.managedguest.SelectToSpeakEnabled: Select to speak. chrome.devices.managedguest.SelectToSpeakEnabled: Select to speak.
selectToSpeakEnabled: TYPE_ENUM selectToSpeakEnabled: TYPE_ENUM
@@ -2766,7 +2769,7 @@ chrome.devices.managedguest.SessionLength: Maximum user session length.
duration: TYPE_STRING duration: TYPE_STRING
chrome.devices.managedguest.SessionLengthV2: Maximum user session length. chrome.devices.managedguest.SessionLengthV2: Maximum user session length.
duration: TYPE_INT64 sessionDurationLimit: TYPE_INT64
chrome.devices.managedguest.SessionLocale: Session locale. chrome.devices.managedguest.SessionLocale: Session locale.
sessionLocalesRepeatedString: TYPE_LIST sessionLocalesRepeatedString: TYPE_LIST
@@ -3218,7 +3221,7 @@ chrome.devices.ScheduledRebootDuration: Reboot after uptime limit.
duration: TYPE_STRING duration: TYPE_STRING
chrome.devices.ScheduledRebootDurationV2: Reboot after uptime limit. chrome.devices.ScheduledRebootDurationV2: Reboot after uptime limit.
duration: TYPE_INT64 uptimeLimitDuration: TYPE_INT64
chrome.devices.ShowLowDiskSpaceNotification: Low disk space notification. chrome.devices.ShowLowDiskSpaceNotification: Low disk space notification.
showLowDiskSpaceNotification: TYPE_BOOL showLowDiskSpaceNotification: TYPE_BOOL
@@ -3796,6 +3799,7 @@ chrome.users.apps.EnterpriseChallenge: Allows setting of whether the app can cha
chrome.users.apps.IncludeInChromeWebStoreCollection: Specifies whether the Chrome Application should appear in the Chrome Web Store collection. chrome.users.apps.IncludeInChromeWebStoreCollection: Specifies whether the Chrome Application should appear in the Chrome Web Store collection.
includeInCollection: TYPE_BOOL includeInCollection: TYPE_BOOL
spotlightRecommended: TYPE_BOOL
chrome.users.apps.InstallationUrl: Specifies the url from which to install a self hosted Chrome Extension. chrome.users.apps.InstallationUrl: Specifies the url from which to install a self hosted Chrome Extension.
installationUrl: TYPE_STRING installationUrl: TYPE_STRING
@@ -3808,6 +3812,9 @@ chrome.users.apps.InstallType: Specifies the manner in which the app is to be in
ALLOWED: Allow installation of the app. ALLOWED: Allow installation of the app.
FORCED: Force install the app. FORCED: Force install the app.
FORCED_AND_PIN_TO_TOOLBAR: Force install and pin the app to the toolbar. FORCED_AND_PIN_TO_TOOLBAR: Force install and pin the app to the toolbar.
NORMAL: Force install the app, but allow the user to disable it. This option is only available for Chrome extensions.
NORMAL_AND_PIN_TO_TOOLBAR: Force install and pin the app to the toolbar, but allow the user to disable it. This option is only available for Chrome extensions.
REMOVE: Block installation of the app and remove it from the device. This option is only available for Chrome extensions.
chrome.users.apps.ManagedConfiguration: Allows setting of the managed configuration. chrome.users.apps.ManagedConfiguration: Allows setting of the managed configuration.
managedConfiguration: TYPE_STRING managedConfiguration: TYPE_STRING
@@ -4081,6 +4088,13 @@ chrome.users.AutofillCreditCardEnabled: Credit card form autofill.
true: Allow user to configure. true: Allow user to configure.
false: Never Autofill credit card forms. false: Never Autofill credit card forms.
chrome.users.AutofillPredictionSettings: Autofill with AI.
autofillPredictionSettings: TYPE_ENUM
ALLOWED: Allow autofill prediction and improve AI models.
ALLOWED_WITHOUT_LOGGING: Allow autofill prediction without improving AI models.
DISABLED: Do not allow autofill prediction.
UNSET: Use the value specified in the Generative AI policy defaults setting.
chrome.users.AutomaticFullscreen: Automatic fullscreen. chrome.users.AutomaticFullscreen: Automatic fullscreen.
automaticFullscreenAllowedForUrls: TYPE_LIST automaticFullscreenAllowedForUrls: TYPE_LIST
Allow automatic fullscreen on these sites. Supersedes users' personal settings and allows matching origins to call the API without a prior user gesture. Allow automatic fullscreen on these sites. Supersedes users' personal settings and allows matching origins to call the API without a prior user gesture.
@@ -4101,7 +4115,7 @@ chrome.users.AutoUpdateCheckPeriodNew: Auto-update check period.
duration: TYPE_STRING duration: TYPE_STRING
chrome.users.AutoUpdateCheckPeriodNewV2: Auto-update check period. chrome.users.AutoUpdateCheckPeriodNewV2: Auto-update check period.
duration: TYPE_INT64 autoUpdateCheckPeriodMinutesNew: TYPE_INT64
chrome.users.Avatar: Custom avatar. chrome.users.Avatar: Custom avatar.
downloadUri: TYPE_STRING downloadUri: TYPE_STRING
@@ -4227,7 +4241,7 @@ chrome.users.BrowserSwitcherDelayDuration: Delay before launching alternative br
duration: TYPE_STRING duration: TYPE_STRING
chrome.users.BrowserSwitcherDelayDurationV2: Delay before launching alternative browser. chrome.users.BrowserSwitcherDelayDurationV2: Delay before launching alternative browser.
duration: TYPE_INT64 browserSwitcherDelayDuration: TYPE_INT64
chrome.users.BrowserSwitcherExternalGreylistUrl: URL to list of websites to open in either browser. chrome.users.BrowserSwitcherExternalGreylistUrl: URL to list of websites to open in either browser.
browserSwitcherExternalGreylistUrl: TYPE_STRING browserSwitcherExternalGreylistUrl: TYPE_STRING
@@ -4268,7 +4282,7 @@ chrome.users.BrowsingDataLifetime: Browsing Data Lifetime.
duration: TYPE_STRING duration: TYPE_STRING
chrome.users.BrowsingDataLifetimeV2: Browsing Data Lifetime. chrome.users.BrowsingDataLifetimeV2: Browsing Data Lifetime.
duration: TYPE_INT64 hostedAppDataTtl: TYPE_INT64
chrome.users.BuiltInDnsClientEnabled: Built-in DNS client. chrome.users.BuiltInDnsClientEnabled: Built-in DNS client.
builtInDnsClientEnabled: TYPE_ENUM builtInDnsClientEnabled: TYPE_ENUM
@@ -4418,11 +4432,16 @@ chrome.users.CloudProfileReportingEnabled: Managed profile reporting.
true: Enable managed profile reporting for managed users. true: Enable managed profile reporting for managed users.
false: Disable managed profile reporting for managed users. false: Disable managed profile reporting for managed users.
chrome.users.CloudReporting: Managed browser reporting.
cloudReportingEnabled: TYPE_BOOL
true: Enable managed browser cloud reporting.
false: Disable managed browser cloud reporting.
chrome.users.CloudReportingUploadFrequency: Managed browser reporting upload frequency. chrome.users.CloudReportingUploadFrequency: Managed browser reporting upload frequency.
duration: TYPE_STRING duration: TYPE_STRING
chrome.users.CloudReportingUploadFrequencyV2: Managed browser reporting upload frequency. chrome.users.CloudReportingUploadFrequencyV2: Managed browser reporting upload frequency.
duration: TYPE_INT64 cloudReportingUploadFrequency: TYPE_INT64
chrome.users.CloudUserPolicyMerge: User cloud policy merge. chrome.users.CloudUserPolicyMerge: User cloud policy merge.
cloudUserPolicyMerge: TYPE_BOOL cloudUserPolicyMerge: TYPE_BOOL
@@ -4843,6 +4862,10 @@ chrome.users.ExplicitlyAllowedNetworkPorts: Allowed network ports.
explicitlyAllowedNetworkPorts: TYPE_LIST explicitlyAllowedNetworkPorts: TYPE_LIST
{'value': '554', 'description': 'port 554 (expires 2021/10/15).'} {'value': '554', 'description': 'port 554 (expires 2021/10/15).'}
chrome.users.ExtensibleEnterpriseSsoBlocklist: Extensible Enterprise SSO blocking.
extensibleEnterpriseSsoBlocklist: TYPE_LIST
{'value': 'all', 'description': 'All identity providers.'}
chrome.users.ExtensionExtendedBackgroundLifetimeForPortConnectionsToUrls: Extended background lifetime. chrome.users.ExtensionExtendedBackgroundLifetimeForPortConnectionsToUrls: Extended background lifetime.
extensionExtendedBackgroundLifetimeForPortConnectionsToUrls: TYPE_LIST extensionExtendedBackgroundLifetimeForPortConnectionsToUrls: TYPE_LIST
Origins that grant extended background lifetime to connecting extensions. Enter a list of origins. Extensions that connect to one of these origins will be be kept running as long as the port is connected. One URL per line. Origins that grant extended background lifetime to connecting extensions. Enter a list of origins. Extensions that connect to one of these origins will be be kept running as long as the port is connected. One URL per line.
@@ -4864,6 +4887,8 @@ chrome.users.ExternalStorage: External storage devices.
READ_WRITE: Allow read and write access to all external storage devices. READ_WRITE: Allow read and write access to all external storage devices.
READ_ONLY: Allow read only access to all external storage devices. READ_ONLY: Allow read only access to all external storage devices.
DISALLOW: Do not allow read and write access to external storage devices. DISALLOW: Do not allow read and write access to external storage devices.
externalStorageAllowlist: TYPE_LIST
Specify devices to always have read and write access. USB devices which are allowlisted for read and write access. To identify a specific device, enter colon separated hexadecimal pairs of USB Vendor Identifier and Product Identifier.
chrome.users.FastPairEnabled: Fast Pair (fast Bluetooth pairing). chrome.users.FastPairEnabled: Fast Pair (fast Bluetooth pairing).
fastPairEnabled: TYPE_ENUM fastPairEnabled: TYPE_ENUM
@@ -4890,7 +4915,7 @@ chrome.users.FetchKeepaliveDurationSecondsOnShutdown: Keepalive duration.
duration: TYPE_STRING duration: TYPE_STRING
chrome.users.FetchKeepaliveDurationSecondsOnShutdownV2: Keepalive duration. chrome.users.FetchKeepaliveDurationSecondsOnShutdownV2: Keepalive duration.
duration: TYPE_INT64 fetchKeepaliveDurationSecondsOnShutdown: TYPE_INT64
chrome.users.FileOrDirectoryPickerWithoutGestureAllowedForOrigins: File/directory picker without user gesture. chrome.users.FileOrDirectoryPickerWithoutGestureAllowedForOrigins: File/directory picker without user gesture.
fileOrDirectoryPickerWithoutGestureAllowedForOrigins: TYPE_LIST fileOrDirectoryPickerWithoutGestureAllowedForOrigins: TYPE_LIST
@@ -4989,10 +5014,16 @@ chrome.users.FullscreenAllowed: Fullscreen mode.
false: Do not allow fullscreen mode. false: Do not allow fullscreen mode.
chrome.users.GaiaLockScreenOfflineSigninTimeLimitDays: Google online unlock frequency. chrome.users.GaiaLockScreenOfflineSigninTimeLimitDays: Google online unlock frequency.
value: TYPE_INT64 gaiaLockScreenOfflineSigninTimeLimitDays: TYPE_INT64
chrome.users.GaiaOfflineSigninTimeLimitDays: Google online login frequency. chrome.users.GaiaOfflineSigninTimeLimitDays: Google online login frequency.
value: TYPE_INT64 gaiaOfflineSigninTimeLimitDays: TYPE_INT64
chrome.users.GeminiSettings: Gemini integration.
geminiSettings: TYPE_ENUM
ENABLED: Allow Gemini integrations.
DISABLED: Do not allow Gemini integrations.
UNSET: Use the value specified in the Generative AI policy defaults setting.
chrome.users.GenAiDefaultSettings: Generative AI policy defaults. chrome.users.GenAiDefaultSettings: Generative AI policy defaults.
genAiDefaultSettings: TYPE_ENUM genAiDefaultSettings: TYPE_ENUM
@@ -5235,6 +5266,10 @@ chrome.users.InactiveBrowserDeletion: Inactive period for browser deletion.
inactiveBrowserTtlDays: TYPE_INT64 inactiveBrowserTtlDays: TYPE_INT64
Number of days. Shortening this period can cause more enrolled browsers to be considered inactive and, therefore, be irreversibly deleted. Before lowering the value of this policy, make sure you understand the impact. The allowable range is 28-730 days. Number of days. Shortening this period can cause more enrolled browsers to be considered inactive and, therefore, be irreversibly deleted. Before lowering the value of this policy, make sure you understand the impact. The allowable range is 28-730 days.
chrome.users.InactivePeriodForProfileDeletion: Inactive period for profile deletion.
inactiveProfileTtlDays: TYPE_INT64
Inactive period for profile deletion. Shortening this period can cause more managed profiles to be considered inactive and, therefore, be deleted. Before lowering the value of this policy, make sure you understand the impact. The allowable range is 28-730 days.
chrome.users.IncognitoMode: Incognito mode. chrome.users.IncognitoMode: Incognito mode.
incognitoModeAvailability: TYPE_ENUM incognitoModeAvailability: TYPE_ENUM
AVAILABLE: Allow incognito mode. AVAILABLE: Allow incognito mode.
@@ -5515,7 +5550,7 @@ chrome.users.MaxInvalidationFetchDelay: Policy fetch delay.
duration: TYPE_STRING duration: TYPE_STRING
chrome.users.MaxInvalidationFetchDelayV2: Policy fetch delay. chrome.users.MaxInvalidationFetchDelayV2: Policy fetch delay.
duration: TYPE_INT64 maxInvalidationFetchDelay: TYPE_INT64
chrome.users.MediaRecommendationsEnabled: Media Recommendations. chrome.users.MediaRecommendationsEnabled: Media Recommendations.
mediaRecommendationsEnabled: TYPE_BOOL mediaRecommendationsEnabled: TYPE_BOOL
@@ -5692,6 +5727,16 @@ chrome.users.NtpMiddleSlotAnnouncementVisible: Middle slot announcement on the N
true: Show the middle slot announcement on the New Tab Page if it is available. true: Show the middle slot announcement on the New Tab Page if it is available.
false: Do not show the middle slot announcement on the New Tab Page even if it is available. false: Do not show the middle slot announcement on the New Tab Page even if it is available.
chrome.users.NtpOutlookCardVisible: New Tab page Outlook card.
ntpOutlookCardVisible: TYPE_BOOL
true: Enable New Tab page Outlook calendar card.
false: Disable New Tab page Outlook calendar card.
chrome.users.NtpSharepointCardVisible: New Tab page Sharepoint and OneDrive card.
ntpSharepointCardVisible: TYPE_BOOL
true: Enable New Tab page Sharepoint and OneDrive files card.
false: Disable New Tab page Sharepoint and OneDrive files card.
chrome.users.OffsetParentNewSpecBehaviorEnabled: Enable legacy HTMLElement offset behavior. chrome.users.OffsetParentNewSpecBehaviorEnabled: Enable legacy HTMLElement offset behavior.
offsetParentNewSpecBehaviorEnabled: TYPE_BOOL offsetParentNewSpecBehaviorEnabled: TYPE_BOOL
true: Use new offset behavior. true: Use new offset behavior.
@@ -5972,7 +6017,7 @@ chrome.users.PrintingLpacSandboxEnabled: Printing LPAC Sandbox.
false: Run printing services in a less secure sandbox. false: Run printing services in a less secure sandbox.
chrome.users.PrintingMaxSheetsAllowed: Maximum sheets. chrome.users.PrintingMaxSheetsAllowed: Maximum sheets.
value: TYPE_INT64 printingMaxSheetsAllowedNullable: TYPE_INT64
chrome.users.PrintingPaperSizeDefault: Default printing page size. chrome.users.PrintingPaperSizeDefault: Default printing page size.
printingPaperSizeEnum: TYPE_ENUM printingPaperSizeEnum: TYPE_ENUM
@@ -6002,7 +6047,7 @@ chrome.users.PrintJobHistoryExpirationPeriodNew: Print job history retention per
duration: TYPE_STRING duration: TYPE_STRING
chrome.users.PrintJobHistoryExpirationPeriodNewV2: Print job history retention period. chrome.users.PrintJobHistoryExpirationPeriodNewV2: Print job history retention period.
duration: TYPE_INT64 printJobHistoryExpirationPeriodDaysNew: TYPE_INT64
chrome.users.PrintPdfAsImage: Print PDF as image. chrome.users.PrintPdfAsImage: Print PDF as image.
printPdfAsImageAvailability: TYPE_BOOL printPdfAsImageAvailability: TYPE_BOOL
@@ -6159,7 +6204,7 @@ chrome.users.RelaunchNotificationWithDurationV2: Relaunch notification.
NO_NOTIFICATION: No relaunch notification. NO_NOTIFICATION: No relaunch notification.
RECOMMENDED: Show notification recommending relaunch. RECOMMENDED: Show notification recommending relaunch.
REQUIRED: Force relaunch after a period. REQUIRED: Force relaunch after a period.
duration: TYPE_INT64 relaunchWindowDurationMin: TYPE_INT64
hours: TYPE_INT32 hours: TYPE_INT32
minutes: TYPE_INT32 minutes: TYPE_INT32
seconds: TYPE_INT32 seconds: TYPE_INT32
@@ -6180,7 +6225,7 @@ chrome.users.RemoteAccessHostClientDomainList: Remote access clients.
Remote access client domain. Configure the required domain names for remote access clients. Remote access client domain. Configure the required domain names for remote access clients.
chrome.users.RemoteAccessHostClipboardSizeBytes: Clipboard sync max size. chrome.users.RemoteAccessHostClipboardSizeBytes: Clipboard sync max size.
value: TYPE_INT64 remoteAccessHostClipboardSizeBytes: TYPE_INT64
chrome.users.RemoteAccessHostDomainList: Remote access hosts. chrome.users.RemoteAccessHostDomainList: Remote access hosts.
remoteAccessHostDomainList: TYPE_LIST remoteAccessHostDomainList: TYPE_LIST
@@ -6299,7 +6344,7 @@ chrome.users.SafeSitesFilterBehavior: SafeSites URL filter.
SAFE_SITES_FILTER_ENABLED: Filter sites for adult content. SAFE_SITES_FILTER_ENABLED: Filter sites for adult content.
chrome.users.SamlLockScreenOfflineSigninTimeLimitDays: SAML single sign-on unlock frequency. chrome.users.SamlLockScreenOfflineSigninTimeLimitDays: SAML single sign-on unlock frequency.
value: TYPE_INT64 samlLockScreenOfflineSigninTimeLimitDays: TYPE_INT64
chrome.users.SamlLockScreenReauthenticationEnabled: SAML single sign-on password synchronization flows. chrome.users.SamlLockScreenReauthenticationEnabled: SAML single sign-on password synchronization flows.
samlLockScreenReauthenticationEnabled: TYPE_BOOL samlLockScreenReauthenticationEnabled: TYPE_BOOL
@@ -6387,7 +6432,7 @@ chrome.users.SecurityTokenSessionSettingsV2: Security token removal.
IGNORE: Nothing. IGNORE: Nothing.
LOGOUT: Log the user out. LOGOUT: Log the user out.
LOCK: Lock the current session. LOCK: Lock the current session.
duration: TYPE_INT64 securityTokenSessionNotificationSeconds: TYPE_INT64
chrome.users.SelectToSpeakEnabled: Select to speak. chrome.users.SelectToSpeakEnabled: Select to speak.
selectToSpeakEnabled: TYPE_ENUM selectToSpeakEnabled: TYPE_ENUM
@@ -6413,7 +6458,7 @@ chrome.users.SessionLength: Maximum user session length.
duration: TYPE_STRING duration: TYPE_STRING
chrome.users.SessionLengthV2: Maximum user session length. chrome.users.SessionLengthV2: Maximum user session length.
duration: TYPE_INT64 sessionDurationLimit: TYPE_INT64
chrome.users.SetTimeoutWithoutOneMsClampEnabled: Javascript setTimeout() minimum. chrome.users.SetTimeoutWithoutOneMsClampEnabled: Javascript setTimeout() minimum.
setTimeoutWithoutOneMsClampEnabled: TYPE_ENUM setTimeoutWithoutOneMsClampEnabled: TYPE_ENUM
@@ -6768,6 +6813,11 @@ chrome.users.ThirdPartyCookieBlocking: Third-party cookie blocking.
FALSE: Allow third-party cookies. FALSE: Allow third-party cookies.
TRUE: Disallow third-party cookies. TRUE: Disallow third-party cookies.
chrome.users.ThirdPartyPasswordManagersAllowed: Third-party password managers allowed.
thirdPartyPasswordManagersAllowed: TYPE_BOOL
true: Allow using third-party password managers in Chrome.
false: Block using third-party password managers in Chrome.
chrome.users.ThirdPartyStoragePartitioningSettings: Third-party storage partitioning. chrome.users.ThirdPartyStoragePartitioningSettings: Third-party storage partitioning.
defaultThirdPartyStoragePartitioningSetting: TYPE_ENUM defaultThirdPartyStoragePartitioningSetting: TYPE_ENUM
ALLOW_PARTITIONING: Allow third-party storage partitioning to be enabled. ALLOW_PARTITIONING: Allow third-party storage partitioning to be enabled.
@@ -7019,6 +7069,11 @@ chrome.users.WarnBeforeQuittingEnabled: Warn before quitting.
MANDATORY: Do not allow users to override. MANDATORY: Do not allow users to override.
RECOMMENDED: Allow users to override. RECOMMENDED: Allow users to override.
chrome.users.WebAudioOutputBufferingEnabled: Adaptive buffering for Web Audio.
webAudioOutputBufferingEnabled: TYPE_BOOL
true: Enable web audio adaptive buffering.
false: Disable web audio adaptive buffering.
chrome.users.WebAuthnFactors: WebAuthn. chrome.users.WebAuthnFactors: WebAuthn.
webAuthnFactors: TYPE_LIST webAuthnFactors: TYPE_LIST
{'value': 'PIN', 'description': 'PIN.'} {'value': 'PIN', 'description': 'PIN.'}
@@ -7132,4 +7187,5 @@ chrome.users.ZstdContentEncodingEnabled: Zstd compression.
true: Allow zstd-compressed web content. true: Allow zstd-compressed web content.
false: Do not allow zstd-compressed web content. false: Do not allow zstd-compressed web content.
``` ```

View File

@@ -210,7 +210,7 @@ gam print devices [todrive <ToDriveAttribute>*]
<DeviceFieldName>* [fields <DeviceFieldNameList>] [userfields <DeviceUserFieldNameList>] <DeviceFieldName>* [fields <DeviceFieldNameList>] [userfields <DeviceUserFieldNameList>]
[orderby <DeviceOrderByFieldName> [ascending|descending]] [orderby <DeviceOrderByFieldName> [ascending|descending]]
[all|company|personal|nocompanydevices|nopersonaldevices] [all|company|personal|nocompanydevices|nopersonaldevices]
[nodeviceusers] [nodeviceusers|oneuserperrow]
[formatjson [quotechar <Character>]] [formatjson [quotechar <Character>]]
``` ```
By default, all devices are displayed; use the query options to limit the display. By default, all devices are displayed; use the query options to limit the display.
@@ -231,6 +231,9 @@ Select the view of devices to display:
By default, Gam makes additional API calls to display the device users for the devices; By default, Gam makes additional API calls to display the device users for the devices;
use `nodeviceuser` to suppress making the additional calls. use `nodeviceuser` to suppress making the additional calls.
By default, when device users are displayed, they are all displayed on one row;
use `oneuserperrow` to have each of a device's users displayed on a separate row with all of the other device fields.
By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format, By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
* `formatjson` - Display the fields in JSON format. * `formatjson` - Display the fields in JSON format.

View File

@@ -10,6 +10,91 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
### 7.09.00
Removed the overly broad service account `IAM and Access Management API` scope `https://www.googleapis.com/auth/cloud-platform`
from DWD. The `gam <UserTypeEntity> check|Update serviceaccount` commands issue an error message if this scope
is enabled prompting you to update your service account authorization so that the scope can be removed.
GAM commands that need IAM access now use the more limited scope `https://www.googleapis.com/auth/iam` in a non-DWD manner.
Added `enforce_expansive_access` Boolean variable to `gam.cfg` that provides the default value
for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
It's default value is False.
```
gam <UserTypeEntity> delete permissions
gam <UserTypeEntity> delete drivefileacl
gam <UserTypeEntity> update drivefileacl
gam <UserTypeEntity> copy drivefile
gam <UserTypeEntity> move drivefile
gam <UserTypeEntity> transfer ownership
gam <UserTypeEntity> claim ownership
gam <UserTypeEntity> transfer drive
```
Fixed bug in `gam print shareddriveorganizers` that caused a trap when an organizer was a deleted user.
Updated to Python 3.13.4
### 7.08.02
Updated the defaults in `gam print shareddriveorganizers` to match the most common use case, not the script.
* `domainlist` - The workspace primary domain
* `includetypes` - user
* `oneorganizer` - True
* `shownoorganizerdrives` - True
* `includefileorganizers` - False
To select organizers from any domain, use: `domainlist ""`
These commands produce the same result.
```
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
```
### 7.08.01
Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to
`gam print shareddriveorganizers` that displays organizers for a specific list of Shared Drive IDs.
See: https://github.com/GAM-team/GAM/wiki/Shared-Drives#display-shared-drive-organizers
### 7.08.00
Added the following command that can be used instead of the `GetTeamDriveOrganizers.py` script.
gam [<UserTypeEntity>] print shareddriveorganizers [todrive <ToDriveAttribute>*]
[adminaccessasadmin] [shareddriveadminquery|query <QuerySharedDrive>]
[orgunit|org|ou <OrgUnitPath>]
[matchname <REMatchPattern>]
[domainlist <DomainList>]
[includetypes <OrganizerTypeList>]
[oneorganizer [<Boolean>]]
[shownorganizerdrives [false|true|only]]
[includefileorganizers [<Boolean>]]
[delimiter <Character>]
```
See: https://github.com/GAM-team/GAM/wiki/Shared-Drives#display-shared-drive-organizers
The command defaults match the script defaults:
* `domainlist` - All domains
* `includetypes` - user,group
* `oneorganizer` - False
* `shownoorganizerdrives` - True
* `includefileorganizers` - False
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
```
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
```
### 7.07.17
Added option `oneuserperrow` to `gam print devices` to have each of a
device's users displayed on a separate row with all of the other device fields.
### 7.07.16 ### 7.07.16
Added `chromeostype`, `diskspaceusage` and `faninfo` to `<CrOSFieldName>` for use in `gam info|print cros`. Added `chromeostype`, `diskspaceusage` and `faninfo` to `<CrOSFieldName>` for use in `gam info|print cros`.

View File

@@ -251,9 +251,9 @@ writes the credentials into the file oauth2.txt.
admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
admin@server:/Users/admin$ gam version admin@server:/Users/admin$ gam version
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
GAM 7.07.16 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.09.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.3 64-bit final Python 3.13.4 64-bit final
MacOS Sequoia 15.5 x86_64 MacOS Sequoia 15.5 x86_64
Path: /Users/admin/bin/gam7 Path: /Users/admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -989,9 +989,9 @@ writes the credentials into the file oauth2.txt.
C:\>del C:\GAMConfig\oauth2.txt C:\>del C:\GAMConfig\oauth2.txt
C:\>gam version C:\>gam version
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
GAM 7.07.16 - https://github.com/GAM-team/GAM - pythonsource GAM 7.09.00 - https://github.com/GAM-team/GAM - pythonsource
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.3 64-bit final Python 3.13.4 64-bit final
Windows-10-10.0.17134 AMD64 Windows-10-10.0.17134 AMD64
Path: C:\GAM7 Path: C:\GAM7
Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com

View File

@@ -15,6 +15,7 @@
- [Display Shared Drive Counts](#display-shared-drive-counts) - [Display Shared Drive Counts](#display-shared-drive-counts)
- [Display List of Shared Drives in an Organizational Unit](#display-list-of-shared-drives-in-an-organizational-unit) - [Display List of Shared Drives in an Organizational Unit](#display-list-of-shared-drives-in-an-organizational-unit)
- [Display Count of Shared Drives in an Organizational Unit](#display-count-of-shared-drives-in-an-organizational-unit) - [Display Count of Shared Drives in an Organizational Unit](#display-count-of-shared-drives-in-an-organizational-unit)
- [Display Shared Drive Organizers](#display-shared-drive-organizers)
- [Display all Shared Drives with no members](#display-all-shared-drives-with-no-members) - [Display all Shared Drives with no members](#display-all-shared-drives-with-no-members)
- [Display all Shared Drives with no organizers](#display-all-shared-drives-with-no-organizers) - [Display all Shared Drives with no organizers](#display-all-shared-drives-with-no-organizers)
- [Display all Shared Drives with a specific organizer](#display-all-shared-drives-with-a-specific-organizer) - [Display all Shared Drives with a specific organizer](#display-all-shared-drives-with-a-specific-organizer)
@@ -30,6 +31,7 @@
- [Display ACLs for Shared Drives with all organizers outside of your domain](#display-acls-for-shared-drives-with-all-organizers-outside-of-your-domain) - [Display ACLs for Shared Drives with all organizers outside of your domain](#display-acls-for-shared-drives-with-all-organizers-outside-of-your-domain)
- [Display ACLs for Shared Drives with all ACLs outside of your domain](#display-acls-for-shared-drives-with-all-acls-outside-of-your-domain) - [Display ACLs for Shared Drives with all ACLs outside of your domain](#display-acls-for-shared-drives-with-all-acls-outside-of-your-domain)
- [Clean up scammed Shared Drives](#clean-up-scammed-shared-drives) - [Clean up scammed Shared Drives](#clean-up-scammed-shared-drives)
- [Delete old empty Shared Drives](#delete-old-empty-shared-drives)
## API documentation ## API documentation
* [Drive API - Drives](https://developers.google.com/drive/api/reference/rest/v3/drives) * [Drive API - Drives](https://developers.google.com/drive/api/reference/rest/v3/drives)
@@ -77,6 +79,9 @@
``` ```
<JSONData> ::= (json [charset <Charset>] <String>) | (json file <FileName> [charset <Charset>]) | <JSONData> ::= (json [charset <Charset>] <String>) | (json file <FileName> [charset <Charset>]) |
<OrganizerType> ::= user|group
<OrganizerTypeList> ::= "<OrganizerType>(,<OrganizerType>)*"
<OrgUnitID> ::= id:<String> <OrgUnitID> ::= id:<String>
<OrgUnitPath> ::= /|(/<String>)+ <OrgUnitPath> ::= /|(/<String>)+
<OrgUnitItem> ::= <OrgUnitID>|<OrgUnitPath> <OrgUnitItem> ::= <OrgUnitID>|<OrgUnitPath>
@@ -227,14 +232,14 @@ Three forms of the commands are available:
## Display Shared Drive themes ## Display Shared Drive themes
``` ```
gam show teamdrivethemes gam show shareddrivethemes
``` ```
## Manage Shared Drives ## Manage Shared Drives
## Create a Shared Drive ## Create a Shared Drive
The user that creates a Shared Drive is given the permission role organizer for the Shared Drive, The user that creates a Shared Drive is given the permission role organizer for the Shared Drive,
``` ```
gam [<UserTypeEntity>] create teamdrive <Name> gam [<UserTypeEntity>] create shareddrive <Name>
[(theme|themeid <String>)| [(theme|themeid <String>)|
([customtheme <DriveFileID> <Float> <Float> <Float>] [color <ColorValue>])] ([customtheme <DriveFileID> <Float> <Float> <Float>] [color <ColorValue>])]
(<SharedDriveRestrictionsSubfieldName> <Boolean>)* (<SharedDriveRestrictionsSubfieldName> <Boolean>)*
@@ -243,7 +248,7 @@ gam [<UserTypeEntity>] create teamdrive <Name>
[(csv [todrive <ToDriveAttribute>*] (addcsvdata <FieldName> <String>)*) | returnidonly] [(csv [todrive <ToDriveAttribute>*] (addcsvdata <FieldName> <String>)*) | returnidonly]
[adminaccess|asadmin] [adminaccess|asadmin]
``` ```
* `themeid` - a Shared Drive themeId obtained from `show teamdrivethemes` * `themeid` - a Shared Drive themeId obtained from `show shareddrivethemes`
* `customtheme` - set the backgroundImageFile property described here: https://developers.google.com/drive/v3/reference/teamdrives * `customtheme` - set the backgroundImageFile property described here: https://developers.google.com/drive/v3/reference/teamdrives
* `<Float>` - X coordinate, typically 0.0 * `<Float>` - X coordinate, typically 0.0
* `<Float>` - Y coordinate, typically 0.0 * `<Float>` - Y coordinate, typically 0.0
@@ -276,9 +281,9 @@ When either of these options is chosen, no infomation about Shared Drive restric
To retrieve the Shared Drive ID with `returnidonly`: To retrieve the Shared Drive ID with `returnidonly`:
``` ```
Linux/MacOS Linux/MacOS
teamDriveId=$(gam create teamdrive ... returnidonly) teamDriveId=$(gam create shareddrive ... returnidonly)
Windows PowerShell Windows PowerShell
$teamDriveId = & gam create teamdrive ... returnidonly $teamDriveId = & gam create shareddrive ... returnidonly
``` ```
## Bulk Create Shared Drives ## Bulk Create Shared Drives
@@ -288,7 +293,7 @@ As a newly created Drive can't be updated for 30+ seconds; split the operation i
Make a CSV file SharedDriveNames.csv with at least one column, name. Make a CSV file SharedDriveNames.csv with at least one column, name.
``` ```
gam redirect csv ./SharedDrivesCreated.csv multiprocess csv SharedDriveNames.csv gam create teamdrive "~name" csv gam redirect csv ./SharedDrivesCreated.csv multiprocess csv SharedDriveNames.csv gam create shareddrive "~name" csv
``` ```
This will create a three column CSV file SharedDrivesCreated.csv with columns: User,name,id This will create a three column CSV file SharedDrivesCreated.csv with columns: User,name,id
* There will be a row for each Shared Drive. * There will be a row for each Shared Drive.
@@ -319,14 +324,14 @@ gam redirect stdout ./StudentSharedDrivesAccess.txt multiprocess redirect stderr
These commands are used to set basic Shared Drive settings. These commands are used to set basic Shared Drive settings.
``` ```
gam [<UserTypeEntity>] update teamdrive <SharedDriveEntity> [name <Name>] gam [<UserTypeEntity>] update shareddrive <SharedDriveEntity> [name <Name>]
[adminaccess|asadmin] [adminaccess|asadmin]
[(theme|themeid <String>)| [(theme|themeid <String>)|
([customtheme <DriveFileID> <Float> <Float> <Float>] [color <ColorValue>])] ([customtheme <DriveFileID> <Float> <Float> <Float>] [color <ColorValue>])]
(<SharedDriveRestrictionsSubfieldName> <Boolean>)* (<SharedDriveRestrictionsSubfieldName> <Boolean>)*
[hide|hidden <Boolean>] [ou|org|orgunit <OrgUnitItem>] [hide|hidden <Boolean>] [ou|org|orgunit <OrgUnitItem>]
``` ```
* `themeid` - a Shared Drive themeId obtained from `show teamdrivethemes` * `themeid` - a Shared Drive themeId obtained from `show shareddrivethemes`
* `customtheme` - set the backgroundImageFile property described here: https://developers.google.com/drive/v3/reference/teamdrives * `customtheme` - set the backgroundImageFile property described here: https://developers.google.com/drive/v3/reference/teamdrives
* `color` - set the Shared Drive color * `color` - set the Shared Drive color
* `<SharedDriveRestrictionsSubfieldName> <Boolean>` - Set Shared Drive Restrictions * `<SharedDriveRestrictionsSubfieldName> <Boolean>` - Set Shared Drive Restrictions
@@ -338,7 +343,7 @@ This option is only available when the command is run as an administrator.
## Delete a Shared Drive ## Delete a Shared Drive
``` ```
gam [<UserTypeEntity>] delete teamdrive <SharedDriveEntity> gam [<UserTypeEntity>] delete shareddrive <SharedDriveEntity>
[adminaccess|asadmin] [allowitemdeletion] [adminaccess|asadmin] [allowitemdeletion]
``` ```
By default, deleting a Shared Drive that contains any files/folders will fail. By default, deleting a Shared Drive that contains any files/folders will fail.
@@ -347,24 +352,24 @@ This is not reversible, proceed with caution.
## Change Shared Drive visibility ## Change Shared Drive visibility
``` ```
gam [<UserTypeEntity>] hide teamdrive <SharedDriveEntity> gam [<UserTypeEntity>] hide shareddrive <SharedDriveEntity>
gam [<UserTypeEntity>] unhide teamdrive <SharedDriveEntity> gam [<UserTypeEntity>] unhide shareddrive <SharedDriveEntity>
``` ```
## Display Shared Drives ## Display Shared Drives
These commands are used to get information about Shared Drives themselves, not the files/folders on the Shared Drives. These commands are used to get information about Shared Drives themselves, not the files/folders on the Shared Drives.
``` ```
gam [<UserTypeEntity>] info teamdrive <SharedDriveEntity> gam [<UserTypeEntity>] info shareddrive <SharedDriveEntity>
[adminaccess|asadmin] [adminaccess|asadmin]
[fields <SharedDriveFieldNameList>] [formatjson] [fields <SharedDriveFieldNameList>] [formatjson]
gam [<UserTypeEntity>] show teamdriveinfo <SharedDriveEntity> gam [<UserTypeEntity>] show shareddriveinfo <SharedDriveEntity>
[adminaccess|asadmin] [adminaccess|asadmin]
[fields <SharedDriveFieldNameList>] [formatjson] [fields <SharedDriveFieldNameList>] [formatjson]
``` ```
By default, Gam displays the information as an indented list of keys and values. By default, Gam displays the information as an indented list of keys and values.
* `formatjson` - Display the fields in JSON format. * `formatjson` - Display the fields in JSON format.
``` ```
gam [<UserTypeEntity>] show teamdrives gam [<UserTypeEntity>] show shareddrives
[adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>] [adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>] [matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
[fields <SharedDriveFieldNameList>] [formatjson] [fields <SharedDriveFieldNameList>] [formatjson]
@@ -377,7 +382,7 @@ By default, all Shared Drives are displayed; use the following options to select
By default, Gam displays the information as an indented list of keys and values. By default, Gam displays the information as an indented list of keys and values.
* `formatjson` - Display the fields in JSON format. * `formatjson` - Display the fields in JSON format.
``` ```
gam [<UserTypeEntity>] print teamdrives [todrive <ToDriveAttribute>*] gam [<UserTypeEntity>] print shareddrives [todrive <ToDriveAttribute>*]
[adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>] [adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>] [matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
[fields <SharedDriveFieldNameList>] [formatjson [quotechar <Character>]] [fields <SharedDriveFieldNameList>] [formatjson [quotechar <Character>]]
@@ -399,22 +404,67 @@ The `quotechar <Character>` option allows you to choose an alternate quote chara
### Examples ### Examples
Print information about all Shared Drives in the organization. Print information about all Shared Drives in the organization.
``` ```
gam print teamdrives gam print shareddrives
gam user admin@domain.com print teamdrives adminaccess gam user admin@domain.com print shareddrives adminaccess
``` ```
Print information about Shared Drives that have admin@domain.com as a member. Print information about Shared Drives that have admin@domain.com as a member.
``` ```
gam user admin@domain.com print teamdrives gam user admin@domain.com print shareddrives
```
## Display Shared Drive Organizers
The following command can be used instead of the `GetTeamDriveOrganizers.py` script.
```
gam [<UserTypeEntity>] print shareddriveorganizers [todrive <ToDriveAttribute>*]
[adminaccess|asadmin]
[(shareddriveadminquery|query <QuerySharedDrive>) |
(shareddrives|teamdrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>)))]
[orgunit|org|ou <OrgUnitPath>]
[matchname <REMatchPattern>]
[domainlist <DomainList>]
[includetypes <OrganizerTypeList>]
[oneorganizer [<Boolean>]]
[shownorganizerdrives [false|true|only]]
[includefileorganizers [<Boolean>]]
[delimiter <Character>]
```
Options `shareddriveadminquery|query` and `shareddrives|teamdrives` are mutually exclusive.
Options `shareddriveadminquery|query` and `orgunit|org|ou` require `adminaccess|asadmin`.
By default, organizers for all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
* `shareddrives|teamdrives <SharedDriveIDList>` - Select the Shared Drive IDs specified in `<SharedDriveIDList>`
* `shareddrives|teamdrives select <FileSelector>|<CSVFileSelector>` - Select the Shared Drive IDs specified in `<FileSelector>|<CSVFileSelector>`
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
For multiple organizers:
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
The command defaults do not match the script defaults, they are set for the most common use case:
* `domainlist` - The workspace primary domain
* `includetypes` - user
* `oneorganizer` - True
* `shownoorganizerdrives` - True
* `includefileorganizers` - False
To select organizers from any domain, use: `domainlist ""`
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
```
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
``` ```
## Display all Shared Drives with no members ## Display all Shared Drives with no members
``` ```
gam print teamdrives query "memberCount = 0" gam print shareddrives query "memberCount = 0"
``` ```
## Display all Shared Drives with no organizers ## Display all Shared Drives with no organizers
``` ```
gam print teamdrives query "organizerCount = 0" gam print shareddrives query "organizerCount = 0"
``` ```
## Display Shared Drive Counts ## Display Shared Drive Counts
@@ -450,20 +500,20 @@ count = & gam print shareddrives showitemcountonly
## Display all Shared Drives with a specific organizer ## Display all Shared Drives with a specific organizer
Substitute actual email address for `organizer@domain.com`. Substitute actual email address for `organizer@domain.com`.
``` ```
gam config csv_output_header_filter "id,name" print teamdriveacls pm emailaddress organizer@domain.com role organizer em pma process pmselect gam config csv_output_header_filter "id,name" print shareddriveacls pm emailaddress organizer@domain.com role organizer em pma process pmselect
``` ```
## Display all Shared Drives without a specific organizer ## Display all Shared Drives without a specific organizer
Substitute actual email address for `organizer@domain.com`. Substitute actual email address for `organizer@domain.com`.
``` ```
gam config csv_output_header_filter "id,name" print teamdriveacls pm emailaddress organizer@domain.com role organizer em pma skip pmselect gam config csv_output_header_filter "id,name" print shareddriveacls pm emailaddress organizer@domain.com role organizer em pma skip pmselect
``` ```
## Display List of Shared Drives in an Organizational Unit ## Display List of Shared Drives in an Organizational Unit
Get the orgUnitID of the desired OU and use it (without the id:) in the print|show command. Adjust fields as desired. Get the orgUnitID of the desired OU and use it (without the id:) in the print|show command. Adjust fields as desired.
``` ```
gam show teamdrives query "orgUnitId='03ph8a2z21rexy'" fields id,name,orgunit,createdtime gam show shareddrives query "orgUnitId='03ph8a2z21rexy'" fields id,name,orgunit,createdtime
gam print teamdrives query "orgUnitId='03ph8a2z21rexy'" fields id,name,orgunit,createdtime gam print shareddrives query "orgUnitId='03ph8a2z21rexy'" fields id,name,orgunit,createdtime
``` ```
Alternative method; `<OrgUnitPath>` defaults to `/`. Alternative method; `<OrgUnitPath>` defaults to `/`.
``` ```
@@ -551,12 +601,12 @@ These commands are used to transfer ACLs from one Shared Drive to another.
* `copy` - Copy all ACLs from the source Shared Drive to the target Shared Drive. The role of an existing ACL in the target Shared Drive will never be reduced. * `copy` - Copy all ACLs from the source Shared Drive to the target Shared Drive. The role of an existing ACL in the target Shared Drive will never be reduced.
* `sync` - Add/delete/update ACLs in the target Shared Drive to match those in the source Shared Drive. * `sync` - Add/delete/update ACLs in the target Shared Drive to match those in the source Shared Drive.
``` ```
gam [<UserTypeEntity>] copy teamdriveacls <SharedDriveEntity> to <SharedDriveEntity> gam [<UserTypeEntity>] copy shareddriveacls <SharedDriveEntity> to <SharedDriveEntity>
[showpermissionsmessages [<Boolean>]] [showpermissionsmessages [<Boolean>]]
[excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>] [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
(mappermissionsdomain <DomainName> <DomainName>)* (mappermissionsdomain <DomainName> <DomainName>)*
[adminaccess|asadmin] [adminaccess|asadmin]
gam [<UserTypeEntity>] sync teamdriveacls <SharedDriveEntity> with <SharedDriveEntity> gam [<UserTypeEntity>] sync shareddriveacls <SharedDriveEntity> with <SharedDriveEntity>
[showpermissionsmessages [<Boolean>]] [showpermissionsmessages [<Boolean>]]
[excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>] [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
(mappermissionsdomain <DomainName> <DomainName>)* (mappermissionsdomain <DomainName> <DomainName>)*
@@ -594,7 +644,7 @@ gam [<UserTypeEntity>] print drivefileacls <SharedDriveEntityAdmin> [todrive <To
### Examples: ### Examples:
Find all the organizers and file organizers on the Golgafrincham shared drive in CSV form. Find all the organizers and file organizers on the Golgafrincham shared drive in CSV form.
``` ```
gam print drivefileacls teamdrive "Golgafrincham" pm role organizer em pm role fileorganizer em oneitemperrow gam print drivefileacls shareddrive "Golgafrincham" pm role organizer em pm role fileorganizer em oneitemperrow
``` ```
By default, all Shared Drives specified are displayed; use the following option to select a subset of those Shared Drives. By default, all Shared Drives specified are displayed; use the following option to select a subset of those Shared Drives.
@@ -625,7 +675,7 @@ gam config csv_output_header_drop_filter "User,createdTime,permission.photoLink,
## Display Shared Drive access for selected Shared Drives ## Display Shared Drive access for selected Shared Drives
``` ```
gam [<UserTypeEntity>] show teamdriveacls gam [<UserTypeEntity>] show shareddriveacls
[adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>] [adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>] [matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)* [user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
@@ -634,7 +684,7 @@ gam [<UserTypeEntity>] show teamdriveacls
[shownopermissionsdrives false|true|only] [shownopermissionsdrives false|true|only]
[formatjson] [formatjson]
gam [<UserTypeEntity>] print teamdriveacls [todrive <ToDriveAttribute>*] gam [<UserTypeEntity>] print shareddriveacls [todrive <ToDriveAttribute>*]
[adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>] [adminaccess|asadmin] [teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>] [matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)* [user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
@@ -661,7 +711,7 @@ By default, all ACLS are displayed; use the following options to select a subset
* `role|roles <SharedDriveACLRoleList>` - Display ACLs for the specified roles only. * `role|roles <SharedDriveACLRoleList>` - Display ACLs for the specified roles only.
* `<PermissionMatch>* [<PermissionMatchAction>]` - Use permission matching to display a subset of the ACLs for each Shared Drive; this only applies when `pmselect` is not specified * `<PermissionMatch>* [<PermissionMatchAction>]` - Use permission matching to display a subset of the ACLs for each Shared Drive; this only applies when `pmselect` is not specified
With `print teamdriveacls` or `show teamdrivecls formatjson`, the ACLs selected for display are all output on one row/line as a repeating item with the matching Shared Drive id. With `print shareddriveacls` or `show shareddrivecls formatjson`, the ACLs selected for display are all output on one row/line as a repeating item with the matching Shared Drive id.
When `oneitemperrow` is specified, each ACL is output on a separate row/line with the matching Shared Drive id and name. This simplifies processing the CSV file with subsequent Gam commands. When `oneitemperrow` is specified, each ACL is output on a separate row/line with the matching Shared Drive id and name. This simplifies processing the CSV file with subsequent Gam commands.
By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
@@ -673,35 +723,35 @@ The `quotechar <Character>` option allows you to choose an alternate quote chara
### Examples ### Examples
Find all organizers and viewers on the shared drive Heart of Gold in CSV form. Find all organizers and viewers on the shared drive Heart of Gold in CSV form.
``` ```
gam print teamdriveacls matchname "Heart of Gold" role organizer,reader oneitemperrow gam print shareddriveacls matchname "Heart of Gold" role organizer,reader oneitemperrow
``` ```
Print ACLs for all Shared Drives in the organization created after November 1, 2017. Print ACLs for all Shared Drives in the organization created after November 1, 2017.
``` ```
gam print teamdriveacls teamdriveadminquery "createdTime > '2017-11-01T00:00:00'" gam print shareddriveacls shareddriveadminquery "createdTime > '2017-11-01T00:00:00'"
``` ```
Print ACLs for all Shared Drives in the organization with foo@bar.com as an organizer. Print ACLs for all Shared Drives in the organization with foo@bar.com as an organizer.
``` ```
gam print teamdriveacls user foo@bar.com role organizer gam print shareddriveacls user foo@bar.com role organizer
``` ```
Print ACLs for all Shared Drives in the organization with foo@bar.com or groups that contain foo@bar.com as a reader. Print ACLs for all Shared Drives in the organization with foo@bar.com or groups that contain foo@bar.com as a reader.
``` ```
gam print teamdriveacls user foo@bar.com role reader checkgroups gam print shareddriveacls user foo@bar.com role reader checkgroups
``` ```
## Display ACLs for Shared Drives with no organizers ## Display ACLs for Shared Drives with no organizers
### For all Shared Drives ### For all Shared Drives
``` ```
One row per Shared Drive, all ACLs on the same row One row per Shared Drive, all ACLs on the same row
gam redirect csv ./SharedDriveACLsNoOrganizers.csv print teamdriveacls fields id,domain,emailaddress,role,type,deleted query "organizerCount = 0" gam redirect csv ./SharedDriveACLsNoOrganizers.csv print shareddriveacls fields id,domain,emailaddress,role,type,deleted query "organizerCount = 0"
A row per Shared Drive/ACL combination A row per Shared Drive/ACL combination
gam redirect csv ./SharedDriveACLsNoOrganizers.csv print teamdriveacls fields id,domain,emailaddress,role,type,deleted query "organizerCount = 0" oneitemperrow gam redirect csv ./SharedDriveACLsNoOrganizers.csv print shareddriveacls fields id,domain,emailaddress,role,type,deleted query "organizerCount = 0" oneitemperrow
``` ```
### For selected Shared Drives ### For selected Shared Drives
Create a CSV file TeamDrives.csv with at least two columns (id, name) for the selected Shared Drives. Create a CSV file shareddrives.csv with at least two columns (id, name) for the selected Shared Drives.
``` ```
One row per Shared Drive, all ACLs on the same row One row per Shared Drive, all ACLs on the same row
gam redirect csv ./SharedDriveACLsNoOrganizers.csv multiprocess csv ./SharedDrives.csv gam print drivefileacls "~id" addtitle "~name" fields id,domain,emailaddress,role,type,deleted pm role organizer em pma skip pmselect gam redirect csv ./SharedDriveACLsNoOrganizers.csv multiprocess csv ./SharedDrives.csv gam print drivefileacls "~id" addtitle "~name" fields id,domain,emailaddress,role,type,deleted pm role organizer em pma skip pmselect
@@ -714,13 +764,13 @@ gam redirect csv ./SharedDriveACLsNoOrganizersOIPR.csv multiprocess csv ./Shared
### For all Shared Drives ### For all Shared Drives
``` ```
One row per Shared Drive, all ACLs on the same row One row per Shared Drive, all ACLs on the same row
gam redirect csv ./SharedDriveACLsAllExternalOrganizers.csv print teamdriveacls fields id,domain,emailaddress,role,type,deleted role organizer pm role organizer domainlist domain.com,... em pma skip pmselect gam redirect csv ./SharedDriveACLsAllExternalOrganizers.csv print shareddriveacls fields id,domain,emailaddress,role,type,deleted role organizer pm role organizer domainlist domain.com,... em pma skip pmselect
A row per Shared Drive/ACL combination A row per Shared Drive/ACL combination
gam redirect csv ./SharedDriveACLsAllExternalOrganizers.csv print teamdriveacls fields id,domain,emailaddress,role,type,deleted role organizer pm role organizer domainlist domain.com,... em pma skip pmselect gam redirect csv ./SharedDriveACLsAllExternalOrganizers.csv print shareddriveacls fields id,domain,emailaddress,role,type,deleted role organizer pm role organizer domainlist domain.com,... em pma skip pmselect
``` ```
### For selected Shared Drives ### For selected Shared Drives
Create a CSV file TeamDrives.csv with at least two columns (id, name) for the selected Shared Drives. Create a CSV file shareddrives.csv with at least two columns (id, name) for the selected Shared Drives.
``` ```
One row per Shared Drive, all ACLs on the same row One row per Shared Drive, all ACLs on the same row
gam redirect csv ./SharedDriveACLsAllExternalOrganizers.csv multiprocess csv ./SharedDrives.csv gam print drivefileacls "~id" addtitle "~name" fields id,domain,emailaddress,role,type,deleted pm role organizer domainlist domain.com,... em pma skip pmselect gam redirect csv ./SharedDriveACLsAllExternalOrganizers.csv multiprocess csv ./SharedDrives.csv gam print drivefileacls "~id" addtitle "~name" fields id,domain,emailaddress,role,type,deleted pm role organizer domainlist domain.com,... em pma skip pmselect
@@ -734,13 +784,13 @@ gam redirect csv ./SharedDriveACLsAllExternalOrganizersOIPR.csv multiprocess csv
Include a permission match `pm domainlist domain.com,... em` that lists your internal domain(s). Include a permission match `pm domainlist domain.com,... em` that lists your internal domain(s).
``` ```
One row per Shared Drive, all ACLs on the same row One row per Shared Drive, all ACLs on the same row
gam redirect csv ./SharedDriveACLsAllExternal.csv print teamdriveacls fields id,domain,emailaddress,role,type,deleted pm domainlist domain.com,... em pma skip pmselect gam redirect csv ./SharedDriveACLsAllExternal.csv print shareddriveacls fields id,domain,emailaddress,role,type,deleted pm domainlist domain.com,... em pma skip pmselect
A row per Shared Drive/ACL combination A row per Shared Drive/ACL combination
gam redirect csv ./SharedDriveACLsAllExternalOIPR.csv print teamdriveacls fields id,domain,emailaddress,role,type,deleted pm domainlist domain.com,... em pma skip pmselect oneitemperrow gam redirect csv ./SharedDriveACLsAllExternalOIPR.csv print shareddriveacls fields id,domain,emailaddress,role,type,deleted pm domainlist domain.com,... em pma skip pmselect oneitemperrow
``` ```
### For selected Shared Drives ### For selected Shared Drives
Create a CSV file TeamDrives.csv with at least two columns (id, name) for the selected Shared Drives. Create a CSV file shareddrives.csv with at least two columns (id, name) for the selected Shared Drives.
Include a permission match `pm domainlist domain.com,... em` that lists your internal domain(s). Include a permission match `pm domainlist domain.com,... em` that lists your internal domain(s).
``` ```
@@ -763,16 +813,16 @@ to get the Shared Drive ACLs for the scammed Shared Drives.
``` ```
One row per Shared Drive, all ACLs on the same row One row per Shared Drive, all ACLs on the same row
gam redirect csv ./SharedDriveACLsAllExternal.csv print teamdriveacls fields id,domain,emailaddress,role,type,deleted pm domainlist domain.com,... em pma skip pmselect gam redirect csv ./SharedDriveACLsAllExternal.csv print shareddriveacls fields id,domain,emailaddress,role,type,deleted pm domainlist domain.com,... em pma skip pmselect
A row per Shared Drive/ACL combination A row per Shared Drive/ACL combination
gam redirect csv ./SharedDriveACLsAllExternalOIPR.csv print teamdriveacls fields id,domain,emailaddress,role,type,deleted pm domainlist domain.com,... em pma skip pmselect oneitemperrow gam redirect csv ./SharedDriveACLsAllExternalOIPR.csv print shareddriveacls fields id,domain,emailaddress,role,type,deleted pm domainlist domain.com,... em pma skip pmselect oneitemperrow
``` ```
### Add an organizer from your domain ### Add an organizer from your domain
Sustitute an appropriate value for `admin@domain.com`. Sustitute an appropriate value for `admin@domain.com`.
``` ```
gam redirect stdout ./AddOrganizer.txt multiprocess redirect stderr stdout csv ./SharedDriveACLsAllExternal.csv gam add drivefileacl teamdriveid "~id" user admin@domain.com role organizer gam redirect stdout ./AddOrganizer.txt multiprocess redirect stderr stdout csv ./SharedDriveACLsAllExternal.csv gam add drivefileacl shareddriveid "~id" user admin@domain.com role organizer
``` ```
### Delete non domain ACLs ### Delete non domain ACLs
@@ -781,7 +831,7 @@ you must delete all rows in `SharedDriveACLsAllExternalOIPR.csv` that have the s
This will disable all non-domain users access to the Shared Drive. This will disable all non-domain users access to the Shared Drive.
``` ```
gam redirect stdout ./DeleteExternalACLs.txt multiprocess redirect stderr stdout csv ./SharedDriveACLsAllExternalOIPR.csv gam delete drivefileacl teamdriveid "~id" "id:~~permission.id~~" gam redirect stdout ./DeleteExternalACLs.txt multiprocess redirect stderr stdout csv ./SharedDriveACLsAllExternalOIPR.csv gam delete drivefileacl shareddriveid "~id" "id:~~permission.id~~"
``` ```
### Delete the Shared Drives ### Delete the Shared Drives
@@ -789,5 +839,21 @@ The `allowitemdeletion` option allows deletion of non-empty Shared Drives. This
This is not reversible, proceed with caution. This is not reversible, proceed with caution.
``` ```
gam redirect stdout ./DeleteSharedDrives.txt multiprocess redirect stderr stdout csv ./SharedDriveACLsAllExternal.csv gam delete teamdrive "~id" allowitemdeletion gam redirect stdout ./DeleteSharedDrives.txt multiprocess redirect stderr stdout csv ./SharedDriveACLsAllExternal.csv gam delete shareddrive "~id" allowitemdeletion
```
## Delete old empty Shared Drives
```
# Get a list of Shared Drives organizers for Shared Drives created before one year ago; alter date<-1y as required.
gam config csv_output_row_filter "createdTime:date<-1y" redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
# Inspect shareddriveOrganizers.csv, you'll have to deal with Shared Drives with no organizer/manager
# Get old empty Shared Drives
gam config num_threads 10 csv_input_row_filter "organizers:regex:^.+$" csv_output_row_filter "Total:count=0" redirect csv ./OldEmptySharedDrives.csv multiprocess redirect stderr - multiprocess csv ./TeamDriveOrganizers.csv gam user "~organizers" print filecounts select shareddriveid "~id" showsize
# Inspect OldEmptySharedDrives.csv, if you're confident of the results, proceed
# Delete old empty Shared Drives
gam redirect stdout ./DeleteOldEmptySharedDrives.txt multiprocess redirect stderr stdout csv ./OldEmptySharedDrives.csv gam user "~User" delete shareddrive "~id"
``` ```

View File

@@ -1,4 +1,5 @@
# Users - Gmail - Delegates # Users - Gmail - Delegates
- [Notes](#notes)
- [API documentation](#api-documentation) - [API documentation](#api-documentation)
- [Definitions](#definitions) - [Definitions](#definitions)
- [Aliases](#aliases) - [Aliases](#aliases)
@@ -8,6 +9,11 @@
- [Display Gmail delegates](#display-gmail-delegates) - [Display Gmail delegates](#display-gmail-delegates)
- [Delete all delegates for a user](#delete-all-delegates-for-a-user) - [Delete all delegates for a user](#delete-all-delegates-for-a-user)
## Notes
To use Gmail delegation, the delegator and delagatee must be in org units where
mail delegation is enabled. In the admin console, go to Apps/Google Workspace/Gmail/User Settings.
## API documentation ## API documentation
* [Gmail API - Delegates](https://developers.google.com/gmail/api/v1/reference/users.settings.delegates) * [Gmail API - Delegates](https://developers.google.com/gmail/api/v1/reference/users.settings.delegates)
* [Delegation Notes](https://support.google.com/a/answer/7223765) * [Delegation Notes](https://support.google.com/a/answer/7223765)

View File

@@ -12,6 +12,7 @@
- [Change Shared Drive visibility](#change-shared-drive-visibility) - [Change Shared Drive visibility](#change-shared-drive-visibility)
- [Display Shared Drives](#display-shared-drives) - [Display Shared Drives](#display-shared-drives)
- [Display Shared Drive Counts](#display-shared-drive-counts) - [Display Shared Drive Counts](#display-shared-drive-counts)
- [Display Shared Drive Organizers](#display-shared-drive-organizers)
- [Manage Shared Drive access](#manage-shared-drive-access) - [Manage Shared Drive access](#manage-shared-drive-access)
- [Display Shared Drive access](#display-shared-drive-access) - [Display Shared Drive access](#display-shared-drive-access)
- [Display Shared Drive access for specific Shared Drives](#display-shared-drive-access-for-specific-shared-drives) - [Display Shared Drive access for specific Shared Drives](#display-shared-drive-access-for-specific-shared-drives)
@@ -72,6 +73,9 @@
``` ```
<JSONData> ::= (json [charset <Charset>] <String>) | (json file <FileName> [charset <Charset>]) | <JSONData> ::= (json [charset <Charset>] <String>) | (json file <FileName> [charset <Charset>]) |
<OrganizerType> ::= user|group
<OrganizerTypeList> ::= "<OrganizerType>(,<OrganizerType>)*"
<OrgUnitID> ::= id:<String> <OrgUnitID> ::= id:<String>
<OrgUnitPath> ::= /|(/<String>)+ <OrgUnitPath> ::= /|(/<String>)+
<OrgUnitItem> ::= <OrgUnitID>|<OrgUnitPath> <OrgUnitItem> ::= <OrgUnitID>|<OrgUnitPath>
@@ -200,14 +204,14 @@ sharingfoldersrequiresorganizerpermission true
## Display Shared Drive themes ## Display Shared Drive themes
``` ```
gam <UserTypeEntity> show teamdrivethemes gam <UserTypeEntity> show shareddrivethemes
``` ```
## Manage Shared Drives ## Manage Shared Drives
## Create a Shared Drive ## Create a Shared Drive
The user that creates a Shared Drive is given the permission role organizer for the Shared Drive, The user that creates a Shared Drive is given the permission role organizer for the Shared Drive,
``` ```
gam <UserTypeEntity> create teamdrive <Name> gam <UserTypeEntity> create shareddrive <Name>
[(theme|themeid <String>)| [(theme|themeid <String>)|
([customtheme <DriveFileID> <Float> <Float> <Float>] [color <ColorValue>])] ([customtheme <DriveFileID> <Float> <Float> <Float>] [color <ColorValue>])]
(<SharedDriveRestrictionsSubfieldName> <Boolean>)* (<SharedDriveRestrictionsSubfieldName> <Boolean>)*
@@ -215,7 +219,7 @@ gam <UserTypeEntity> create teamdrive <Name>
[errorretries <Integer>] [updateinitialdelay <Integer>] [updateretrydelay <Integer>] [errorretries <Integer>] [updateinitialdelay <Integer>] [updateretrydelay <Integer>]
[(csv [todrive <ToDriveAttribute>*] (addcsvdata <FieldName> <String>)*) | returnidonly] [(csv [todrive <ToDriveAttribute>*] (addcsvdata <FieldName> <String>)*) | returnidonly]
``` ```
* `themeid` - a Shared Drive themeId obtained from `show teamdrivethemes` * `themeid` - a Shared Drive themeId obtained from `show shareddrivethemes`
* `customtheme` - set the backgroundImageFile property described here: https://developers.google.com/drive/v3/reference/teamdrives * `customtheme` - set the backgroundImageFile property described here: https://developers.google.com/drive/v3/reference/teamdrives
* `<Float>` - X coordinate, typically 0.0 * `<Float>` - X coordinate, typically 0.0
* `<Float>` - Y coordinate, typically 0.0 * `<Float>` - Y coordinate, typically 0.0
@@ -248,9 +252,9 @@ When either of these options is chosen, no infomation about Shared Drive restric
To retrieve the Shared Drive ID with `returnidonly`: To retrieve the Shared Drive ID with `returnidonly`:
``` ```
Linux/MacOS Linux/MacOS
teamDriveId=$(gam user user@domain.com create teamdrive ... returnidonly) teamDriveId=$(gam user user@domain.com create shareddrive ... returnidonly)
Windows PowerShell Windows PowerShell
$teamDriveId = & gam user user@domain.com create teamdrive ... returnidonly $teamDriveId = & gam user user@domain.com create shareddrive ... returnidonly
``` ```
## Bulk Create Shared Drives ## Bulk Create Shared Drives
@@ -260,7 +264,7 @@ As a newly created Drive can't be updated for 30+ seconds; split the operation i
Make a CSV file SharedDriveNames.csv with at least two columns, User and name. Make a CSV file SharedDriveNames.csv with at least two columns, User and name.
``` ```
gam redirect csv ./SharedDrivesCreated.csv multiprocess csv SharedDriveNames.csv gam user "~User" create teamdrive "~name" csv gam redirect csv ./SharedDrivesCreated.csv multiprocess csv SharedDriveNames.csv gam user "~User" create shareddrive "~name" csv
``` ```
This will create a three column CSV file SharedDriveNamesIDs.csv with columns: User,name,id This will create a three column CSV file SharedDriveNamesIDs.csv with columns: User,name,id
* There will be a row for each Shared Drive. * There will be a row for each Shared Drive.
@@ -274,13 +278,13 @@ gam redirect stdout ./SharedDrivesUpdated.txt multiprocess redirect stderr stdou
This command is used to set basic Shared Drive settings. This command is used to set basic Shared Drive settings.
``` ```
gam <UserTypeEntity> update teamdrive <SharedDriveEntity> [adminaccess|asadmin] [name <Name>] gam <UserTypeEntity> update shareddrive <SharedDriveEntity> [adminaccess|asadmin] [name <Name>]
[(theme|themeid <String>)| [(theme|themeid <String>)|
([customtheme <DriveFileID> <Float> <Float> <Float>] [color <ColorValue>])] ([customtheme <DriveFileID> <Float> <Float> <Float>] [color <ColorValue>])]
(<SharedDriveRestrictionsSubfieldName> <Boolean>)* (<SharedDriveRestrictionsSubfieldName> <Boolean>)*
[hide|hidden <Boolean>] [ou|org|orgunit <OrgUnitItem>] [hide|hidden <Boolean>] [ou|org|orgunit <OrgUnitItem>]
``` ```
* `themeid` - a Shared Drive themeId obtained from `show teamdrivethemes` * `themeid` - a Shared Drive themeId obtained from `show shareddrivethemes`
* `customtheme` - set the backgroundImageFile property described here: https://developers.google.com/drive/v3/reference/teamdrives * `customtheme` - set the backgroundImageFile property described here: https://developers.google.com/drive/v3/reference/teamdrives
* `color` - set the Shared Drive color * `color` - set the Shared Drive color
* `<SharedDriveRestrictionsSubfieldName> <Boolean>` - Set Shared Drive Restrictions * `<SharedDriveRestrictionsSubfieldName> <Boolean>` - Set Shared Drive Restrictions
@@ -291,7 +295,7 @@ This option is only available when the command is run as an administrator.
## Delete a Shared Drive ## Delete a Shared Drive
``` ```
gam <UserTypeEntity> delete teamdrive <SharedDriveEntity> [allowitemdeletion] [adminaccess|asadmin] gam <UserTypeEntity> delete shareddrive <SharedDriveEntity> [allowitemdeletion] [adminaccess|asadmin]
``` ```
By default, deleting a Shared Drive that contains any files/folders will fail. By default, deleting a Shared Drive that contains any files/folders will fail.
The `allowitemdeletion` option allows a Super Admin to delete a non-empty Shared Drive. The `allowitemdeletion` option allows a Super Admin to delete a non-empty Shared Drive.
@@ -299,19 +303,19 @@ This is not reversible, proceed with caution.
## Change Shared Drive visibility ## Change Shared Drive visibility
``` ```
gam <UserTypeEntity> hide teamdrive <SharedDriveEntity> gam <UserTypeEntity> hide shareddrive <SharedDriveEntity>
gam <UserTypeEntity> unhide teamdrive <SharedDriveEntity> gam <UserTypeEntity> unhide shareddrive <SharedDriveEntity>
``` ```
## Display Shared Drives ## Display Shared Drives
``` ```
gam <UserTypeEntity> show teamdriveinfo <SharedDriveEntity> gam <UserTypeEntity> show shareddriveinfo <SharedDriveEntity>
gam <UserTypeEntity> info teamdrive <SharedDriveEntity> gam <UserTypeEntity> info shareddrive <SharedDriveEntity>
[fields <SharedDriveFieldNameList>] [fields <SharedDriveFieldNameList>]
[guiroles [<Boolean>] [formatjson] [guiroles [<Boolean>] [formatjson]
gam <UserTypeEntity> show teamdriveinfo <SharedDriveEntity> gam <UserTypeEntity> show shareddriveinfo <SharedDriveEntity>
[fields <SharedDriveFieldNameList>] [fields <SharedDriveFieldNameList>]
[guiroles [<Boolean>] [formatjson] [guiroles [<Boolean>] [formatjson]
gam <UserTypeEntity> show teamdrives gam <UserTypeEntity> show shareddrives
[matchname <REMatchPattern>] (role|roles <SharedDriveACLRoleList>)* [matchname <REMatchPattern>] (role|roles <SharedDriveACLRoleList>)*
[fields <SharedDriveFieldNameList>] [fields <SharedDriveFieldNameList>]
[guiroles [<Boolean>] [formatjson] [guiroles [<Boolean>] [formatjson]
@@ -323,7 +327,7 @@ By default, Gam displays all Teams Drives accessible by the user.
By default, Gam displays the information as an indented list of keys and values. By default, Gam displays the information as an indented list of keys and values.
* `formatjson` - Display the fields in JSON format. * `formatjson` - Display the fields in JSON format.
``` ```
gam <UserTypeEntity> print teamdrives [todrive <ToDriveAttribute>*] gam <UserTypeEntity> print shareddrives [todrive <ToDriveAttribute>*]
[matchname <REMatchPattern>] (role|roles <SharedDriveACLRoleList>)* [matchname <REMatchPattern>] (role|roles <SharedDriveACLRoleList>)*
[fields <SharedDriveFieldNameList>] [formatjson [quotechar <Character>]] [fields <SharedDriveFieldNameList>] [formatjson [quotechar <Character>]]
``` ```
@@ -386,6 +390,51 @@ count=$(gam user user@domain.com print shareddrives showitemcountonly)
Windows PowerShell Windows PowerShell
count = & gam user user@domain.com print shareddrives showitemcountonly count = & gam user user@domain.com print shareddrives showitemcountonly
``` ```
## Display Shared Drive Organizers
The following command can be used instead of the `GetTeamDriveOrganizers.py` script.
```
gam <UserTypeEntity> print shareddriveorganizers [todrive <ToDriveAttribute>*]
[adminaccess|asadmin]
[(shareddriveadminquery|query <QuerySharedDrive>) |
(shareddrives|teamdrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>)))]
[orgunit|org|ou <OrgUnitPath>]
[matchname <REMatchPattern>]
[domainlist <DomainList>]
[includetypes <OrganizerTypeList>]
[oneorganizer [<Boolean>]]
[shownorganizerdrives [false|true|only]]
[includefileorganizers [<Boolean>]]
[delimiter <Character>]
```
Options `shareddriveadminquery|query` and `shareddrives|teamdrives` are mutually exclusive.
Options `shareddriveadminquery|query` and `orgunit|org|ou` require `adminaccess|asadmin`.
By default, organizers for all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
* `shareddrives|teamdrives <SharedDriveIDList>` - Select the Shared Drive IDs specified in `<SharedDriveIDList>`
* `shareddrives|teamdrives select <FileSelector>|<CSVFileSelector>` - Select the Shared Drive IDs specified in `<FileSelector>|<CSVFileSelector>`
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
For multiple organizers:
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
The command defaults do not match the script defaults, they are set for the most common use case:
* `domainlist` - The workspace primary domain
* `includetypes` - user
* `oneorganizer` - True
* `shownoorganizerdrives` - True
* `includefileorganizers` - False
To select organizers from any domain, use: `domainlist ""`
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
```
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
```
## Manage Shared Drive access ## Manage Shared Drive access
These commands must be issued by a user with Shared Drive permission role organizer. These commands must be issued by a user with Shared Drive permission role organizer.
### Process single ACLs. ### Process single ACLs.
@@ -458,14 +507,14 @@ The `quotechar <Character>` option allows you to choose an alternate quote chara
## Display Shared Drive access for selected Shared Drives ## Display Shared Drive access for selected Shared Drives
``` ```
gam <UserTypeEntity> show teamdriveacls gam <UserTypeEntity> show shareddriveacls
adminaccess [teamdriveadminquery|query <QueryTeamDrive>] adminaccess [teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>] [matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)* [user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
<PermissionMatch>* [<PermissionMatchAction>] [pmselect] <PermissionMatch>* [<PermissionMatchAction>] [pmselect]
[oneitemperrow] [<DrivePermissionsFieldName>*|(fields <DrivePermissionsFieldNameList>)] [oneitemperrow] [<DrivePermissionsFieldName>*|(fields <DrivePermissionsFieldNameList>)]
[formatjson [quotechar <Character>]] [formatjson [quotechar <Character>]]
gam <UserTypeEntity> print teamdriveacls [todrive <ToDriveAttribute>*] gam <UserTypeEntity> print shareddriveacls [todrive <ToDriveAttribute>*]
adminaccess [teamdriveadminquery|query <QueryTeamDrive>] adminaccess [teamdriveadminquery|query <QueryTeamDrive>]
[matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>] [matchname <REMatchPattern>] [orgunit|org|ou <OrgUnitPath>]
[user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)* [user|group <EmailAddress> [checkgroups]] (role|roles <SharedDriveACLRoleList>)*
@@ -488,7 +537,7 @@ By default, all ACLS are displayed; use the following options to select a subset
* `role|roles <SharedDriveACLRoleList>` - Display ACLs for the specified roles only. * `role|roles <SharedDriveACLRoleList>` - Display ACLs for the specified roles only.
* `<PermissionMatch>* [<PermissionMatchAction>]` - Use permission matching to display a subset of the ACLs for each Shared Drive; this only applies when `pmselect` is not specified * `<PermissionMatch>* [<PermissionMatchAction>]` - Use permission matching to display a subset of the ACLs for each Shared Drive; this only applies when `pmselect` is not specified
With `print teamdriveacls` or `show teamdrivecls formatjson`, the ACLs selected for display are all output on one row/line as a repeating item with the matching Shared Drive id. With `print shareddriveacls` or `show shareddrivecls formatjson`, the ACLs selected for display are all output on one row/line as a repeating item with the matching Shared Drive id.
When `oneitemperrow` is specified, each ACL is output on a separate row/line with the matching Shared Drive id and name. This simplifies processing the CSV file with subsequent Gam commands. When `oneitemperrow` is specified, each ACL is output on a separate row/line with the matching Shared Drive id and name. This simplifies processing the CSV file with subsequent Gam commands.
By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain

View File

@@ -3,9 +3,9 @@
Print the current version of Gam with details Print the current version of Gam with details
``` ```
gam version gam version
GAM 7.07.16 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.09.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.3 64-bit final Python 3.13.4 64-bit final
MacOS Sequoia 15.5 x86_64 MacOS Sequoia 15.5 x86_64
Path: /Users/Admin/bin/gam7 Path: /Users/Admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -15,9 +15,9 @@ Time: 2023-06-02T21:10:00-07:00
Print the current version of Gam with details and time offset information Print the current version of Gam with details and time offset information
``` ```
gam version timeoffset gam version timeoffset
GAM 7.07.16 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.09.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.3 64-bit final Python 3.13.4 64-bit final
MacOS Sequoia 15.5 x86_64 MacOS Sequoia 15.5 x86_64
Path: /Users/Admin/bin/gam7 Path: /Users/Admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -27,9 +27,9 @@ Your system time differs from www.googleapis.com by less than 1 second
Print the current version of Gam with extended details and SSL information Print the current version of Gam with extended details and SSL information
``` ```
gam version extended gam version extended
GAM 7.07.16 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.09.00 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.3 64-bit final Python 3.13.4 64-bit final
MacOS Sequoia 15.5 x86_64 MacOS Sequoia 15.5 x86_64
Path: /Users/Admin/bin/gam7 Path: /Users/Admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
Path: /Users/Admin/bin/gam7 Path: /Users/Admin/bin/gam7
Version Check: Version Check:
Current: 5.35.08 Current: 5.35.08
Latest: 7.07.16 Latest: 7.09.00
echo $? echo $?
1 1
``` ```
@@ -72,7 +72,7 @@ echo $?
Print the current version number without details Print the current version number without details
``` ```
gam version simple gam version simple
7.07.16 7.09.00
``` ```
In Linux/MacOS you can do: In Linux/MacOS you can do:
``` ```
@@ -82,9 +82,9 @@ echo $VER
Print the current version of Gam and address of this Wiki Print the current version of Gam and address of this Wiki
``` ```
gam help gam help
GAM 7.07.16 - https://github.com/GAM-team/GAM GAM 7.09.00 - https://github.com/GAM-team/GAM
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.3 64-bit final Python 3.13.4 64-bit final
MacOS Sequoia 15.5 x86_64 MacOS Sequoia 15.5 x86_64
Path: /Users/Admin/bin/gam7 Path: /Users/Admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com

View File

@@ -328,6 +328,16 @@ enable_dasa
admin_email, customer_id and domain must be set when enable_dasa is True, admin_email, customer_id and domain must be set when enable_dasa is True,
customer_id may not be set to my_customer customer_id may not be set to my_customer
Signal file: OldGamPath/enabledasa.txt Signal file: OldGamPath/enabledasa.txt
enforce_expansive_access
The default value for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
gam <UserTypeEntity> delete permissions
gam <UserTypeEntity> delete drivefileacl
gam <UserTypeEntity> update drivefileacl
gam <UserTypeEntity> copy drivefile
gam <UserTypeEntity> move drivefile
gam <UserTypeEntity> transfer ownership
gam <UserTypeEntity> claim ownership
Default: False
event_max_results event_max_results
When retrieving lists of Calendar events from API, When retrieving lists of Calendar events from API,
how many should be retrieved in each API call how many should be retrieved in each API call