Compare commits

...

28 Commits

Author SHA1 Message Date
Ross Scroggs
fe1f0285f8 Updated gam <UserTypeEntity> create focustime|outofoffice ... timerange <Time> <Time> 2025-06-10 09:12:17 -07:00
Ross Scroggs
da83121d0d gam.cfg enforce_expansive_access new defaults to true 2025-06-10 09:02:20 -07:00
Ross Scroggs
f58a69e374 gam.cfg enforce_expansive_access new defaults to true 2025-06-10 09:02:03 -07:00
Jay Lee
2f40a164c5 Change default of expansive access. Fixes #1776
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
2025-06-09 15:51:27 +00:00
Ross Scroggs
58a3fa7313 Update Groups-Membership.md 2025-06-09 08:37:55 -07:00
Ross Scroggs
39ce5b7349 Improved output of gam info|show chromeschemas
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
2025-06-06 18:39:25 -07:00
Ross Scroggs
860d44d819 Improved output of gam info|show chromeschemas 2025-06-06 18:38:43 -07:00
Ross Scroggs
5e90ff143e Update Chrome-Policies.md
Some checks failed
Push wiki / pushwiki (push) Has been cancelled
2025-06-06 17:24:08 -07:00
Ross Scroggs
28e05bf09a Fixed bug in gam update chromepolicy
Some checks failed
Push wiki / pushwiki (push) Has been cancelled
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
2025-06-05 22:53:23 -07:00
Ross Scroggs
0781e27993 Fixed bug in gam update chromepolicy 2025-06-05 22:53:05 -07:00
Ross Scroggs
a441dddc06 Update Chrome-Policies.md 2025-06-05 22:47:12 -07:00
Ross Scroggs
4a42581e00 Update deprecated scopes checking
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
2025-06-05 08:55:54 -07:00
Ross Scroggs
de2bfb0d52 Update GamUpdates.md 2025-06-05 08:11:41 -07:00
Ross Scroggs
f418287e65 Fixed bug in gam print shareddriveorganizers that caused a trap when an organizer was a deleted user. 2025-06-05 08:11:34 -07:00
Ross Scroggs
fccf6c1278 Added enforce_expansive_access Boolean variable to gam.cfg 2025-06-04 17:35:19 -07:00
Ross Scroggs
ee874858b4 Added enforce_expansive_access Boolean variable to gam.cfg
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
2025-06-04 17:34:57 -07:00
Ross Scroggs
dde1354bd0 Remove IAM API from DWD 2025-06-03 18:17:37 -07:00
Ross Scroggs
c241c2744f Update GamUpdate.txt
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
2025-06-03 18:16:54 -07:00
Ross Scroggs
5ee1fa1b61 Merge branch 'main' of https://github.com/GAM-team/GAM 2025-06-03 18:13:14 -07:00
Ross Scroggs
f06944a1fa Remove IAM API from DWD 2025-06-03 18:13:11 -07:00
Jay Lee
27d4c37be3 [actions] rebuild for Python 3.13.4
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
2025-06-03 18:35:52 -04:00
Ross Scroggs
2f1a7eb347 Fixed bug in gam <UserTypeEntity> check|update serviceaccount 2025-06-02 16:18:38 -07:00
Ross Scroggs
a5818e144d Fixed bug in gam <UserTypeEntity> check|update serviceaccount
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
2025-06-02 16:18:08 -07:00
Ross Scroggs
4e6f1717fb Updated the defaults in gam print shareddriveorganizers to match the most common use case, not the script.
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
2025-06-02 12:50:20 -07:00
Ross Scroggs
9d347719c7 Updated the defaults in gam print shareddriveorganizers to match the most common use case, not the script. 2025-06-02 12:49:58 -07:00
Jay Lee
7235022a8e downscope IAM and off by default
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
2025-06-02 12:47:44 +00:00
Jay Lee
5db5dad576 fix CI Devices API scope 2025-06-02 12:35:50 +00:00
Ross Scroggs
72a6651a9f Update print shareddriveorganizers
Some checks failed
Build and test GAM / build (build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (build, 10, Build Intel Windows, windows-2022) (push) Has been cancelled
Build and test GAM / build (build, 11, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (test, 12, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (test, 13, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (test, 14, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (test, 15, Test Python 3.14-dev, ubuntu-24.04, 3.14-dev) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-apis (push) Has been cancelled
Push wiki / pushwiki (push) Has been cancelled
2025-06-01 09:46:53 -07:00
20 changed files with 536 additions and 197 deletions

View File

@@ -126,7 +126,7 @@ jobs:
with: with:
path: | path: |
cache.tar.xz cache.tar.xz
key: gam-${{ matrix.jid }}-20250422 key: gam-${{ matrix.jid }}-20250603
- name: Untar Cache archive - name: Untar Cache archive
if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true' if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'

View File

@@ -2725,6 +2725,7 @@ gam print chromschemas [todrive <ToDriveAttribute>*]
<ChromePolicySchemaFieldName>* [fields <ChromePolicySchemaFieldNameList>] <ChromePolicySchemaFieldName>* [fields <ChromePolicySchemaFieldNameList>]
[[formatjson [quotechar <Character>]] [[formatjson [quotechar <Character>]]
gam info chromeschema std <SchemaName>
gam show chromeschemas std gam show chromeschemas std
[filter <String>] [filter <String>]

View File

@@ -1,3 +1,73 @@
7.09.03
Updated `gam <UserTypeEntity> create focustime|outofoffice ... timerange <Time> <Time>` to check
that the first `<Time>` is less than the second `Time`; previously the event was not created.
For new installs the `enforce_expansive_access` Boolean variable in `gam.cfg` now defaults to True.
For existing installations, if `enforce_expansive_access` has not been added to `gam.cfg`,
a default value of True will be used.
7.09.02
Added command `gam info chromeschema std <SchemaName>` to display a Chrome policy schema in the same format as Legacy GAM.
Improved output of `gam show chromeschemas [std]` and `gam info chromeschema [std]` to more accurately display the schemas.
7.09.01
Fixed bug in `gam <UserTypeEntity> print diskusage` where the `ownedByMe` column was
blank for the top folder.
Fixed bug in `gam update chromepolicy` where the following error was generated
when updating policies with simple numerical values.
```
ERROR: Missing argument: Expected <value>"
```
7.09.00
Removed the overly broad service account `IAM and Access Management API` scope `https://www.googleapis.com/auth/cloud-platform`
from DWD. The `gam <UserTypeEntity> check|Update serviceaccount` commands issue an error message if this scope
is enabled prompting you to update your service account authorization so that the scope can be removed.
GAM commands that need IAM access now use the more limited scope `https://www.googleapis.com/auth/iam` in a non-DWD manner.
Added `enforce_expansive_access` Boolean variable to `gam.cfg` that provides the default value
for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
It's default value is False.
```
gam <UserTypeEntity> delete permissions
gam <UserTypeEntity> delete drivefileacl
gam <UserTypeEntity> update drivefileacl
gam <UserTypeEntity> copy drivefile
gam <UserTypeEntity> move drivefile
gam <UserTypeEntity> transfer ownership
gam <UserTypeEntity> claim ownership
gam <UserTypeEntity> transfer drive
```
Fixed bug in `gam print shareddriveorganizers` that caused a trap when an organizer was a deleted user.
Updated to Python 3.13.4
7.08.02
Updated the defaults in `gam print shareddriveorganizers` to match the most common use case, not the script.
* `domainlist` - The workspace primary domain
* `includetypes` - user
* `oneorganizer` - True
* `shownoorganizerdrives` - True
* `includefileorganizers` - False
To select organizers from any domain, use: `domainlist ""`
These commands produce the same result.
```
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
```
7.08.01 7.08.01
Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to

View File

@@ -11,7 +11,7 @@ if __name__ == '__main__':
# One time initialization # One time initialization
if platform.system() != 'Linux': if platform.system() != 'Linux':
multiprocessing.freeze_support() multiprocessing.freeze_support()
multiprocessing.set_start_method('spawn') multiprocessing.set_start_method('spawn', force=True)
initializeLogging() initializeLogging()
# #
CallGAMCommand(['gam', 'version']) CallGAMCommand(['gam', 'version'])

View File

@@ -11,5 +11,5 @@ from gam.__main__ import main
if __name__ == '__main__': if __name__ == '__main__':
if platform.system() != 'Linux': if platform.system() != 'Linux':
multiprocessing.freeze_support() multiprocessing.freeze_support()
multiprocessing.set_start_method('spawn') multiprocessing.set_start_method('spawn', force=True)
main() main()

View File

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
""" """
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>' __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
__version__ = '7.08.01' __version__ = '7.09.03'
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)' __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
#pylint: disable=wrong-import-position #pylint: disable=wrong-import-position
@@ -4785,6 +4785,7 @@ def defaultSvcAcctScopes():
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], False) scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], False)
saScopes = {} saScopes = {}
for scope in scopesList: for scope in scopesList:
if not scope.get('offByDefault'):
saScopes.setdefault(scope['api'], []) saScopes.setdefault(scope['api'], [])
saScopes[scope['api']].append(scope['scope']) saScopes[scope['api']].append(scope['scope'])
saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE) saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE)
@@ -12232,7 +12233,7 @@ def checkServiceAccount(users):
def authorizeScopes(message): def authorizeScopes(message):
long_url = ('https://admin.google.com/ac/owl/domainwidedelegation' long_url = ('https://admin.google.com/ac/owl/domainwidedelegation'
f'?clientScopeToAdd={",".join(checkScopes)}' f'?clientScopeToAdd={",".join(sorted(checkScopes))}'
f'&clientIdToAdd={service_account}&overwriteClientId=true') f'&clientIdToAdd={service_account}&overwriteClientId=true')
if GC.Values[GC.DOMAIN]: if GC.Values[GC.DOMAIN]:
long_url += f'&dn={GC.Values[GC.DOMAIN]}' long_url += f'&dn={GC.Values[GC.DOMAIN]}'
@@ -12244,10 +12245,12 @@ def checkServiceAccount(users):
allScopes = API.getSvcAcctScopes(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], Act.Get() == Act.UPDATE) allScopes = API.getSvcAcctScopes(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], Act.Get() == Act.UPDATE)
checkScopesSet = set() checkScopesSet = set()
saScopes = {} saScopes = {}
checkDeprecatedScopes = True
useColor = False useColor = False
while Cmd.ArgumentsRemaining(): while Cmd.ArgumentsRemaining():
myarg = getArgument() myarg = getArgument()
if myarg in {'scope', 'scopes'}: if myarg in {'scope', 'scopes'}:
checkDeprecatedScopes = False
for scope in getString(Cmd.OB_API_SCOPE_URL_LIST).lower().replace(',', ' ').split(): for scope in getString(Cmd.OB_API_SCOPE_URL_LIST).lower().replace(',', ' ').split():
api = API.getSvcAcctScopeAPI(scope) api = API.getSvcAcctScopeAPI(scope)
if api is not None: if api is not None:
@@ -12264,10 +12267,12 @@ def checkServiceAccount(users):
testPass = createGreenText('PASS') testPass = createGreenText('PASS')
testFail = createRedText('FAIL') testFail = createRedText('FAIL')
testWarn = createYellowText('WARN') testWarn = createYellowText('WARN')
testDeprecated = createRedText('DEPRECATED')
else: else:
testPass = 'PASS' testPass = 'PASS'
testFail = 'FAIL' testFail = 'FAIL'
testWarn = 'WARN' testWarn = 'WARN'
testDeprecated = 'DEPRECATED'
if Act.Get() == Act.CHECK: if Act.Get() == Act.CHECK:
if not checkScopesSet: if not checkScopesSet:
for scope in iter(GM.Globals[GM.SVCACCT_SCOPES].values()): for scope in iter(GM.Globals[GM.SVCACCT_SCOPES].values()):
@@ -12275,7 +12280,7 @@ def checkServiceAccount(users):
else: else:
if not checkScopesSet: if not checkScopesSet:
scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], True) scopesList = API.getSvcAcctScopesList(GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY], True)
selectedScopes = getScopesFromUser(scopesList, False, GM.Globals[GM.SVCACCT_SCOPES]) selectedScopes = getScopesFromUser(scopesList, False, GM.Globals[GM.SVCACCT_SCOPES] if GM.Globals[GM.SVCACCT_SCOPES_DEFINED] else None)
if selectedScopes is None: if selectedScopes is None:
return False return False
i = 0 i = 0
@@ -12337,8 +12342,8 @@ def checkServiceAccount(users):
if saTokenStatus == testFail: if saTokenStatus == testFail:
invalidOauth2serviceJsonExit(f'Authentication{auth_error}') invalidOauth2serviceJsonExit(f'Authentication{auth_error}')
_getSvcAcctData() # needed to read in GM.OAUTH2SERVICE_JSON_DATA _getSvcAcctData() # needed to read in GM.OAUTH2SERVICE_JSON_DATA
if GM.Globals[GM.SVCACCT_SCOPES_DEFINED] and API.IAM not in GM.Globals[GM.SVCACCT_SCOPES]: if API.IAM not in GM.Globals[GM.SVCACCT_SCOPES]:
GM.Globals[GM.SVCACCT_SCOPES][API.IAM] = [API.CLOUD_PLATFORM_SCOPE] GM.Globals[GM.SVCACCT_SCOPES][API.IAM] = [API.IAM_SCOPE]
key_type = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA].get('key_type', 'default') key_type = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA].get('key_type', 'default')
if key_type == 'default': if key_type == 'default':
printMessage(Msg.SERVICE_ACCOUNT_CHECK_PRIVATE_KEY_AGE) printMessage(Msg.SERVICE_ACCOUNT_CHECK_PRIVATE_KEY_AGE)
@@ -12399,6 +12404,38 @@ def checkServiceAccount(users):
allScopesPass = False allScopesPass = False
printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}') printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
Ind.Decrement() Ind.Decrement()
if checkDeprecatedScopes:
deprecatedScopes = sorted(API.DEPRECATED_SCOPES)
jcount = len(deprecatedScopes)
printKeyValueListWithCount([Msg.DEPRECATED_SCOPES, '',
Ent.Singular(Ent.USER), user,
Ent.Choose(Ent.SCOPE, jcount), jcount],
i, count)
Ind.Increment()
j = 0
for scope in deprecatedScopes:
j += 1
# try with and without email scope
for scopes in [[scope, API.USERINFO_EMAIL_SCOPE], [scope]]:
try:
credentials = getSvcAcctCredentials(scopes, user)
credentials.refresh(request)
break
except (httplib2.HttpLib2Error, google.auth.exceptions.TransportError, RuntimeError) as e:
handleServerError(e)
except google.auth.exceptions.RefreshError:
continue
if credentials.token:
token_info = callGAPI(oa2, 'tokeninfo', access_token=credentials.token)
if scope in token_info.get('scope', '').split(' ') and user == token_info.get('email', user).lower():
scopeStatus = testDeprecated
allScopesPass = False
else:
scopeStatus = testPass
else:
scopeStatus = testPass
printPassFail(scope, f'{scopeStatus}{currentCount(j, jcount)}')
Ind.Decrement()
service_account = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_id'] service_account = GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['client_id']
if allScopesPass: if allScopesPass:
if Act.Get() == Act.CHECK: if Act.Get() == Act.CHECK:
@@ -25910,7 +25947,7 @@ def exitIfChatNotConfigured(chat, kvList, errMsg, i, count):
if (('No bot associated with this project.' in errMsg) or if (('No bot associated with this project.' in errMsg) or
('Invalid project number.' in errMsg) or ('Invalid project number.' in errMsg) or
('Google Chat app not found.' in errMsg)): ('Google Chat app not found.' in errMsg)):
systemErrorExit(API_ACCESS_DENIED_RC, Msg.TO_SET_UP_GOOGLE_CHAT.format(setupChatURL(chat))) systemErrorExit(API_ACCESS_DENIED_RC, Msg.TO_SET_UP_GOOGLE_CHAT.format(setupChatURL(chat), GM.Globals[GM.OAUTH2SERVICE_JSON_DATA]['project_id']))
entityActionFailedWarning(kvList, errMsg, i, count) entityActionFailedWarning(kvList, errMsg, i, count)
def _getChatAdminAccess(adminAPI, userAPI): def _getChatAdminAccess(adminAPI, userAPI):
@@ -28081,7 +28118,10 @@ def simplifyChromeSchema(schema):
'settings': {} 'settings': {}
} }
fieldDescriptions = schema['fieldDescriptions'] fieldDescriptions = schema['fieldDescriptions']
savedSettingName = ''
savedTypeName = ''
for mtype in schema['definition']['messageType']: for mtype in schema['definition']['messageType']:
numSettings = len(mtype['field'])
for setting in mtype['field']: for setting in mtype['field']:
setting_name = setting['name'] setting_name = setting['name']
setting_dict = {'name': setting_name, setting_dict = {'name': setting_name,
@@ -28089,6 +28129,9 @@ def simplifyChromeSchema(schema):
'descriptions': [], 'descriptions': [],
'type': setting['type'], 'type': setting['type'],
} }
if mtype['name'] == savedTypeName and numSettings == 1:
setting_dict['name'] = savedSettingName
savedTypeName = ''
if setting_dict['type'] == 'TYPE_STRING' and setting.get('label') == 'LABEL_REPEATED': if setting_dict['type'] == 'TYPE_STRING' and setting.get('label') == 'LABEL_REPEATED':
setting_dict['type'] = 'TYPE_LIST' setting_dict['type'] = 'TYPE_LIST'
if setting_dict['type'] == 'TYPE_ENUM': if setting_dict['type'] == 'TYPE_ENUM':
@@ -28110,6 +28153,8 @@ def simplifyChromeSchema(schema):
break break
break break
elif setting_dict['type'] == 'TYPE_MESSAGE': elif setting_dict['type'] == 'TYPE_MESSAGE':
savedSettingName = setting_name
savedTypeName = setting['typeName']
continue continue
else: else:
setting_dict['enums'] = None setting_dict['enums'] = None
@@ -28215,14 +28260,11 @@ def doDeleteChromePolicy():
entityActionFailedWarning(kvList, str(e)) entityActionFailedWarning(kvList, str(e))
CHROME_SCHEMA_SPECIAL_CASES = { CHROME_SCHEMA_SPECIAL_CASES = {
# duration
'chrome.users.AutoUpdateCheckPeriodNewV2': 'chrome.users.AutoUpdateCheckPeriodNewV2':
{'autoupdatecheckperiodminutesnew': {'autoupdatecheckperiodminutesnew':
{'casedField': 'autoUpdateCheckPeriodMinutesNew', {'casedField': 'autoUpdateCheckPeriodMinutesNew',
'type': 'duration', 'minVal': 1, 'maxVal': 720}}, 'type': 'duration', 'minVal': 1, 'maxVal': 720}},
'chrome.users.Avatar':
{'useravatarimage':
{'casedField': 'userAvatarImage',
'type': 'downloadUri'}},
'chrome.users.BrowserSwitcherDelayDurationV2': 'chrome.users.BrowserSwitcherDelayDurationV2':
{'browserswitcherdelayduration': {'browserswitcherdelayduration':
{'casedField': 'browserSwitcherDelayDuration', {'casedField': 'browserSwitcherDelayDuration',
@@ -28264,10 +28306,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
{'maxinvalidationfetchdelay': {'maxinvalidationfetchdelay':
{'casedField': 'maxInvalidationFetchDelay', {'casedField': 'maxInvalidationFetchDelay',
'type': 'duration', 'minVal': 1, 'maxVal': 30, 'default': 10}}, 'type': 'duration', 'minVal': 1, 'maxVal': 30, 'default': 10}},
'chrome.users.PrintingMaxSheetsAllowed':
{'printingmaxsheetsallowednullable':
{'casedField': 'printingMaxSheetsAllowedNullable',
'type': 'value', 'minVal': 1, 'maxVal': None}},
'chrome.users.PrintJobHistoryExpirationPeriodNewV2': 'chrome.users.PrintJobHistoryExpirationPeriodNewV2':
{'printjobhistoryexpirationperioddaysnew': {'printjobhistoryexpirationperioddaysnew':
{'casedField': 'printJobHistoryExpirationPeriodDaysNew', {'casedField': 'printJobHistoryExpirationPeriodDaysNew',
@@ -28275,7 +28313,16 @@ CHROME_SCHEMA_SPECIAL_CASES = {
'chrome.users.RelaunchNotificationWithDurationV2': 'chrome.users.RelaunchNotificationWithDurationV2':
{'relaunchnotificationperiodduration': {'relaunchnotificationperiodduration':
{'casedField': 'relaunchNotificationPeriodDuration', {'casedField': 'relaunchNotificationPeriodDuration',
'type': 'duration', 'minVal': -1, 'maxVal': None}}, 'type': 'duration', 'minVal': 1, 'maxVal': 168},
'relaunchinitialquietperiodduration':
{'casedField': 'relaunchInitialQuietPeriodDuration',
'type': 'duration', 'minVal': 0, 'maxVal': None},
'relaunchwindowstarttime':
{'casedField': 'relaunchWindowStartTime',
'type': 'timeOfDay'},
'relaunchwindowdurationmin':
{'casedField': 'relaunchWindowDurationMin',
'type': 'duration', 'minVal': 1, 'maxVal': 1440}},
'chrome.users.SecurityTokenSessionSettingsV2': 'chrome.users.SecurityTokenSessionSettingsV2':
{'securitytokensessionnotificationseconds': {'securitytokensessionnotificationseconds':
{'casedField': 'securityTokenSessionNotificationSeconds', {'casedField': 'securityTokenSessionNotificationSeconds',
@@ -28291,10 +28338,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
'updatessuppressedstarttime': 'updatessuppressedstarttime':
{'casedField': 'updatesSuppressedStartTime', {'casedField': 'updatesSuppressedStartTime',
'type': 'timeOfDay'}}, 'type': 'timeOfDay'}},
'chrome.users.Wallpaper':
{'wallpaperimage':
{'casedField': 'wallpaperImage',
'type': 'downloadUri'}},
'chrome.devices.EnableReportUploadFrequencyV2': 'chrome.devices.EnableReportUploadFrequencyV2':
{'reportdeviceuploadfrequency': {'reportdeviceuploadfrequency':
{'casedField': 'reportDeviceUploadFrequency', {'casedField': 'reportDeviceUploadFrequency',
@@ -28303,10 +28346,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
{'uptimelimitduration': {'uptimelimitduration':
{'casedField': 'uptimeLimitDuration', {'casedField': 'uptimeLimitDuration',
'type': 'duration', 'minVal': 1, 'maxVal': 365}}, 'type': 'duration', 'minVal': 1, 'maxVal': 365}},
'chrome.devices.SignInWallpaperImage':
{'devicewallpaperimage':
{'casedField': 'deviceWallpaperImage',
'type': 'downloadUri'}},
'chrome.devices.kiosk.AcPowerSettingsV2': 'chrome.devices.kiosk.AcPowerSettingsV2':
{'acidletimeout': {'acidletimeout':
{'casedField': 'acIdleTimeout', {'casedField': 'acIdleTimeout',
@@ -28333,10 +28372,6 @@ CHROME_SCHEMA_SPECIAL_CASES = {
'batteryscreenofftimeout': 'batteryscreenofftimeout':
{'casedField': 'batteryScreenOffTimeout', {'casedField': 'batteryScreenOffTimeout',
'type': 'duration', 'minVal': 0, 'maxVal': 35000}}, 'type': 'duration', 'minVal': 0, 'maxVal': 35000}},
'chrome.devices.managedguest.Avatar':
{'useravatarimage':
{'casedField': 'userAvatarImage',
'type': 'downloadUri'}},
'chrome.devices.managedguest.BrowsingDataLifetimeV2': 'chrome.devices.managedguest.BrowsingDataLifetimeV2':
{'browsinghistoryttl': {'browsinghistoryttl':
{'casedField': 'browsingHistoryTtl', {'casedField': 'browsingHistoryTtl',
@@ -28378,6 +28413,56 @@ CHROME_SCHEMA_SPECIAL_CASES = {
{'sessiondurationlimit': {'sessiondurationlimit':
{'casedField': 'sessionDurationLimit', {'casedField': 'sessionDurationLimit',
'type': 'duration', 'minVal': 1, 'maxVal': 1440}}, 'type': 'duration', 'minVal': 1, 'maxVal': 1440}},
# value
'chrome.users.GaiaLockScreenOfflineSigninTimeLimitDays':
{'gaialockscreenofflinesignintimelimitdays':
{'casedField': 'gaiaLockScreenOfflineSigninTimeLimitDays',
'type': 'value', 'minVal': 0, 'maxVal': 365}},
'chrome.users.GaiaOfflineSigninTimeLimitDays':
{'gaiaofflinesignintimelimitdays':
{'casedField': 'gaiaOfflineSigninTimeLimitDays',
'type': 'value', 'minVal': 0, 'maxVal': 365}},
'chrome.users.PrintingMaxSheetsAllowed':
{'printingmaxsheetsallowednullable':
{'casedField': 'printingMaxSheetsAllowedNullable',
'type': 'value', 'minVal': 1, 'maxVal': None}},
'chrome.users.RemoteAccessHostClipboardSizeBytes':
{'remoteaccesshostclipboardsizebytes':
{'casedField': 'remoteAccessHostClipboardSizeBytes',
'type': 'value', 'minVal': 0, 'maxVal': 2147483647}},
'chrome.users.SamlLockScreenOfflineSigninTimeLimitDays':
{'samllockscreenofflinesignintimelimitdays':
{'casedField': 'samlLockScreenOfflineSigninTimeLimitDays',
'type': 'value', 'minVal': 0, 'maxVal': 365}},
'chrome.devices.ExtensionCacheSize':
{'extensioncachesize':
{'casedField': 'extensionCacheSize',
'type': 'value', 'minVal': 1048576, 'maxVal': None, 'default': 268435456}},
'chrome.devices.managedguest.PrintingMaxSheetsAllowed':
{'printingmaxsheetsallowednullable':
{'casedField': 'printingMaxSheetsAllowedNullable',
'type': 'value', 'minVal': 1, 'maxVal': None}},
'chrome.devices.managedguest.RemoteAccessHostClipboardSizeBytes':
{'remoteaccesshostclipboardsizebytes':
{'casedField': 'remoteAccessHostClipboardSizeBytes',
'type': 'value', 'minVal': 0, 'maxVal': 2147483647}},
# downloadUri
'chrome.users.Avatar':
{'useravatarimage':
{'casedField': 'userAvatarImage',
'type': 'downloadUri'}},
'chrome.users.Wallpaper':
{'wallpaperimage':
{'casedField': 'wallpaperImage',
'type': 'downloadUri'}},
'chrome.devices.SignInWallpaperImage':
{'devicewallpaperimage':
{'casedField': 'deviceWallpaperImage',
'type': 'downloadUri'}},
'chrome.devices.managedguest.Avatar':
{'useravatarimage':
{'casedField': 'userAvatarImage',
'type': 'downloadUri'}},
'chrome.devices.managedguest.Wallpaper': 'chrome.devices.managedguest.Wallpaper':
{'wallpaperimage': {'wallpaperimage':
{'casedField': 'wallpaperImage', {'casedField': 'wallpaperImage',
@@ -28399,7 +28484,7 @@ def doUpdateChromePolicy():
return value return value
#if vtype == timeOfDay: #if vtype == timeOfDay:
hours, minutes = value.split(':') hours, minutes = value.split(':')
return {vtype: {'hours': hours, 'minutes': minutes}} return {vtype: {'hours': int(hours), 'minutes': int(minutes)}}
cp = buildGAPIObject(API.CHROMEPOLICY) cp = buildGAPIObject(API.CHROMEPOLICY)
cd = buildGAPIObject(API.DIRECTORY) cd = buildGAPIObject(API.DIRECTORY)
@@ -28855,7 +28940,7 @@ def _showChromePolicySchema(schema, FJQC, i=0, count=0):
return return
printEntity([Ent.CHROME_POLICY_SCHEMA, schema['name']], i, count) printEntity([Ent.CHROME_POLICY_SCHEMA, schema['name']], i, count)
Ind.Increment() Ind.Increment()
showJSON(None, schema) showJSON(None, schema, dictObjectsKey={'messageType': 'name', 'field': 'name', 'fieldDescriptions': 'field'})
Ind.Decrement() Ind.Decrement()
CHROME_POLICY_SCHEMA_FIELDS_CHOICE_MAP = { CHROME_POLICY_SCHEMA_FIELDS_CHOICE_MAP = {
@@ -28878,6 +28963,9 @@ CHROME_POLICY_SCHEMA_FIELDS_CHOICE_MAP = {
# [formatjson] # [formatjson]
def doInfoChromePolicySchemas(): def doInfoChromePolicySchemas():
cp = buildGAPIObject(API.CHROMEPOLICY) cp = buildGAPIObject(API.CHROMEPOLICY)
if checkArgumentPresent('std'):
doInfoChromePolicySchemasStd(cp)
return
FJQC = FormatJSONQuoteChar() FJQC = FormatJSONQuoteChar()
fieldsList = [] fieldsList = []
name = _getChromePolicySchemaName() name = _getChromePolicySchemaName()
@@ -28906,7 +28994,7 @@ def doInfoChromePolicySchemas():
# [filter <String>] # [filter <String>]
# <ChromePolicySchemaFieldName>* [fields <ChromePolicySchemaFieldNameList>] # <ChromePolicySchemaFieldName>* [fields <ChromePolicySchemaFieldNameList>]
# [[formatjson [quotechar <Character>]] # [[formatjson [quotechar <Character>]]
def doPrintShowChromeSchemas(): def doPrintShowChromePolicySchemas():
def _printChromePolicySchema(schema): def _printChromePolicySchema(schema):
row = flattenJSON(schema) row = flattenJSON(schema)
if not FJQC.formatJSON: if not FJQC.formatJSON:
@@ -28920,10 +29008,12 @@ def doPrintShowChromeSchemas():
row['JSON'] = json.dumps(cleanJSON(schema), ensure_ascii=False, sort_keys=True) row['JSON'] = json.dumps(cleanJSON(schema), ensure_ascii=False, sort_keys=True)
csvPF.WriteRowNoFilter(row) csvPF.WriteRowNoFilter(row)
if checkArgumentPresent('std'):
doShowChromeSchemasStd()
return
cp = buildGAPIObject(API.CHROMEPOLICY) cp = buildGAPIObject(API.CHROMEPOLICY)
if checkArgumentPresent('std'):
if not Act.csvFormat():
doShowChromePolicySchemasStd(cp)
return
unknownArgumentExit()
parent = _getCustomersCustomerIdWithC() parent = _getCustomersCustomerIdWithC()
csvPF = CSVPrintFile(['name', 'schemaName', 'policyDescription', csvPF = CSVPrintFile(['name', 'schemaName', 'policyDescription',
'policyApiLifecycle.policyApiLifecycleStage', 'policyApiLifecycle.policyApiLifecycleStage',
@@ -28983,28 +29073,10 @@ def doPrintShowChromeSchemas():
if csvPF: if csvPF:
csvPF.writeCSVfile('Chrome Policy Schemas') csvPF.writeCSVfile('Chrome Policy Schemas')
# gam show chromeschemas std [filter <String>] def _showChromePolicySchemaStd(schema):
def doShowChromeSchemasStd(): printKeyValueList([f'{schema.get("name")}', f'{schema.get("description")}'])
cp = buildGAPIObject(API.CHROMEPOLICY)
sfilter = None
while Cmd.ArgumentsRemaining():
myarg = getArgument()
if myarg == 'filter':
sfilter = getString(Cmd.OB_STRING)
else:
unknownArgumentExit()
parent = _getCustomersCustomerIdWithC()
result = callGAPIpages(cp.customers().policySchemas(), 'list', 'policySchemas',
retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
parent=parent, filter=sfilter)
schemas = {}
for schema in result:
schema_name, schema_dict = simplifyChromeSchema(schema)
schemas[schema_name.lower()] = schema_dict
for _, value in sorted(iter(schemas.items())):
printKeyValueList([f'{value.get("name")}', f'{value.get("description")}'])
Ind.Increment() Ind.Increment()
for val in value['settings'].values(): for val in schema['settings'].values():
vtype = val.get('type') vtype = val.get('type')
printKeyValueList([f'{val.get("name")}', f'{vtype}']) printKeyValueList([f'{val.get("name")}', f'{vtype}'])
Ind.Increment() Ind.Increment()
@@ -29028,6 +29100,41 @@ def doShowChromeSchemasStd():
printKeyValueList([f'{description[0]}']) printKeyValueList([f'{description[0]}'])
Ind.Decrement() Ind.Decrement()
Ind.Decrement() Ind.Decrement()
# gam info chromeschema std <SchemaName>
def doInfoChromePolicySchemasStd(cp):
name = _getChromePolicySchemaName()
checkForExtraneousArguments()
try:
schema = callGAPI(cp.customers().policySchemas(), 'get',
throwReasons=[GAPI.NOT_FOUND, GAPI.BAD_REQUEST, GAPI.FORBIDDEN],
name=name)
_, schema_dict = simplifyChromeSchema(schema)
_showChromePolicySchemaStd(schema_dict)
except GAPI.notFound:
entityUnknownWarning(Ent.CHROME_POLICY_SCHEMA, name)
except (GAPI.badRequest, GAPI.forbidden):
accessErrorExit(None)
# gam show chromeschemas std [filter <String>]
def doShowChromePolicySchemasStd(cp):
sfilter = None
while Cmd.ArgumentsRemaining():
myarg = getArgument()
if myarg == 'filter':
sfilter = getString(Cmd.OB_STRING)
else:
unknownArgumentExit()
parent = _getCustomersCustomerIdWithC()
result = callGAPIpages(cp.customers().policySchemas(), 'list', 'policySchemas',
retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
parent=parent, filter=sfilter)
schemas = {}
for schema in result:
schema_name, schema_dict = simplifyChromeSchema(schema)
schemas[schema_name.lower()] = schema_dict
for _, schema in sorted(iter(schemas.items())):
_showChromePolicySchemaStd(schema)
printBlankLine() printBlankLine()
# gam create chromenetwork # gam create chromenetwork
@@ -51488,6 +51595,9 @@ def getStatusEventDateTime(dateType, dateList):
if dateType == 'timerange': if dateType == 'timerange':
startTime = getTimeOrDeltaFromNow(returnDateTime=True)[0] startTime = getTimeOrDeltaFromNow(returnDateTime=True)[0]
endTime = getTimeOrDeltaFromNow(returnDateTime=True)[0] endTime = getTimeOrDeltaFromNow(returnDateTime=True)[0]
if startTime >= endTime:
Cmd.Backup()
usageErrorExit(Msg.INVALID_EVENT_TIMERANGE.format(dateType, startTime, endTime))
recurrence = [] recurrence = []
while checkArgumentPresent(['recurrence']): while checkArgumentPresent(['recurrence']):
recurrence.append(getString(Cmd.OB_RECURRENCE)) recurrence.append(getString(Cmd.OB_RECURRENCE))
@@ -57259,6 +57369,7 @@ def printDiskUsage(users):
topFolder['path'] = f'{SHARED_DRIVES}{pathDelimiter}{topFolder["name"]}' topFolder['path'] = f'{SHARED_DRIVES}{pathDelimiter}{topFolder["name"]}'
else: else:
topFolder['path'] = topFolder['name'] topFolder['path'] = topFolder['name']
topFolder.pop('ownedByMe', None)
elif topFolder['name'] == MY_DRIVE and not topFolder.get('parents'): elif topFolder['name'] == MY_DRIVE and not topFolder.get('parents'):
topFolder['path'] = MY_DRIVE topFolder['path'] = MY_DRIVE
else: else:
@@ -57269,7 +57380,6 @@ def printDiskUsage(users):
if owners: if owners:
topFolder['Owner'] = owners[0].get('emailAddress', 'Unknown') topFolder['Owner'] = owners[0].get('emailAddress', 'Unknown')
trashFolder['Owner'] = topFolder['Owner'] trashFolder['Owner'] = topFolder['Owner']
topFolder.pop('ownedByMe', None)
topFolder.pop('parents', None) topFolder.pop('parents', None)
topFolder.update(zeroFolderInfo) topFolder.update(zeroFolderInfo)
topFolder.pop(sizeField, None) topFolder.pop(sizeField, None)
@@ -58716,7 +58826,7 @@ def initCopyMoveOptions(copyCmd):
'showPermissionMessages': False, 'showPermissionMessages': False,
'sendEmailIfRequired': False, 'sendEmailIfRequired': False,
'useDomainAdminAccess': False, 'useDomainAdminAccess': False,
'enforceExpansiveAccess': False, 'enforceExpansiveAccess': GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS],
'copiedShortcutsPointToCopiedFiles': True, 'copiedShortcutsPointToCopiedFiles': True,
'createShortcutsForNonmovableFiles': False, 'createShortcutsForNonmovableFiles': False,
'duplicateFiles': DUPLICATE_FILE_OVERWRITE_OLDER, 'duplicateFiles': DUPLICATE_FILE_OVERWRITE_OLDER,
@@ -62096,7 +62206,8 @@ def transferDrive(users):
targetUserFolderPattern = '#user# old files' targetUserFolderPattern = '#user# old files'
targetUserOrphansFolderPattern = '#user# orphaned files' targetUserOrphansFolderPattern = '#user# orphaned files'
targetIds = [None, None] targetIds = [None, None]
createShortcutsForNonmovableFiles = enforceExpansiveAccess = False createShortcutsForNonmovableFiles = False
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
mergeWithTarget = False mergeWithTarget = False
thirdPartyOwners = {} thirdPartyOwners = {}
skipFileIdEntity = initDriveFileEntity() skipFileIdEntity = initDriveFileEntity()
@@ -62402,7 +62513,8 @@ def transferOwnership(users):
body = {} body = {}
newOwner = getEmailAddress() newOwner = getEmailAddress()
OBY = OrderBy(DRIVEFILE_ORDERBY_CHOICE_MAP) OBY = OrderBy(DRIVEFILE_ORDERBY_CHOICE_MAP)
changeParents = enforceExpansiveAccess = filepath = includeTrashed = noRecursion = False changeParents = filepath = includeTrashed = noRecursion = False
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
pathDelimiter = '/' pathDelimiter = '/'
csvPF = fileTree = None csvPF = fileTree = None
addParents = '' addParents = ''
@@ -62728,7 +62840,8 @@ def claimOwnership(users):
onlyOwners = set() onlyOwners = set()
skipOwners = set() skipOwners = set()
subdomains = [] subdomains = []
enforceExpansiveAccess = filepath = includeTrashed = False filepath = includeTrashed = False
enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
pathDelimiter = '/' pathDelimiter = '/'
addParents = '' addParents = ''
parentBody = {} parentBody = {}
@@ -63503,7 +63616,7 @@ def doCreateDriveFileACL():
def updateDriveFileACLs(users, useDomainAdminAccess=False): def updateDriveFileACLs(users, useDomainAdminAccess=False):
fileIdEntity = getDriveFileEntity() fileIdEntity = getDriveFileEntity()
isEmail, permissionId = getPermissionId() isEmail, permissionId = getPermissionId()
enforceExpansiveAccess = None enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
removeExpiration = showTitles = updateSheetProtectedRanges = False removeExpiration = showTitles = updateSheetProtectedRanges = False
showDetails = True showDetails = True
csvPF = None csvPF = None
@@ -63541,9 +63654,6 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess) _checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
if 'role' not in body: if 'role' not in body:
missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}') missingArgumentExit(f'role {formatChoiceList(DRIVEFILE_ACL_ROLES_MAP)}')
updateKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
if enforceExpansiveAccess is not None:
updateKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects() printKeys, timeObjects = _getDriveFileACLPrintKeysTimeObjects()
if csvPF and showTitles: if csvPF and showTitles:
csvPF.AddTitles(fileNameTitle) csvPF.AddTitles(fileNameTitle)
@@ -63581,7 +63691,7 @@ def updateDriveFileACLs(users, useDomainAdminAccess=False):
permission = callGAPI(drive.permissions(), 'update', permission = callGAPI(drive.permissions(), 'update',
bailOnInternalError=True, bailOnInternalError=True,
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE], throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_UPDATE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
**updateKwargs, useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration, fileId=fileId, permissionId=permissionId, removeExpiration=removeExpiration,
transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True) transferOwnership=body.get('role', '') == 'owner', body=body, fields='*', supportsAllDrives=True)
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET: if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
@@ -63832,7 +63942,7 @@ def doCreatePermissions():
def deleteDriveFileACLs(users, useDomainAdminAccess=False): def deleteDriveFileACLs(users, useDomainAdminAccess=False):
fileIdEntity = getDriveFileEntity() fileIdEntity = getDriveFileEntity()
isEmail, permissionId = getPermissionId() isEmail, permissionId = getPermissionId()
enforceExpansiveAccess = None enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
showTitles = updateSheetProtectedRanges = False showTitles = updateSheetProtectedRanges = False
while Cmd.ArgumentsRemaining(): while Cmd.ArgumentsRemaining():
myarg = getArgument() myarg = getArgument()
@@ -63847,9 +63957,6 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
else: else:
unknownArgumentExit() unknownArgumentExit()
_checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess) _checkFileIdEntityDomainAccess(fileIdEntity, useDomainAdminAccess)
deleteKwargs = {'useDomainAdminAccess': useDomainAdminAccess}
if enforceExpansiveAccess is not None:
deleteKwargs['enforceExpansiveAccess'] = enforceExpansiveAccess
i, count, users = getEntityArgument(users) i, count, users = getEntityArgument(users)
for user in users: for user in users:
i += 1 i += 1
@@ -63882,7 +63989,7 @@ def deleteDriveFileACLs(users, useDomainAdminAccess=False):
break break
callGAPI(drive.permissions(), 'delete', callGAPI(drive.permissions(), 'delete',
throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE], throwReasons=GAPI.DRIVE_ACCESS_THROW_REASONS+GAPI.DRIVE3_DELETE_ACL_THROW_REASONS+[GAPI.FILE_NEVER_WRITABLE],
**deleteKwargs, useDomainAdminAccess=useDomainAdminAccess, enforceExpansiveAccess=enforceExpansiveAccess,
fileId=fileId, permissionId=permissionId, supportsAllDrives=True) fileId=fileId, permissionId=permissionId, supportsAllDrives=True)
entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount) entityActionPerformed([Ent.USER, user, entityType, fileName, Ent.PERMISSION_ID, permissionId], j, jcount)
if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET: if updateSheetProtectedRanges and mimeType == MIMETYPE_GA_SPREADSHEET:
@@ -63961,7 +64068,7 @@ def deletePermissions(users, useDomainAdminAccess=False):
jsonData = getJSON([]) jsonData = getJSON([])
PM = PermissionMatch() PM = PermissionMatch()
PM.SetDefaultMatch(False, {'role': 'owner'}) PM.SetDefaultMatch(False, {'role': 'owner'})
enforceExpansiveAccess = False enforceExpansiveAccess = GC.Values[GC.ENFORCE_EXPANSIVE_ACCESS]
while Cmd.ArgumentsRemaining(): while Cmd.ArgumentsRemaining():
myarg = getArgument() myarg = getArgument()
if myarg in ADMIN_ACCESS_OPTIONS: if myarg in ADMIN_ACCESS_OPTIONS:
@@ -66071,8 +66178,8 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
showNoOrganizerDrives = SHOW_NO_PERMISSIONS_DRIVES_CHOICE_MAP['false'] showNoOrganizerDrives = SHOW_NO_PERMISSIONS_DRIVES_CHOICE_MAP['false']
fieldsList = ['role', 'type', 'emailAddress'] fieldsList = ['role', 'type', 'emailAddress']
cd = entityList = orgUnitId = query = matchPattern = None cd = entityList = orgUnitId = query = matchPattern = None
domainList = [] domainList = [GC.Values[GC.DOMAIN]]
oneOrganizer = False oneOrganizer = True
while Cmd.ArgumentsRemaining(): while Cmd.ArgumentsRemaining():
myarg = getArgument() myarg = getArgument()
if csvPF and myarg == 'todrive': if csvPF and myarg == 'todrive':
@@ -66104,7 +66211,7 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
elif myarg in ADMIN_ACCESS_OPTIONS: elif myarg in ADMIN_ACCESS_OPTIONS:
useDomainAdminAccess = True useDomainAdminAccess = True
elif myarg == 'domainlist': elif myarg == 'domainlist':
domainList = set(getString(Cmd.OB_DOMAIN_NAME_LIST).replace(',', ' ').lower().split()) domainList = set(getString(Cmd.OB_DOMAIN_NAME_LIST, minLen=0).replace(',', ' ').lower().split())
elif myarg == 'includetypes': elif myarg == 'includetypes':
for itype in getString(Cmd.OB_ORGANIZER_TYPE_LIST).lower().replace(',', ' ').split(): for itype in getString(Cmd.OB_ORGANIZER_TYPE_LIST).lower().replace(',', ' ').split():
if itype in PRINT_ORGANIZER_TYPES: if itype in PRINT_ORGANIZER_TYPES:
@@ -66133,7 +66240,7 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
usageErrorExit(Msg.ONLY_ADMINISTRATORS_CAN_SPECIFY_SHARED_DRIVE_ORGUNIT) usageErrorExit(Msg.ONLY_ADMINISTRATORS_CAN_SPECIFY_SHARED_DRIVE_ORGUNIT)
csvPF.AddTitles(['orgUnit', 'orgUnitId']) csvPF.AddTitles(['orgUnit', 'orgUnitId'])
if not includeTypes: if not includeTypes:
includeTypes = PRINT_ORGANIZER_TYPES includeTypes = set(['user'])
fields = getItemFieldsFromFieldsList('permissions', fieldsList, True) fields = getItemFieldsFromFieldsList('permissions', fieldsList, True)
i, count, users = getEntityArgument(users) i, count, users = getEntityArgument(users)
for user in users: for user in users:
@@ -66200,7 +66307,7 @@ def printSharedDriveOrganizers(users, useDomainAdminAccess=False):
useDomainAdminAccess=useDomainAdminAccess, useDomainAdminAccess=useDomainAdminAccess,
fileId=shareddrive['id'], fields=fields, supportsAllDrives=True) fileId=shareddrive['id'], fields=fields, supportsAllDrives=True)
for permission in permissions: for permission in permissions:
if permission['type'] in includeTypes and permission['role'] in roles: if permission['type'] in includeTypes and permission['role'] in roles and permission.get('emailAddress', ''):
if domainList: if domainList:
_, domain = permission['emailAddress'].lower().split('@', 1) _, domain = permission['emailAddress'].lower().split('@', 1)
if domain not in domainList: if domain not in domainList:
@@ -76067,7 +76174,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
Cmd.ARG_CHROMENEEDSATTN: doPrintShowChromeNeedsAttn, Cmd.ARG_CHROMENEEDSATTN: doPrintShowChromeNeedsAttn,
Cmd.ARG_CHROMEPOLICY: doPrintShowChromePolicies, Cmd.ARG_CHROMEPOLICY: doPrintShowChromePolicies,
Cmd.ARG_CHROMEPROFILE: doPrintShowChromeProfiles, Cmd.ARG_CHROMEPROFILE: doPrintShowChromeProfiles,
Cmd.ARG_CHROMESCHEMA: doPrintShowChromeSchemas, Cmd.ARG_CHROMESCHEMA: doPrintShowChromePolicySchemas,
Cmd.ARG_CHROMESNVALIDITY: doPrintChromeSnValidity, Cmd.ARG_CHROMESNVALIDITY: doPrintChromeSnValidity,
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions, Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
Cmd.ARG_CIGROUP: doPrintCIGroups, Cmd.ARG_CIGROUP: doPrintCIGroups,
@@ -76199,7 +76306,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
Cmd.ARG_CHROMENEEDSATTN: doPrintShowChromeNeedsAttn, Cmd.ARG_CHROMENEEDSATTN: doPrintShowChromeNeedsAttn,
Cmd.ARG_CHROMEPOLICY: doPrintShowChromePolicies, Cmd.ARG_CHROMEPOLICY: doPrintShowChromePolicies,
Cmd.ARG_CHROMEPROFILE: doPrintShowChromeProfiles, Cmd.ARG_CHROMEPROFILE: doPrintShowChromeProfiles,
Cmd.ARG_CHROMESCHEMA: doPrintShowChromeSchemas, Cmd.ARG_CHROMESCHEMA: doPrintShowChromePolicySchemas,
Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions, Cmd.ARG_CHROMEVERSIONS: doPrintShowChromeVersions,
Cmd.ARG_CIGROUPMEMBERS: doShowCIGroupMembers, Cmd.ARG_CIGROUPMEMBERS: doShowCIGroupMembers,
Cmd.ARG_CIPOLICY: doPrintShowCIPolicies, Cmd.ARG_CIPOLICY: doPrintShowCIPolicies,

View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright (C) 2024 Ross Scroggs All Rights Reserved. # Copyright (C) 2025 Ross Scroggs All Rights Reserved.
# #
# All Rights Reserved. # All Rights Reserved.
# #
@@ -118,6 +118,7 @@ JWT_APIS = {
ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE], ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE],
CHAT: ['https://www.googleapis.com/auth/chat.bot'], CHAT: ['https://www.googleapis.com/auth/chat.bot'],
CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE], CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE],
IAM: [IAM_SCOPE],
ORGPOLICY: [CLOUD_PLATFORM_SCOPE], ORGPOLICY: [CLOUD_PLATFORM_SCOPE],
} }
# #
@@ -131,6 +132,12 @@ APIS_NEEDING_ACCESS_TOKEN = {
CBCM: ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers'] CBCM: ['https://www.googleapis.com/auth/admin.directory.device.chromebrowsers']
} }
# #
DEPRECATED_SCOPES = {
'https://www.googleapis.com/auth/cloud-identity',
'https://www.googleapis.com/auth/cloud-platform',
'https://www.googleapis.com/auth/iam',
}
#
REFRESH_PERM_ERRORS = [ REFRESH_PERM_ERRORS = [
'invalid_grant: reauth related error (rapt_required)', # no way to reauth today 'invalid_grant: reauth related error (rapt_required)', # no way to reauth today
'invalid_grant: Token has been expired or revoked', 'invalid_grant: Token has been expired or revoked',
@@ -596,7 +603,7 @@ _SVCACCT_SCOPES = [
{'name': 'Cloud Identity Devices API', {'name': 'Cloud Identity Devices API',
'api': CLOUDIDENTITY_DEVICES, 'api': CLOUDIDENTITY_DEVICES,
'subscopes': READONLY, 'subscopes': READONLY,
'scope': 'https://www.googleapis.com/auth/cloud-identity'}, 'scope': 'https://www.googleapis.com/auth/cloud-identity.devices'},
# {'name': 'Cloud Identity User Invitations API', # {'name': 'Cloud Identity User Invitations API',
# 'api': CLOUDIDENTITY_USERINVITATIONS, # 'api': CLOUDIDENTITY_USERINVITATIONS,
# 'subscopes': READONLY, # 'subscopes': READONLY,
@@ -645,10 +652,11 @@ _SVCACCT_SCOPES = [
'api': GMAIL, 'api': GMAIL,
'subscopes': [], 'subscopes': [],
'scope': 'https://www.googleapis.com/auth/gmail.settings.sharing'}, 'scope': 'https://www.googleapis.com/auth/gmail.settings.sharing'},
{'name': 'Identity and Access Management API', # {'name': 'Identity and Access Management API',
'api': IAM, # 'api': IAM,
'subscopes': [], # 'offByDefault': True,
'scope': CLOUD_PLATFORM_SCOPE}, # 'subscopes': [],
# 'scope': CLOUD_PLATFORM_SCOPE},
{'name': 'Keep API', {'name': 'Keep API',
'api': KEEP, 'api': KEEP,
'subscopes': READONLY, 'subscopes': READONLY,

View File

@@ -163,6 +163,8 @@ EMAIL_BATCH_SIZE = 'email_batch_size'
ENABLE_DASA = 'enable_dasa' ENABLE_DASA = 'enable_dasa'
# Enable Cloud Session Reauthentication by borrowing a RAPT token from gcloud command # Enable Cloud Session Reauthentication by borrowing a RAPT token from gcloud command
ENABLE_GCLOUD_REAUTH = 'enable_gcloud_reauth' ENABLE_GCLOUD_REAUTH = 'enable_gcloud_reauth'
# Value for enforceExpansiveAccess for commands that delete or update drive file ACLs/permissions.
ENFORCE_EXPANSIVE_ACCESS = 'enforce_expansive_access'
# When retrieving lists of calendar events from API, how many should be retrieved in each chunk # When retrieving lists of calendar events from API, how many should be retrieved in each chunk
EVENT_MAX_RESULTS = 'event_max_results' EVENT_MAX_RESULTS = 'event_max_results'
# Path to extra_args.txt # Path to extra_args.txt
@@ -377,6 +379,7 @@ Defaults = {
DEVICE_MAX_RESULTS: '200', DEVICE_MAX_RESULTS: '200',
DOMAIN: '', DOMAIN: '',
DRIVE_DIR: '', DRIVE_DIR: '',
ENFORCE_EXPANSIVE_ACCESS: TRUE,
DRIVE_MAX_RESULTS: '1000', DRIVE_MAX_RESULTS: '1000',
DRIVE_V3_BETA: FALSE, DRIVE_V3_BETA: FALSE,
DRIVE_V3_NATIVE_NAMES: TRUE, DRIVE_V3_NATIVE_NAMES: TRUE,
@@ -545,6 +548,7 @@ VAR_INFO = {
DEVICE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)}, DEVICE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 200)},
DOMAIN: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_DOMAIN', VAR_LIMITS: (0, None)}, DOMAIN: {VAR_TYPE: TYPE_STRING, VAR_ENVVAR: 'GA_DOMAIN', VAR_LIMITS: (0, None)},
DRIVE_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMDRIVEDIR'}, DRIVE_DIR: {VAR_TYPE: TYPE_DIRECTORY, VAR_ENVVAR: 'GAMDRIVEDIR'},
ENFORCE_EXPANSIVE_ACCESS: {VAR_TYPE: TYPE_BOOLEAN},
DRIVE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)}, DRIVE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (1, 1000)},
DRIVE_V3_BETA: {VAR_TYPE: TYPE_BOOLEAN}, DRIVE_V3_BETA: {VAR_TYPE: TYPE_BOOLEAN},
DRIVE_V3_NATIVE_NAMES: {VAR_TYPE: TYPE_BOOLEAN}, DRIVE_V3_NATIVE_NAMES: {VAR_TYPE: TYPE_BOOLEAN},

View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright (C) 2024 Ross Scroggs All Rights Reserved. # Copyright (C) 2025 Ross Scroggs All Rights Reserved.
# #
# All Rights Reserved. # All Rights Reserved.
# #

View File

@@ -140,12 +140,13 @@ SERVICE_ACCOUNT_PRIVATE_KEY_AGE = 'Service Account Private Key age: {0} days'
SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK = 'Skipping Private Key age check: {0} rotation not necessary' SERVICE_ACCOUNT_SKIPPING_KEY_AGE_CHECK = 'Skipping Private Key age check: {0} rotation not necessary'
UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS = 'Please run "gam update project" to view/manage service account keys' UPDATE_PROJECT_TO_VIEW_MANAGE_SAKEYS = 'Please run "gam update project" to view/manage service account keys'
DOMAIN_WIDE_DELEGATION_AUTHENTICATION = 'Domain-wide Delegation authentication' DOMAIN_WIDE_DELEGATION_AUTHENTICATION = 'Domain-wide Delegation authentication'
DEPRECATED_SCOPES = 'Deprecated scopes that GAM should NEVER have DwD access to'
SCOPE_AUTHORIZATION_PASSED = '''All scopes PASSED! SCOPE_AUTHORIZATION_PASSED = '''All scopes PASSED!
Service Account Client name: {0} is fully authorized. Service Account Client name: {0} is fully authorized.
''' '''
SCOPE_AUTHORIZATION_UPDATE_PASSED = '''All scopes PASSED! SCOPE_AUTHORIZATION_UPDATE_PASSED = '''All scopes PASSED!
To authorize them (in case some scopes were unselected), please go to the following link in your browser: To update authorization (in case some scopes were unselected), please go to the following link in your browser:
{0} {0}
{1} {1}
@@ -156,8 +157,8 @@ Click AUTHORIZE
When the box closes you're done When the box closes you're done
After authorizing it may take some time for this test to pass so wait a few moments and then try this command again. After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
''' '''
SCOPE_AUTHORIZATION_FAILED = '''Some scopes FAILED! SCOPE_AUTHORIZATION_FAILED = '''Some scopes FAILED or should be DISABLED!
To authorize them, please go to the following link in your browser: To update authorization, please go to the following link in your browser:
{0} {0}
{1} {1}
@@ -309,6 +310,7 @@ INVALID_ATTENDEE_CHANGE = 'Invalid attendee change "{0}"'
INVALID_CHARSET = 'Invalid charset "{0}"' INVALID_CHARSET = 'Invalid charset "{0}"'
INVALID_DATE_TIME_RANGE = '{0} {1} must be greater than/equal to {2} {3}' INVALID_DATE_TIME_RANGE = '{0} {1} must be greater than/equal to {2} {3}'
INVALID_ENTITY = 'Invalid {0}, {1}' INVALID_ENTITY = 'Invalid {0}, {1}'
INVALID_EVENT_TIMERANGE = '{0} {1} must be less than {2}'
INVALID_FILE_SELECTION_WITH_ADMIN_ACCESS = 'Invalid file selection with adminaccess|asadmin' INVALID_FILE_SELECTION_WITH_ADMIN_ACCESS = 'Invalid file selection with adminaccess|asadmin'
INVALID_GROUP = 'Invalid Group' INVALID_GROUP = 'Invalid Group'
INVALID_HTTP_HEADER = 'Invalid http header data: {0}' INVALID_HTTP_HEADER = 'Invalid http header data: {0}'

View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright (C) 2023 Ross Scroggs All Rights Reserved. # Copyright (C) 2025 Ross Scroggs All Rights Reserved.
# #
# All Rights Reserved. # All Rights Reserved.
# #

View File

@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright (C) 2023 Ross Scroggs All Rights Reserved. # Copyright (C) 2025 Ross Scroggs All Rights Reserved.
# #
# All Rights Reserved. # All Rights Reserved.
# #

View File

@@ -117,6 +117,10 @@ The `quotechar <Character>` option allows you to choose an alternate quote chara
## Display Chrome policy schemas in same format as Legacy GAM ## Display Chrome policy schemas in same format as Legacy GAM
``` ```
gam info chromeschema std <SchemaName>
```
Chrome policy schema `<SchemaName>` is displayed.
```
gam show chromeschemas std gam show chromeschemas std
[filter <String>] [filter <String>]
``` ```
@@ -551,7 +555,7 @@ chrome.devices.AutoUpdateSettings: Auto-update settings.
SUNDAY: SUNDAY:
hours: TYPE_INT32 hours: TYPE_INT32
minutes: TYPE_INT32 minutes: TYPE_INT32
displayName: TYPE_STRING selectedVersion: TYPE_STRING
chromeosVersion: TYPE_STRING chromeosVersion: TYPE_STRING
aueWarningPeriodDays: TYPE_INT64 aueWarningPeriodDays: TYPE_INT64
warningPeriodDays: TYPE_INT64 warningPeriodDays: TYPE_INT64
@@ -577,7 +581,7 @@ chrome.devices.DeviceAllowEnterpriseRemoteAccessConnections: Enterprise remote a
false: Prevent remote access connections from enterprise admins. false: Prevent remote access connections from enterprise admins.
chrome.devices.DeviceAuthenticationFlowAutoReloadInterval: Automatic online sign-in / lock screen refresh. chrome.devices.DeviceAuthenticationFlowAutoReloadInterval: Automatic online sign-in / lock screen refresh.
duration: TYPE_INT64 deviceAuthenticationFlowAutoReloadInterval: TYPE_INT64
chrome.devices.DeviceAuthenticationUrlAllowlist: Blocked URL exceptions on the sign-in / lock screens. chrome.devices.DeviceAuthenticationUrlAllowlist: Blocked URL exceptions on the sign-in / lock screens.
deviceAuthenticationUrlAllowlist: TYPE_LIST deviceAuthenticationUrlAllowlist: TYPE_LIST
@@ -799,7 +803,7 @@ chrome.devices.DeviceScreensaverLoginScreenEnabled: Screen saver.
false: Don't display screen saver when idle. false: Don't display screen saver when idle.
deviceScreensaverLoginScreenImages: TYPE_LIST deviceScreensaverLoginScreenImages: TYPE_LIST
Screen saver image URLs. Enter one URL per line. Images must be in JPG format(.jpg or .jpeg files. Screen saver image URLs. Enter one URL per line. Images must be in JPG format(.jpg or .jpeg files.
duration: TYPE_INT64 deviceScreensaverLoginScreenImageDisplayIntervalSeconds: TYPE_INT64
chrome.devices.DeviceScreenSettings: Screen settings. chrome.devices.DeviceScreenSettings: Screen settings.
allowUserDisplayChanges: TYPE_BOOL allowUserDisplayChanges: TYPE_BOOL
@@ -907,7 +911,7 @@ chrome.devices.DeviceWilcoDtc: Dell SupportAssist.
installSupportAssistApp: TYPE_BOOL installSupportAssistApp: TYPE_BOOL
true: Force-install the Dell SupportAssist app for Dell devices. true: Force-install the Dell SupportAssist app for Dell devices.
false: Do not automatically install the Dell SupportAssist app. false: Do not automatically install the Dell SupportAssist app.
downloadUri: TYPE_STRING deviceWilcoDtcConfiguration: TYPE_STRING
chrome.devices.DisabledDeviceReturnInstructions: Disabled device return instructions. chrome.devices.DisabledDeviceReturnInstructions: Disabled device return instructions.
deviceDisabledMessage: TYPE_STRING deviceDisabledMessage: TYPE_STRING
@@ -964,13 +968,13 @@ chrome.devices.EnableReportDeviceUsers: Report device user tracking.
false: Disable tracking recent users. false: Disable tracking recent users.
chrome.devices.EnableReportUploadFrequency: Device status report upload frequency. chrome.devices.EnableReportUploadFrequency: Device status report upload frequency.
duration: TYPE_STRING reportDeviceUploadFrequency: TYPE_STRING
chrome.devices.EnableReportUploadFrequencyV2: Device status report upload frequency. chrome.devices.EnableReportUploadFrequencyV2: Device status report upload frequency.
duration: TYPE_INT64 reportDeviceUploadFrequency: TYPE_INT64
chrome.devices.ExtensionCacheSize: Apps and extensions cache size. chrome.devices.ExtensionCacheSize: Apps and extensions cache size.
value: TYPE_INT64 extensionCacheSize: TYPE_INT64
chrome.devices.ForcedReenrollment: Forced re-enrollment. chrome.devices.ForcedReenrollment: Forced re-enrollment.
reenrollmentMode: TYPE_ENUM reenrollmentMode: TYPE_ENUM
@@ -998,7 +1002,7 @@ chrome.devices.Imprivata: Imprivata login screen integration.
IMPRIVATA_EXTENSION_VERSION_M86: Pinned to v2 (Compatible with Chrome 86+). IMPRIVATA_EXTENSION_VERSION_M86: Pinned to v2 (Compatible with Chrome 86+).
IMPRIVATA_EXTENSION_VERSION_3: Pinned to v3 (Compatible with Chrome 97+). IMPRIVATA_EXTENSION_VERSION_3: Pinned to v3 (Compatible with Chrome 97+).
IMPRIVATA_EXTENSION_VERSION_4: Pinned to v4 (Compatible with Chrome 118+). IMPRIVATA_EXTENSION_VERSION_4: Pinned to v4 (Compatible with Chrome 118+).
downloadUri: TYPE_STRING imprivataExtensionConfiguration: TYPE_STRING
chrome.devices.InactiveDeviceNotifications: Inactive device notifications. chrome.devices.InactiveDeviceNotifications: Inactive device notifications.
notificationEnabled: TYPE_BOOL notificationEnabled: TYPE_BOOL
@@ -1023,7 +1027,7 @@ chrome.devices.kiosk.AcPowerSettings: AC Kiosk power settings.
IDLE_ACTION_LOGOUT: Logout. IDLE_ACTION_LOGOUT: Logout.
IDLE_ACTION_SHUTDOWN: Shutdown. IDLE_ACTION_SHUTDOWN: Shutdown.
IDLE_ACTION_DO_NOTHING: Do nothing. IDLE_ACTION_DO_NOTHING: Do nothing.
duration: TYPE_STRING acScreenOffTimeout: TYPE_STRING
chrome.devices.kiosk.AcPowerSettingsV2: AC Kiosk power settings. chrome.devices.kiosk.AcPowerSettingsV2: AC Kiosk power settings.
acIdleAction: TYPE_ENUM acIdleAction: TYPE_ENUM
@@ -1031,7 +1035,7 @@ chrome.devices.kiosk.AcPowerSettingsV2: AC Kiosk power settings.
IDLE_ACTION_LOGOUT: Logout. IDLE_ACTION_LOGOUT: Logout.
IDLE_ACTION_SHUTDOWN: Shutdown. IDLE_ACTION_SHUTDOWN: Shutdown.
IDLE_ACTION_DO_NOTHING: Do nothing. IDLE_ACTION_DO_NOTHING: Do nothing.
duration: TYPE_INT64 acScreenOffTimeout: TYPE_INT64
chrome.devices.kiosk.Alerting: Kiosk device status alerting delivery. chrome.devices.kiosk.Alerting: Kiosk device status alerting delivery.
deviceStatusAlertDeliveryModes: TYPE_LIST deviceStatusAlertDeliveryModes: TYPE_LIST
@@ -1113,7 +1117,7 @@ chrome.devices.kiosk.BatteryPowerSettings: Battery Kiosk power settings.
IDLE_ACTION_LOGOUT: Logout. IDLE_ACTION_LOGOUT: Logout.
IDLE_ACTION_SHUTDOWN: Shutdown. IDLE_ACTION_SHUTDOWN: Shutdown.
IDLE_ACTION_DO_NOTHING: Do nothing. IDLE_ACTION_DO_NOTHING: Do nothing.
duration: TYPE_STRING batteryScreenOffTimeout: TYPE_STRING
chrome.devices.kiosk.BatteryPowerSettingsV2: Battery Kiosk power settings. chrome.devices.kiosk.BatteryPowerSettingsV2: Battery Kiosk power settings.
batteryIdleAction: TYPE_ENUM batteryIdleAction: TYPE_ENUM
@@ -1121,7 +1125,7 @@ chrome.devices.kiosk.BatteryPowerSettingsV2: Battery Kiosk power settings.
IDLE_ACTION_LOGOUT: Logout. IDLE_ACTION_LOGOUT: Logout.
IDLE_ACTION_SHUTDOWN: Shutdown. IDLE_ACTION_SHUTDOWN: Shutdown.
IDLE_ACTION_DO_NOTHING: Do nothing. IDLE_ACTION_DO_NOTHING: Do nothing.
duration: TYPE_INT64 batteryScreenOffTimeout: TYPE_INT64
chrome.devices.kiosk.CaretHighlightEnabled: Kiosk caret highlight. chrome.devices.kiosk.CaretHighlightEnabled: Kiosk caret highlight.
caretHighlightEnabled: TYPE_ENUM caretHighlightEnabled: TYPE_ENUM
@@ -1486,6 +1490,7 @@ chrome.devices.managedguest.apps.EnterpriseChallenge: Allows setting of whether
chrome.devices.managedguest.apps.IncludeInChromeWebStoreCollection: Specifies whether the Chrome Application should appear in the Chrome Web Store collection. chrome.devices.managedguest.apps.IncludeInChromeWebStoreCollection: Specifies whether the Chrome Application should appear in the Chrome Web Store collection.
includeInCollection: TYPE_BOOL includeInCollection: TYPE_BOOL
spotlightRecommended: TYPE_BOOL
chrome.devices.managedguest.apps.InstallationUrl: Specifies the url from which to install a self hosted Chrome Extension. chrome.devices.managedguest.apps.InstallationUrl: Specifies the url from which to install a self hosted Chrome Extension.
installationUrl: TYPE_STRING installationUrl: TYPE_STRING
@@ -1580,7 +1585,7 @@ chrome.devices.managedguest.AutoplayAllowlist: Autoplay video.
Allowed URLs. URL patterns allowed to autoplay. Prefix domain with [*.] to include all subdomains. Use * to allow all domains. Allowed URLs. URL patterns allowed to autoplay. Prefix domain with [*.] to include all subdomains. Use * to allow all domains.
chrome.devices.managedguest.Avatar: Custom avatar. chrome.devices.managedguest.Avatar: Custom avatar.
downloadUri: TYPE_STRING userAvatarImage: TYPE_STRING
chrome.devices.managedguest.BeforeunloadEventCancelByPreventDefaultEnabled: Behavior of event.preventDefault() for beforeunload event. chrome.devices.managedguest.BeforeunloadEventCancelByPreventDefaultEnabled: Behavior of event.preventDefault() for beforeunload event.
beforeunloadEventCancelByPreventDefaultEnabled: TYPE_ENUM beforeunloadEventCancelByPreventDefaultEnabled: TYPE_ENUM
@@ -1603,10 +1608,10 @@ chrome.devices.managedguest.BrowserHistory: Browser history.
false: Always save browser history. false: Always save browser history.
chrome.devices.managedguest.BrowsingDataLifetime: Browsing Data Lifetime. chrome.devices.managedguest.BrowsingDataLifetime: Browsing Data Lifetime.
duration: TYPE_STRING hostedAppDataTtl: TYPE_STRING
chrome.devices.managedguest.BrowsingDataLifetimeV2: Browsing Data Lifetime. chrome.devices.managedguest.BrowsingDataLifetimeV2: Browsing Data Lifetime.
duration: TYPE_INT64 hostedAppDataTtl: TYPE_INT64
chrome.devices.managedguest.BuiltInDnsClientEnabled: Built-in DNS client. chrome.devices.managedguest.BuiltInDnsClientEnabled: Built-in DNS client.
builtInDnsClientEnabled: TYPE_ENUM builtInDnsClientEnabled: TYPE_ENUM
@@ -1689,7 +1694,7 @@ chrome.devices.managedguest.CursorHighlightEnabled: Cursor highlight.
TRUE: Enable cursor highlight. TRUE: Enable cursor highlight.
chrome.devices.managedguest.CustomTermsOfService: Custom terms of service. chrome.devices.managedguest.CustomTermsOfService: Custom terms of service.
downloadUri: TYPE_STRING termsOfServiceUrl: TYPE_STRING
chrome.devices.managedguest.DataLeakPreventionReportingEnabled: Data controls reporting. chrome.devices.managedguest.DataLeakPreventionReportingEnabled: Data controls reporting.
dataLeakPreventionReportingEnabled: TYPE_BOOL dataLeakPreventionReportingEnabled: TYPE_BOOL
@@ -1900,6 +1905,8 @@ chrome.devices.managedguest.ExternalStorage: External storage devices.
READ_WRITE: Allow read and write access to all external storage devices. READ_WRITE: Allow read and write access to all external storage devices.
READ_ONLY: Allow read only access to all external storage devices. READ_ONLY: Allow read only access to all external storage devices.
DISALLOW: Do not allow read and write access to external storage devices. DISALLOW: Do not allow read and write access to external storage devices.
externalStorageAllowlist: TYPE_LIST
Specify devices to always have read and write access. USB devices which are allowlisted for read and write access. To identify a specific device, enter colon separated hexadecimal pairs of USB Vendor Identifier and Product Identifier.
chrome.devices.managedguest.FastPairEnabled: Fast Pair (fast Bluetooth pairing). chrome.devices.managedguest.FastPairEnabled: Fast Pair (fast Bluetooth pairing).
fastPairEnabled: TYPE_ENUM fastPairEnabled: TYPE_ENUM
@@ -2108,7 +2115,7 @@ chrome.devices.managedguest.IdleSettingsExtended: Idle settings.
UNSET: Allow user to configure. UNSET: Allow user to configure.
FALSE: Don't lock screen. FALSE: Don't lock screen.
TRUE: Lock screen. TRUE: Lock screen.
duration: TYPE_INT64 screenLockDelayBattery: TYPE_INT64
chrome.devices.managedguest.IncognitoMode: Incognito mode. chrome.devices.managedguest.IncognitoMode: Incognito mode.
incognitoModeAvailability: TYPE_ENUM incognitoModeAvailability: TYPE_ENUM
@@ -2298,10 +2305,10 @@ chrome.devices.managedguest.ManagedGuestSessionV2: Managed guest session.
ROTATE_270: 270 degrees. ROTATE_270: 270 degrees.
chrome.devices.managedguest.MaxInvalidationFetchDelay: Policy fetch delay. chrome.devices.managedguest.MaxInvalidationFetchDelay: Policy fetch delay.
duration: TYPE_STRING maxInvalidationFetchDelay: TYPE_STRING
chrome.devices.managedguest.MaxInvalidationFetchDelayV2: Policy fetch delay. chrome.devices.managedguest.MaxInvalidationFetchDelayV2: Policy fetch delay.
duration: TYPE_INT64 maxInvalidationFetchDelay: TYPE_INT64
chrome.devices.managedguest.MemorySaverModeSavings: Memory saver. chrome.devices.managedguest.MemorySaverModeSavings: Memory saver.
memorySaverModeSavings: TYPE_ENUM memorySaverModeSavings: TYPE_ENUM
@@ -2503,7 +2510,7 @@ chrome.devices.managedguest.PrintingBackgroundGraphicsDefault: Background graphi
ENABLED: Enable background graphics printing mode by default. ENABLED: Enable background graphics printing mode by default.
chrome.devices.managedguest.PrintingMaxSheetsAllowed: Maximum sheets. chrome.devices.managedguest.PrintingMaxSheetsAllowed: Maximum sheets.
value: TYPE_INT64 printingMaxSheetsAllowedNullable: TYPE_INT64
chrome.devices.managedguest.PrintingPaperSizeDefault: Default printing page size. chrome.devices.managedguest.PrintingPaperSizeDefault: Default printing page size.
printingPaperSizeEnum: TYPE_ENUM printingPaperSizeEnum: TYPE_ENUM
@@ -2525,10 +2532,10 @@ chrome.devices.managedguest.PrintingPinDefault: Default PIN printing mode.
DEFAULT_TO_NOT_PIN_PRINTING: Without PIN. DEFAULT_TO_NOT_PIN_PRINTING: Without PIN.
chrome.devices.managedguest.PrintJobHistoryExpirationPeriodNew: Print job history retention period. chrome.devices.managedguest.PrintJobHistoryExpirationPeriodNew: Print job history retention period.
duration: TYPE_STRING printJobHistoryExpirationPeriodDaysNew: TYPE_STRING
chrome.devices.managedguest.PrintJobHistoryExpirationPeriodNewV2: Print job history retention period. chrome.devices.managedguest.PrintJobHistoryExpirationPeriodNewV2: Print job history retention period.
duration: TYPE_INT64 printJobHistoryExpirationPeriodDaysNew: TYPE_INT64
chrome.devices.managedguest.PrintPdfAsImage: Print PDF as image. chrome.devices.managedguest.PrintPdfAsImage: Print PDF as image.
printPdfAsImageAvailability: TYPE_BOOL printPdfAsImageAvailability: TYPE_BOOL
@@ -2537,7 +2544,7 @@ chrome.devices.managedguest.PrintPdfAsImage: Print PDF as image.
printPdfAsImageDefault: TYPE_BOOL printPdfAsImageDefault: TYPE_BOOL
true: Default to printing PDFs as images when available. true: Default to printing PDFs as images when available.
false: Default to printing PDFs without being rasterized. false: Default to printing PDFs without being rasterized.
value: TYPE_INT64 printRasterizePdfDpi: TYPE_INT64
chrome.devices.managedguest.PrivacyScreenEnabled: Privacy screen. chrome.devices.managedguest.PrivacyScreenEnabled: Privacy screen.
privacyScreenEnabled: TYPE_ENUM privacyScreenEnabled: TYPE_ENUM
@@ -2595,7 +2602,7 @@ chrome.devices.managedguest.RemoteAccessHostClientDomainList: Remote access clie
Remote access client domain. Configure the required domain names for remote access clients. Remote access client domain. Configure the required domain names for remote access clients.
chrome.devices.managedguest.RemoteAccessHostClipboardSizeBytes: Clipboard sync max size. chrome.devices.managedguest.RemoteAccessHostClipboardSizeBytes: Clipboard sync max size.
value: TYPE_INT64 remoteAccessHostClipboardSizeBytes: TYPE_INT64
chrome.devices.managedguest.RemoteAccessHostDomainList: Remote access hosts. chrome.devices.managedguest.RemoteAccessHostDomainList: Remote access hosts.
remoteAccessHostDomainList: TYPE_LIST remoteAccessHostDomainList: TYPE_LIST
@@ -2707,7 +2714,7 @@ chrome.devices.managedguest.ScreensaverLockScreenEnabled: Screen saver.
false: Don't display screen saver on lock screen when idle. false: Don't display screen saver on lock screen when idle.
screensaverLockScreenImages: TYPE_LIST screensaverLockScreenImages: TYPE_LIST
Screen saver image URLs. Enter one URL per line. Images must be in JPG format(.jpg or .jpeg files. Screen saver image URLs. Enter one URL per line. Images must be in JPG format(.jpg or .jpeg files.
duration: TYPE_INT64 screensaverLockScreenImageDisplayIntervalSeconds: TYPE_INT64
chrome.devices.managedguest.Screenshot: Screenshot. chrome.devices.managedguest.Screenshot: Screenshot.
disableScreenshots: TYPE_BOOL disableScreenshots: TYPE_BOOL
@@ -2733,14 +2740,14 @@ chrome.devices.managedguest.SecurityTokenSessionSettings: Security token removal
IGNORE: Nothing. IGNORE: Nothing.
LOGOUT: Log the user out. LOGOUT: Log the user out.
LOCK: Lock the current session. LOCK: Lock the current session.
duration: TYPE_STRING securityTokenSessionNotificationSeconds: TYPE_STRING
chrome.devices.managedguest.SecurityTokenSessionSettingsV2: Security token removal. chrome.devices.managedguest.SecurityTokenSessionSettingsV2: Security token removal.
securityTokenSessionBehavior: TYPE_ENUM securityTokenSessionBehavior: TYPE_ENUM
IGNORE: Nothing. IGNORE: Nothing.
LOGOUT: Log the user out. LOGOUT: Log the user out.
LOCK: Lock the current session. LOCK: Lock the current session.
duration: TYPE_INT64 securityTokenSessionNotificationSeconds: TYPE_INT64
chrome.devices.managedguest.SelectToSpeakEnabled: Select to speak. chrome.devices.managedguest.SelectToSpeakEnabled: Select to speak.
selectToSpeakEnabled: TYPE_ENUM selectToSpeakEnabled: TYPE_ENUM
@@ -2763,10 +2770,10 @@ chrome.devices.managedguest.ServiceWorkerToControlSrcdocIframeEnabled: Service w
false: Block service workers from controlling srcdoc iframes. false: Block service workers from controlling srcdoc iframes.
chrome.devices.managedguest.SessionLength: Maximum user session length. chrome.devices.managedguest.SessionLength: Maximum user session length.
duration: TYPE_STRING sessionDurationLimit: TYPE_STRING
chrome.devices.managedguest.SessionLengthV2: Maximum user session length. chrome.devices.managedguest.SessionLengthV2: Maximum user session length.
duration: TYPE_INT64 sessionDurationLimit: TYPE_INT64
chrome.devices.managedguest.SessionLocale: Session locale. chrome.devices.managedguest.SessionLocale: Session locale.
sessionLocalesRepeatedString: TYPE_LIST sessionLocalesRepeatedString: TYPE_LIST
@@ -3096,7 +3103,7 @@ chrome.devices.managedguest.WaitForInitialUserActivity: Wait for initial user ac
false: Start power management delays and session length limits at session start. false: Start power management delays and session length limits at session start.
chrome.devices.managedguest.Wallpaper: Custom wallpaper. chrome.devices.managedguest.Wallpaper: Custom wallpaper.
downloadUri: TYPE_STRING wallpaperImage: TYPE_STRING
chrome.devices.managedguest.WebBluetoothAccess: Web Bluetooth API. chrome.devices.managedguest.WebBluetoothAccess: Web Bluetooth API.
defaultWebBluetoothGuardSetting: TYPE_ENUM defaultWebBluetoothGuardSetting: TYPE_ENUM
@@ -3215,10 +3222,10 @@ chrome.devices.RestrictedManagedGuestSessionExtensionCleanupExemptList: Shared a
Extension IDs. Enter a list of extension IDs. Each extension ID must be exactly 32 characters. Extension IDs. Enter a list of extension IDs. Each extension ID must be exactly 32 characters.
chrome.devices.ScheduledRebootDuration: Reboot after uptime limit. chrome.devices.ScheduledRebootDuration: Reboot after uptime limit.
duration: TYPE_STRING uptimeLimitDuration: TYPE_STRING
chrome.devices.ScheduledRebootDurationV2: Reboot after uptime limit. chrome.devices.ScheduledRebootDurationV2: Reboot after uptime limit.
duration: TYPE_INT64 uptimeLimitDuration: TYPE_INT64
chrome.devices.ShowLowDiskSpaceNotification: Low disk space notification. chrome.devices.ShowLowDiskSpaceNotification: Low disk space notification.
showLowDiskSpaceNotification: TYPE_BOOL showLowDiskSpaceNotification: TYPE_BOOL
@@ -3226,7 +3233,7 @@ chrome.devices.ShowLowDiskSpaceNotification: Low disk space notification.
false: Do not show notification when disk space is low. false: Do not show notification when disk space is low.
chrome.devices.SignInKeyboard: Login screen keyboard. chrome.devices.SignInKeyboard: Login screen keyboard.
keyboardIds: TYPE_LIST selections: TYPE_LIST
chrome.devices.SignInLanguage: Sign-in language. chrome.devices.SignInLanguage: Sign-in language.
signInLanguageString: TYPE_STRING signInLanguageString: TYPE_STRING
@@ -3254,7 +3261,7 @@ chrome.devices.SignInRestrictionsOffHours: Device off hours.
minutes: TYPE_INT32 minutes: TYPE_INT32
chrome.devices.SignInWallpaperImage: Device wallpaper image. chrome.devices.SignInWallpaperImage: Device wallpaper image.
downloadUri: TYPE_STRING deviceWallpaperImage: TYPE_STRING
chrome.devices.SsoCameraPermissions: Single sign-on camera permissions. chrome.devices.SsoCameraPermissions: Single sign-on camera permissions.
loginVideoCaptureAllowedUrls: TYPE_LIST loginVideoCaptureAllowedUrls: TYPE_LIST
@@ -3301,7 +3308,7 @@ chrome.devices.Timezone: Timezone.
IP_ONLY: Always use coarse timezone detection. IP_ONLY: Always use coarse timezone detection.
SEND_WIFI_ACCESS_POINTS: Always send wifi access points to server while resolving timezone. SEND_WIFI_ACCESS_POINTS: Always send wifi access points to server while resolving timezone.
SEND_ALL_LOCATION_INFO: Send all location information. SEND_ALL_LOCATION_INFO: Send all location information.
value: TYPE_STRING systemTimezone: TYPE_STRING
chrome.devices.TpmFirmwareUpdate: TPM firmware update. chrome.devices.TpmFirmwareUpdate: TPM firmware update.
tpmFirmwareUpdateEnabled: TYPE_BOOL tpmFirmwareUpdateEnabled: TYPE_BOOL
@@ -3796,6 +3803,7 @@ chrome.users.apps.EnterpriseChallenge: Allows setting of whether the app can cha
chrome.users.apps.IncludeInChromeWebStoreCollection: Specifies whether the Chrome Application should appear in the Chrome Web Store collection. chrome.users.apps.IncludeInChromeWebStoreCollection: Specifies whether the Chrome Application should appear in the Chrome Web Store collection.
includeInCollection: TYPE_BOOL includeInCollection: TYPE_BOOL
spotlightRecommended: TYPE_BOOL
chrome.users.apps.InstallationUrl: Specifies the url from which to install a self hosted Chrome Extension. chrome.users.apps.InstallationUrl: Specifies the url from which to install a self hosted Chrome Extension.
installationUrl: TYPE_STRING installationUrl: TYPE_STRING
@@ -3808,6 +3816,9 @@ chrome.users.apps.InstallType: Specifies the manner in which the app is to be in
ALLOWED: Allow installation of the app. ALLOWED: Allow installation of the app.
FORCED: Force install the app. FORCED: Force install the app.
FORCED_AND_PIN_TO_TOOLBAR: Force install and pin the app to the toolbar. FORCED_AND_PIN_TO_TOOLBAR: Force install and pin the app to the toolbar.
NORMAL: Force install the app, but allow the user to disable it. This option is only available for Chrome extensions.
NORMAL_AND_PIN_TO_TOOLBAR: Force install and pin the app to the toolbar, but allow the user to disable it. This option is only available for Chrome extensions.
REMOVE: Block installation of the app and remove it from the device. This option is only available for Chrome extensions.
chrome.users.apps.ManagedConfiguration: Allows setting of the managed configuration. chrome.users.apps.ManagedConfiguration: Allows setting of the managed configuration.
managedConfiguration: TYPE_STRING managedConfiguration: TYPE_STRING
@@ -3905,7 +3916,7 @@ chrome.users.appsconfig.ChromeWebStoreBranding: Org name & logo.
false: Don't customize org name and logo. false: Don't customize org name and logo.
cwsBrandingOrgName: TYPE_STRING cwsBrandingOrgName: TYPE_STRING
Organization name displayed. Name to be displayed on your users' custom Web Store. Organization name displayed. Name to be displayed on your users' custom Web Store.
downloadUri: TYPE_STRING cwsBrandingOrgLogo: TYPE_STRING
chrome.users.appsconfig.ChromeWebStoreHomepage: Chrome Web Store homepage. chrome.users.appsconfig.ChromeWebStoreHomepage: Chrome Web Store homepage.
cwsHomePage: TYPE_ENUM cwsHomePage: TYPE_ENUM
@@ -3933,7 +3944,7 @@ chrome.users.appsconfig.ChromeWebStoreHomepageBanner: Homepage banner.
Headline text. The headline text to display on the banner. Headline text. The headline text to display on the banner.
cwsExtensionHomepageBannerDescriptionText: TYPE_STRING cwsExtensionHomepageBannerDescriptionText: TYPE_STRING
Description text. The description text to display on the banner. Description text. The description text to display on the banner.
downloadUri: TYPE_STRING cwsExtensionHomepageBannerImage: TYPE_STRING
chrome.users.appsconfig.ChromeWebStorePagesAndContent: Pages & content. chrome.users.appsconfig.ChromeWebStorePagesAndContent: Pages & content.
cwsPagesContentCustomizationEnabled: TYPE_BOOL cwsPagesContentCustomizationEnabled: TYPE_BOOL
@@ -4081,6 +4092,13 @@ chrome.users.AutofillCreditCardEnabled: Credit card form autofill.
true: Allow user to configure. true: Allow user to configure.
false: Never Autofill credit card forms. false: Never Autofill credit card forms.
chrome.users.AutofillPredictionSettings: Autofill with AI.
autofillPredictionSettings: TYPE_ENUM
ALLOWED: Allow autofill prediction and improve AI models.
ALLOWED_WITHOUT_LOGGING: Allow autofill prediction without improving AI models.
DISABLED: Do not allow autofill prediction.
UNSET: Use the value specified in the Generative AI policy defaults setting.
chrome.users.AutomaticFullscreen: Automatic fullscreen. chrome.users.AutomaticFullscreen: Automatic fullscreen.
automaticFullscreenAllowedForUrls: TYPE_LIST automaticFullscreenAllowedForUrls: TYPE_LIST
Allow automatic fullscreen on these sites. Supersedes users' personal settings and allows matching origins to call the API without a prior user gesture. Allow automatic fullscreen on these sites. Supersedes users' personal settings and allows matching origins to call the API without a prior user gesture.
@@ -4098,13 +4116,13 @@ chrome.users.AutoplayAllowlist: Autoplay video.
Allowed URLs. URL patterns allowed to autoplay. Prefix domain with [*.] to include all subdomains. Use * to allow all domains. Allowed URLs. URL patterns allowed to autoplay. Prefix domain with [*.] to include all subdomains. Use * to allow all domains.
chrome.users.AutoUpdateCheckPeriodNew: Auto-update check period. chrome.users.AutoUpdateCheckPeriodNew: Auto-update check period.
duration: TYPE_STRING autoUpdateCheckPeriodMinutesNew: TYPE_STRING
chrome.users.AutoUpdateCheckPeriodNewV2: Auto-update check period. chrome.users.AutoUpdateCheckPeriodNewV2: Auto-update check period.
duration: TYPE_INT64 autoUpdateCheckPeriodMinutesNew: TYPE_INT64
chrome.users.Avatar: Custom avatar. chrome.users.Avatar: Custom avatar.
downloadUri: TYPE_STRING userAvatarImage: TYPE_STRING
chrome.users.BackForwardCacheEnabled: Back-forward cache. chrome.users.BackForwardCacheEnabled: Back-forward cache.
backForwardCacheEnabled: TYPE_BOOL backForwardCacheEnabled: TYPE_BOOL
@@ -4187,7 +4205,7 @@ chrome.users.BrowserHistory: Browser history.
chrome.users.BrowserIdleTimeout: Browser idle timeout. chrome.users.BrowserIdleTimeout: Browser idle timeout.
idleTimeoutActions: TYPE_LIST idleTimeoutActions: TYPE_LIST
{'value': 'close_browsers', 'description': 'Close Browsers.'} {'value': 'close_browsers', 'description': 'Close Browsers.'}
duration: TYPE_INT64 idleTimeout: TYPE_INT64
chrome.users.BrowserLabsEnabled: Browser experiments icon in toolbar. chrome.users.BrowserLabsEnabled: Browser experiments icon in toolbar.
browserLabsEnabled: TYPE_BOOL browserLabsEnabled: TYPE_BOOL
@@ -4224,10 +4242,10 @@ chrome.users.BrowserSwitcherChromePath: Chrome path.
Path to the Chrome executable. Windows-only. Path to the Chrome executable to launch when switching from the alternative browser to Chrome. If unset, the alternative browser will auto-detect the path to Chrome. Path to the Chrome executable. Windows-only. Path to the Chrome executable to launch when switching from the alternative browser to Chrome. If unset, the alternative browser will auto-detect the path to Chrome.
chrome.users.BrowserSwitcherDelayDuration: Delay before launching alternative browser. chrome.users.BrowserSwitcherDelayDuration: Delay before launching alternative browser.
duration: TYPE_STRING browserSwitcherDelayDuration: TYPE_STRING
chrome.users.BrowserSwitcherDelayDurationV2: Delay before launching alternative browser. chrome.users.BrowserSwitcherDelayDurationV2: Delay before launching alternative browser.
duration: TYPE_INT64 browserSwitcherDelayDuration: TYPE_INT64
chrome.users.BrowserSwitcherExternalGreylistUrl: URL to list of websites to open in either browser. chrome.users.BrowserSwitcherExternalGreylistUrl: URL to list of websites to open in either browser.
browserSwitcherExternalGreylistUrl: TYPE_STRING browserSwitcherExternalGreylistUrl: TYPE_STRING
@@ -4265,10 +4283,10 @@ chrome.users.BrowserThemeColor: Custom theme color.
Hex color. Enter a valid hex color, for instance #FFFFFF. Hex color. Enter a valid hex color, for instance #FFFFFF.
chrome.users.BrowsingDataLifetime: Browsing Data Lifetime. chrome.users.BrowsingDataLifetime: Browsing Data Lifetime.
duration: TYPE_STRING hostedAppDataTtl: TYPE_STRING
chrome.users.BrowsingDataLifetimeV2: Browsing Data Lifetime. chrome.users.BrowsingDataLifetimeV2: Browsing Data Lifetime.
duration: TYPE_INT64 hostedAppDataTtl: TYPE_INT64
chrome.users.BuiltInDnsClientEnabled: Built-in DNS client. chrome.users.BuiltInDnsClientEnabled: Built-in DNS client.
builtInDnsClientEnabled: TYPE_ENUM builtInDnsClientEnabled: TYPE_ENUM
@@ -4418,11 +4436,16 @@ chrome.users.CloudProfileReportingEnabled: Managed profile reporting.
true: Enable managed profile reporting for managed users. true: Enable managed profile reporting for managed users.
false: Disable managed profile reporting for managed users. false: Disable managed profile reporting for managed users.
chrome.users.CloudReporting: Managed browser reporting.
cloudReportingEnabled: TYPE_BOOL
true: Enable managed browser cloud reporting.
false: Disable managed browser cloud reporting.
chrome.users.CloudReportingUploadFrequency: Managed browser reporting upload frequency. chrome.users.CloudReportingUploadFrequency: Managed browser reporting upload frequency.
duration: TYPE_STRING cloudReportingUploadFrequency: TYPE_STRING
chrome.users.CloudReportingUploadFrequencyV2: Managed browser reporting upload frequency. chrome.users.CloudReportingUploadFrequencyV2: Managed browser reporting upload frequency.
duration: TYPE_INT64 cloudReportingUploadFrequency: TYPE_INT64
chrome.users.CloudUserPolicyMerge: User cloud policy merge. chrome.users.CloudUserPolicyMerge: User cloud policy merge.
cloudUserPolicyMerge: TYPE_BOOL cloudUserPolicyMerge: TYPE_BOOL
@@ -4542,7 +4565,7 @@ chrome.users.CursorHighlightEnabled: Cursor highlight.
TRUE: Enable cursor highlight. TRUE: Enable cursor highlight.
chrome.users.CustomTermsOfService: Custom terms of service. chrome.users.CustomTermsOfService: Custom terms of service.
downloadUri: TYPE_STRING termsOfServiceUrl: TYPE_STRING
chrome.users.DataCompressionProxy: Data compression proxy. chrome.users.DataCompressionProxy: Data compression proxy.
dataCompressionProxyEnabled: TYPE_ENUM dataCompressionProxyEnabled: TYPE_ENUM
@@ -4843,6 +4866,10 @@ chrome.users.ExplicitlyAllowedNetworkPorts: Allowed network ports.
explicitlyAllowedNetworkPorts: TYPE_LIST explicitlyAllowedNetworkPorts: TYPE_LIST
{'value': '554', 'description': 'port 554 (expires 2021/10/15).'} {'value': '554', 'description': 'port 554 (expires 2021/10/15).'}
chrome.users.ExtensibleEnterpriseSsoBlocklist: Extensible Enterprise SSO blocking.
extensibleEnterpriseSsoBlocklist: TYPE_LIST
{'value': 'all', 'description': 'All identity providers.'}
chrome.users.ExtensionExtendedBackgroundLifetimeForPortConnectionsToUrls: Extended background lifetime. chrome.users.ExtensionExtendedBackgroundLifetimeForPortConnectionsToUrls: Extended background lifetime.
extensionExtendedBackgroundLifetimeForPortConnectionsToUrls: TYPE_LIST extensionExtendedBackgroundLifetimeForPortConnectionsToUrls: TYPE_LIST
Origins that grant extended background lifetime to connecting extensions. Enter a list of origins. Extensions that connect to one of these origins will be be kept running as long as the port is connected. One URL per line. Origins that grant extended background lifetime to connecting extensions. Enter a list of origins. Extensions that connect to one of these origins will be be kept running as long as the port is connected. One URL per line.
@@ -4864,6 +4891,8 @@ chrome.users.ExternalStorage: External storage devices.
READ_WRITE: Allow read and write access to all external storage devices. READ_WRITE: Allow read and write access to all external storage devices.
READ_ONLY: Allow read only access to all external storage devices. READ_ONLY: Allow read only access to all external storage devices.
DISALLOW: Do not allow read and write access to external storage devices. DISALLOW: Do not allow read and write access to external storage devices.
externalStorageAllowlist: TYPE_LIST
Specify devices to always have read and write access. USB devices which are allowlisted for read and write access. To identify a specific device, enter colon separated hexadecimal pairs of USB Vendor Identifier and Product Identifier.
chrome.users.FastPairEnabled: Fast Pair (fast Bluetooth pairing). chrome.users.FastPairEnabled: Fast Pair (fast Bluetooth pairing).
fastPairEnabled: TYPE_ENUM fastPairEnabled: TYPE_ENUM
@@ -4887,10 +4916,10 @@ chrome.users.FElevenKeyModifier: Control the shortcut used to trigger F11.
RECOMMENDED: Allow users to override. RECOMMENDED: Allow users to override.
chrome.users.FetchKeepaliveDurationSecondsOnShutdown: Keepalive duration. chrome.users.FetchKeepaliveDurationSecondsOnShutdown: Keepalive duration.
duration: TYPE_STRING fetchKeepaliveDurationSecondsOnShutdown: TYPE_STRING
chrome.users.FetchKeepaliveDurationSecondsOnShutdownV2: Keepalive duration. chrome.users.FetchKeepaliveDurationSecondsOnShutdownV2: Keepalive duration.
duration: TYPE_INT64 fetchKeepaliveDurationSecondsOnShutdown: TYPE_INT64
chrome.users.FileOrDirectoryPickerWithoutGestureAllowedForOrigins: File/directory picker without user gesture. chrome.users.FileOrDirectoryPickerWithoutGestureAllowedForOrigins: File/directory picker without user gesture.
fileOrDirectoryPickerWithoutGestureAllowedForOrigins: TYPE_LIST fileOrDirectoryPickerWithoutGestureAllowedForOrigins: TYPE_LIST
@@ -4989,10 +5018,16 @@ chrome.users.FullscreenAllowed: Fullscreen mode.
false: Do not allow fullscreen mode. false: Do not allow fullscreen mode.
chrome.users.GaiaLockScreenOfflineSigninTimeLimitDays: Google online unlock frequency. chrome.users.GaiaLockScreenOfflineSigninTimeLimitDays: Google online unlock frequency.
value: TYPE_INT64 gaiaLockScreenOfflineSigninTimeLimitDays: TYPE_INT64
chrome.users.GaiaOfflineSigninTimeLimitDays: Google online login frequency. chrome.users.GaiaOfflineSigninTimeLimitDays: Google online login frequency.
value: TYPE_INT64 gaiaOfflineSigninTimeLimitDays: TYPE_INT64
chrome.users.GeminiSettings: Gemini integration.
geminiSettings: TYPE_ENUM
ENABLED: Allow Gemini integrations.
DISABLED: Do not allow Gemini integrations.
UNSET: Use the value specified in the Generative AI policy defaults setting.
chrome.users.GenAiDefaultSettings: Generative AI policy defaults. chrome.users.GenAiDefaultSettings: Generative AI policy defaults.
genAiDefaultSettings: TYPE_ENUM genAiDefaultSettings: TYPE_ENUM
@@ -5168,7 +5203,7 @@ chrome.users.IdleSettingsExtended: Idle settings.
UNSET: Allow user to configure. UNSET: Allow user to configure.
FALSE: Don't lock screen. FALSE: Don't lock screen.
TRUE: Lock screen. TRUE: Lock screen.
duration: TYPE_INT64 screenLockDelayBattery: TYPE_INT64
chrome.users.Images: Images. chrome.users.Images: Images.
defaultImagesSettings: TYPE_ENUM defaultImagesSettings: TYPE_ENUM
@@ -5235,6 +5270,10 @@ chrome.users.InactiveBrowserDeletion: Inactive period for browser deletion.
inactiveBrowserTtlDays: TYPE_INT64 inactiveBrowserTtlDays: TYPE_INT64
Number of days. Shortening this period can cause more enrolled browsers to be considered inactive and, therefore, be irreversibly deleted. Before lowering the value of this policy, make sure you understand the impact. The allowable range is 28-730 days. Number of days. Shortening this period can cause more enrolled browsers to be considered inactive and, therefore, be irreversibly deleted. Before lowering the value of this policy, make sure you understand the impact. The allowable range is 28-730 days.
chrome.users.InactivePeriodForProfileDeletion: Inactive period for profile deletion.
inactiveProfileTtlDays: TYPE_INT64
Inactive period for profile deletion. Shortening this period can cause more managed profiles to be considered inactive and, therefore, be deleted. Before lowering the value of this policy, make sure you understand the impact. The allowable range is 28-730 days.
chrome.users.IncognitoMode: Incognito mode. chrome.users.IncognitoMode: Incognito mode.
incognitoModeAvailability: TYPE_ENUM incognitoModeAvailability: TYPE_ENUM
AVAILABLE: Allow incognito mode. AVAILABLE: Allow incognito mode.
@@ -5512,10 +5551,10 @@ chrome.users.MaxConnectionsPerProxy: Max connections per proxy.
Maximum number of concurrent connections to the proxy server. Specifies the maximal number of simultaneous connections to the proxy server. The value of this policy should be lower than 100 and higher than 6 and the default value is 32. Maximum number of concurrent connections to the proxy server. Specifies the maximal number of simultaneous connections to the proxy server. The value of this policy should be lower than 100 and higher than 6 and the default value is 32.
chrome.users.MaxInvalidationFetchDelay: Policy fetch delay. chrome.users.MaxInvalidationFetchDelay: Policy fetch delay.
duration: TYPE_STRING maxInvalidationFetchDelay: TYPE_STRING
chrome.users.MaxInvalidationFetchDelayV2: Policy fetch delay. chrome.users.MaxInvalidationFetchDelayV2: Policy fetch delay.
duration: TYPE_INT64 maxInvalidationFetchDelay: TYPE_INT64
chrome.users.MediaRecommendationsEnabled: Media Recommendations. chrome.users.MediaRecommendationsEnabled: Media Recommendations.
mediaRecommendationsEnabled: TYPE_BOOL mediaRecommendationsEnabled: TYPE_BOOL
@@ -5692,6 +5731,16 @@ chrome.users.NtpMiddleSlotAnnouncementVisible: Middle slot announcement on the N
true: Show the middle slot announcement on the New Tab Page if it is available. true: Show the middle slot announcement on the New Tab Page if it is available.
false: Do not show the middle slot announcement on the New Tab Page even if it is available. false: Do not show the middle slot announcement on the New Tab Page even if it is available.
chrome.users.NtpOutlookCardVisible: New Tab page Outlook card.
ntpOutlookCardVisible: TYPE_BOOL
true: Enable New Tab page Outlook calendar card.
false: Disable New Tab page Outlook calendar card.
chrome.users.NtpSharepointCardVisible: New Tab page Sharepoint and OneDrive card.
ntpSharepointCardVisible: TYPE_BOOL
true: Enable New Tab page Sharepoint and OneDrive files card.
false: Disable New Tab page Sharepoint and OneDrive files card.
chrome.users.OffsetParentNewSpecBehaviorEnabled: Enable legacy HTMLElement offset behavior. chrome.users.OffsetParentNewSpecBehaviorEnabled: Enable legacy HTMLElement offset behavior.
offsetParentNewSpecBehaviorEnabled: TYPE_BOOL offsetParentNewSpecBehaviorEnabled: TYPE_BOOL
true: Use new offset behavior. true: Use new offset behavior.
@@ -5972,7 +6021,7 @@ chrome.users.PrintingLpacSandboxEnabled: Printing LPAC Sandbox.
false: Run printing services in a less secure sandbox. false: Run printing services in a less secure sandbox.
chrome.users.PrintingMaxSheetsAllowed: Maximum sheets. chrome.users.PrintingMaxSheetsAllowed: Maximum sheets.
value: TYPE_INT64 printingMaxSheetsAllowedNullable: TYPE_INT64
chrome.users.PrintingPaperSizeDefault: Default printing page size. chrome.users.PrintingPaperSizeDefault: Default printing page size.
printingPaperSizeEnum: TYPE_ENUM printingPaperSizeEnum: TYPE_ENUM
@@ -5999,10 +6048,10 @@ chrome.users.PrintingSendUsernameAndFilenameEnabled: CUPS Print job information.
false: Do not include user account and filename in print job. false: Do not include user account and filename in print job.
chrome.users.PrintJobHistoryExpirationPeriodNew: Print job history retention period. chrome.users.PrintJobHistoryExpirationPeriodNew: Print job history retention period.
duration: TYPE_STRING printJobHistoryExpirationPeriodDaysNew: TYPE_STRING
chrome.users.PrintJobHistoryExpirationPeriodNewV2: Print job history retention period. chrome.users.PrintJobHistoryExpirationPeriodNewV2: Print job history retention period.
duration: TYPE_INT64 printJobHistoryExpirationPeriodDaysNew: TYPE_INT64
chrome.users.PrintPdfAsImage: Print PDF as image. chrome.users.PrintPdfAsImage: Print PDF as image.
printPdfAsImageAvailability: TYPE_BOOL printPdfAsImageAvailability: TYPE_BOOL
@@ -6011,7 +6060,7 @@ chrome.users.PrintPdfAsImage: Print PDF as image.
printPdfAsImageDefault: TYPE_BOOL printPdfAsImageDefault: TYPE_BOOL
true: Default to printing PDFs as images when available. true: Default to printing PDFs as images when available.
false: Default to printing PDFs without being rasterized. false: Default to printing PDFs without being rasterized.
value: TYPE_INT64 printRasterizePdfDpi: TYPE_INT64
chrome.users.PrintPostScriptMode: PostScript printer mode. chrome.users.PrintPostScriptMode: PostScript printer mode.
printPostScriptMode: TYPE_ENUM printPostScriptMode: TYPE_ENUM
@@ -6148,7 +6197,7 @@ chrome.users.RelaunchNotificationWithDuration: Relaunch notification.
NO_NOTIFICATION: No relaunch notification. NO_NOTIFICATION: No relaunch notification.
RECOMMENDED: Show notification recommending relaunch. RECOMMENDED: Show notification recommending relaunch.
REQUIRED: Force relaunch after a period. REQUIRED: Force relaunch after a period.
duration: TYPE_STRING relaunchWindowDurationMin: TYPE_STRING
hours: TYPE_INT32 hours: TYPE_INT32
minutes: TYPE_INT32 minutes: TYPE_INT32
seconds: TYPE_INT32 seconds: TYPE_INT32
@@ -6159,7 +6208,7 @@ chrome.users.RelaunchNotificationWithDurationV2: Relaunch notification.
NO_NOTIFICATION: No relaunch notification. NO_NOTIFICATION: No relaunch notification.
RECOMMENDED: Show notification recommending relaunch. RECOMMENDED: Show notification recommending relaunch.
REQUIRED: Force relaunch after a period. REQUIRED: Force relaunch after a period.
duration: TYPE_INT64 relaunchWindowDurationMin: TYPE_INT64
hours: TYPE_INT32 hours: TYPE_INT32
minutes: TYPE_INT32 minutes: TYPE_INT32
seconds: TYPE_INT32 seconds: TYPE_INT32
@@ -6180,7 +6229,7 @@ chrome.users.RemoteAccessHostClientDomainList: Remote access clients.
Remote access client domain. Configure the required domain names for remote access clients. Remote access client domain. Configure the required domain names for remote access clients.
chrome.users.RemoteAccessHostClipboardSizeBytes: Clipboard sync max size. chrome.users.RemoteAccessHostClipboardSizeBytes: Clipboard sync max size.
value: TYPE_INT64 remoteAccessHostClipboardSizeBytes: TYPE_INT64
chrome.users.RemoteAccessHostDomainList: Remote access hosts. chrome.users.RemoteAccessHostDomainList: Remote access hosts.
remoteAccessHostDomainList: TYPE_LIST remoteAccessHostDomainList: TYPE_LIST
@@ -6299,7 +6348,7 @@ chrome.users.SafeSitesFilterBehavior: SafeSites URL filter.
SAFE_SITES_FILTER_ENABLED: Filter sites for adult content. SAFE_SITES_FILTER_ENABLED: Filter sites for adult content.
chrome.users.SamlLockScreenOfflineSigninTimeLimitDays: SAML single sign-on unlock frequency. chrome.users.SamlLockScreenOfflineSigninTimeLimitDays: SAML single sign-on unlock frequency.
value: TYPE_INT64 samlLockScreenOfflineSigninTimeLimitDays: TYPE_INT64
chrome.users.SamlLockScreenReauthenticationEnabled: SAML single sign-on password synchronization flows. chrome.users.SamlLockScreenReauthenticationEnabled: SAML single sign-on password synchronization flows.
samlLockScreenReauthenticationEnabled: TYPE_BOOL samlLockScreenReauthenticationEnabled: TYPE_BOOL
@@ -6380,14 +6429,14 @@ chrome.users.SecurityTokenSessionSettings: Security token removal.
IGNORE: Nothing. IGNORE: Nothing.
LOGOUT: Log the user out. LOGOUT: Log the user out.
LOCK: Lock the current session. LOCK: Lock the current session.
duration: TYPE_STRING securityTokenSessionNotificationSeconds: TYPE_STRING
chrome.users.SecurityTokenSessionSettingsV2: Security token removal. chrome.users.SecurityTokenSessionSettingsV2: Security token removal.
securityTokenSessionBehavior: TYPE_ENUM securityTokenSessionBehavior: TYPE_ENUM
IGNORE: Nothing. IGNORE: Nothing.
LOGOUT: Log the user out. LOGOUT: Log the user out.
LOCK: Lock the current session. LOCK: Lock the current session.
duration: TYPE_INT64 securityTokenSessionNotificationSeconds: TYPE_INT64
chrome.users.SelectToSpeakEnabled: Select to speak. chrome.users.SelectToSpeakEnabled: Select to speak.
selectToSpeakEnabled: TYPE_ENUM selectToSpeakEnabled: TYPE_ENUM
@@ -6410,10 +6459,10 @@ chrome.users.ServiceWorkerToControlSrcdocIframeEnabled: Service worker control o
false: Block service workers from controlling srcdoc iframes. false: Block service workers from controlling srcdoc iframes.
chrome.users.SessionLength: Maximum user session length. chrome.users.SessionLength: Maximum user session length.
duration: TYPE_STRING sessionDurationLimit: TYPE_STRING
chrome.users.SessionLengthV2: Maximum user session length. chrome.users.SessionLengthV2: Maximum user session length.
duration: TYPE_INT64 sessionDurationLimit: TYPE_INT64
chrome.users.SetTimeoutWithoutOneMsClampEnabled: Javascript setTimeout() minimum. chrome.users.SetTimeoutWithoutOneMsClampEnabled: Javascript setTimeout() minimum.
setTimeoutWithoutOneMsClampEnabled: TYPE_ENUM setTimeoutWithoutOneMsClampEnabled: TYPE_ENUM
@@ -6768,6 +6817,11 @@ chrome.users.ThirdPartyCookieBlocking: Third-party cookie blocking.
FALSE: Allow third-party cookies. FALSE: Allow third-party cookies.
TRUE: Disallow third-party cookies. TRUE: Disallow third-party cookies.
chrome.users.ThirdPartyPasswordManagersAllowed: Third-party password managers allowed.
thirdPartyPasswordManagersAllowed: TYPE_BOOL
true: Allow using third-party password managers in Chrome.
false: Block using third-party password managers in Chrome.
chrome.users.ThirdPartyStoragePartitioningSettings: Third-party storage partitioning. chrome.users.ThirdPartyStoragePartitioningSettings: Third-party storage partitioning.
defaultThirdPartyStoragePartitioningSetting: TYPE_ENUM defaultThirdPartyStoragePartitioningSetting: TYPE_ENUM
ALLOW_PARTITIONING: Allow third-party storage partitioning to be enabled. ALLOW_PARTITIONING: Allow third-party storage partitioning to be enabled.
@@ -7004,7 +7058,7 @@ chrome.users.WaitForInitialUserActivity: Wait for initial user activity.
false: Start power management delays and session length limits at session start. false: Start power management delays and session length limits at session start.
chrome.users.Wallpaper: Custom wallpaper. chrome.users.Wallpaper: Custom wallpaper.
downloadUri: TYPE_STRING wallpaperImage: TYPE_STRING
chrome.users.WallpaperGooglePhotosIntegrationEnabled: Wallpaper selection from Google Photos. chrome.users.WallpaperGooglePhotosIntegrationEnabled: Wallpaper selection from Google Photos.
wallpaperGooglePhotosIntegrationEnabled: TYPE_BOOL wallpaperGooglePhotosIntegrationEnabled: TYPE_BOOL
@@ -7019,6 +7073,11 @@ chrome.users.WarnBeforeQuittingEnabled: Warn before quitting.
MANDATORY: Do not allow users to override. MANDATORY: Do not allow users to override.
RECOMMENDED: Allow users to override. RECOMMENDED: Allow users to override.
chrome.users.WebAudioOutputBufferingEnabled: Adaptive buffering for Web Audio.
webAudioOutputBufferingEnabled: TYPE_BOOL
true: Enable web audio adaptive buffering.
false: Disable web audio adaptive buffering.
chrome.users.WebAuthnFactors: WebAuthn. chrome.users.WebAuthnFactors: WebAuthn.
webAuthnFactors: TYPE_LIST webAuthnFactors: TYPE_LIST
{'value': 'PIN', 'description': 'PIN.'} {'value': 'PIN', 'description': 'PIN.'}

View File

@@ -10,6 +10,76 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
### 7.09.03
Updated `gam <UserTypeEntity> create focustime|outofoffice ... timerange <Time> <Time>` to check
that the first `<Time>` is less than the second `Time`; previously the event was not created.
For new installs the `enforce_expansive_access` Boolean variable in `gam.cfg` now defaults to True.
For existing installations, if `enforce_expansive_access` has not been added to `gam.cfg`,
a default value of True will be used.
### 7.09.02
Added command `gam info chromeschema std <SchemaName>` to display a Chrome policy schema in the same format as Legacy GAM.
Improved output of `gam show chromeschemas [std]` and `gam info chromeschema [std]` to more accurately display the schemas.
### 7.09.01
Fixed bug in `gam <UserTypeEntity> print diskusage` where the `ownedByMe` column was
blank for the top folder.
Fixed bug in `gam update chromepolicy` where the following error was generated
when updating policies with simple numerical values.
```
ERROR: Missing argument: Expected <value>"
```
### 7.09.00
Removed the overly broad service account `IAM and Access Management API` scope `https://www.googleapis.com/auth/cloud-platform`
from DWD. The `gam <UserTypeEntity> check|Update serviceaccount` commands issue an error message if this scope
is enabled prompting you to update your service account authorization so that the scope can be removed.
GAM commands that need IAM access now use the more limited scope `https://www.googleapis.com/auth/iam` in a non-DWD manner.
Added `enforce_expansive_access` Boolean variable to `gam.cfg` that provides the default value
for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
It's default value is False.
```
gam <UserTypeEntity> delete permissions
gam <UserTypeEntity> delete drivefileacl
gam <UserTypeEntity> update drivefileacl
gam <UserTypeEntity> copy drivefile
gam <UserTypeEntity> move drivefile
gam <UserTypeEntity> transfer ownership
gam <UserTypeEntity> claim ownership
gam <UserTypeEntity> transfer drive
```
Fixed bug in `gam print shareddriveorganizers` that caused a trap when an organizer was a deleted user.
Updated to Python 3.13.4
### 7.08.02
Updated the defaults in `gam print shareddriveorganizers` to match the most common use case, not the script.
* `domainlist` - The workspace primary domain
* `includetypes` - user
* `oneorganizer` - True
* `shownoorganizerdrives` - True
* `includefileorganizers` - False
To select organizers from any domain, use: `domainlist ""`
These commands produce the same result.
```
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
```
### 7.08.01 ### 7.08.01
Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to Added option `shareddrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))` to

View File

@@ -152,7 +152,7 @@ gam update group|groups <GroupEntity> create|add [<GroupRole>]
[preview] [actioncsv] [preview] [actioncsv]
<UserItem>|<UserTypeEntity> <UserItem>|<UserTypeEntity>
``` ```
To add a group as a memmber of another group, just specify its email address. To add a group as a member of another group, just specify its email address.
``` ```
gam update group group1@domain.com add member group2@domain.com gam update group group1@domain.com add member group2@domain.com
``` ```
@@ -208,7 +208,7 @@ gam update group|groups <GroupEntity> delete|remove [<GroupRole>]
``` ```
`<GroupRole>` is ignored, deletions take place regardless of role. `<GroupRole>` is ignored, deletions take place regardless of role.
To remove a group as a memmber of another group, just specify its email address. To remove a group as a member of another group, just specify its email address.
``` ```
gam update group group1@domain.com remove group2@domain.com gam update group group1@domain.com remove group2@domain.com
``` ```

View File

@@ -251,9 +251,9 @@ writes the credentials into the file oauth2.txt.
admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
admin@server:/Users/admin$ gam version admin@server:/Users/admin$ gam version
WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.09.03 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.3 64-bit final Python 3.13.4 64-bit final
MacOS Sequoia 15.5 x86_64 MacOS Sequoia 15.5 x86_64
Path: /Users/admin/bin/gam7 Path: /Users/admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -989,9 +989,9 @@ writes the credentials into the file oauth2.txt.
C:\>del C:\GAMConfig\oauth2.txt C:\>del C:\GAMConfig\oauth2.txt
C:\>gam version C:\>gam version
WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
GAM 7.08.01 - https://github.com/GAM-team/GAM - pythonsource GAM 7.09.03 - https://github.com/GAM-team/GAM - pythonsource
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.3 64-bit final Python 3.13.4 64-bit final
Windows-10-10.0.17134 AMD64 Windows-10-10.0.17134 AMD64
Path: C:\GAM7 Path: C:\GAM7
Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com

View File

@@ -435,22 +435,26 @@ Options `shareddriveadminquery|query` and `orgunit|org|ou` require `adminaccess|
By default, organizers for all Shared Drives are displayed; use the following options to select a subset of Shared Drives: By default, organizers for all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives * `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
* `shareddrives|teamdrives <SharedDriveIDList>` - Select the Shared Drive IDs specified in `<SharedDriveIDList>`
* `shareddrives|teamdrives select <FileSelector>|<CSVFileSelector>` - Select the Shared Drive IDs specified in `<FileSelector>|<CSVFileSelector>`
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected * `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern. * `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
For multiple organizers: For multiple organizers:
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`. * `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
The command defaults match the script defaults: The command defaults do not match the script defaults, they are set for the most common use case:
* `domainlist` - All domains * `domainlist` - The workspace primary domain
* `includetypes` - user,group * `includetypes` - user
* `oneorganizer` - False * `oneorganizer` - True
* `shownoorganizerdrives` - True * `shownoorganizerdrives` - True
* `includefileorganizers` - False * `includefileorganizers` - False
To select organizers from any domain, use: `domainlist ""`
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives: For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
``` ```
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
``` ```
## Display all Shared Drives with no members ## Display all Shared Drives with no members

View File

@@ -413,22 +413,26 @@ Options `shareddriveadminquery|query` and `orgunit|org|ou` require `adminaccess|
By default, organizers for all Shared Drives are displayed; use the following options to select a subset of Shared Drives: By default, organizers for all Shared Drives are displayed; use the following options to select a subset of Shared Drives:
* `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives * `teamdriveadminquery|query <QueryTeamDrive>` - Use a query to select Shared Drives
* `shareddrives|teamdrives <SharedDriveIDList>` - Select the Shared Drive IDs specified in `<SharedDriveIDList>`
* `shareddrives|teamdrives select <FileSelector>|<CSVFileSelector>` - Select the Shared Drive IDs specified in `<FileSelector>|<CSVFileSelector>`
* `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected * `orgunit|org|ou <OrgUnitPath>` - Only Shared Drives in the specified Org Unit are selected
* `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern. * `matchname <REMatchPattern>` - Retrieve Shared Drives with names that match a pattern.
For multiple organizers: For multiple organizers:
* `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`. * `delimiter <Character>` - Separate `organizers` entries with `<Character>`; the default value is `csv_output_field_delimiter` from `gam.cfg`.
The command defaults match the script defaults: The command defaults do not match the script defaults, they are set for the most common use case:
* `domainlist` - All domains * `domainlist` - The workspace primary domain
* `includetypes` - user,group * `includetypes` - user
* `oneorganizer` - False * `oneorganizer` - True
* `shownoorganizerdrives` - True * `shownoorganizerdrives` - True
* `includefileorganizers` - False * `includefileorganizers` - False
To select organizers from any domain, use: `domainlist ""`
For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives: For example, to get a single user organizer from your domain for all Shared Drives including no organizer drives:
``` ```
gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers domainlist mydomain.com includetypes user oneorganizer shownoorganizerdrives gam redirect csv ./TeamDriveOrganizers.csv print shareddriveorganizers
``` ```
## Manage Shared Drive access ## Manage Shared Drive access

View File

@@ -3,9 +3,9 @@
Print the current version of Gam with details Print the current version of Gam with details
``` ```
gam version gam version
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.09.03 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.3 64-bit final Python 3.13.4 64-bit final
MacOS Sequoia 15.5 x86_64 MacOS Sequoia 15.5 x86_64
Path: /Users/Admin/bin/gam7 Path: /Users/Admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -15,9 +15,9 @@ Time: 2023-06-02T21:10:00-07:00
Print the current version of Gam with details and time offset information Print the current version of Gam with details and time offset information
``` ```
gam version timeoffset gam version timeoffset
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.09.03 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.3 64-bit final Python 3.13.4 64-bit final
MacOS Sequoia 15.5 x86_64 MacOS Sequoia 15.5 x86_64
Path: /Users/Admin/bin/gam7 Path: /Users/Admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -27,9 +27,9 @@ Your system time differs from www.googleapis.com by less than 1 second
Print the current version of Gam with extended details and SSL information Print the current version of Gam with extended details and SSL information
``` ```
gam version extended gam version extended
GAM 7.08.01 - https://github.com/GAM-team/GAM - pyinstaller GAM 7.09.03 - https://github.com/GAM-team/GAM - pyinstaller
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.3 64-bit final Python 3.13.4 64-bit final
MacOS Sequoia 15.5 x86_64 MacOS Sequoia 15.5 x86_64
Path: /Users/Admin/bin/gam7 Path: /Users/Admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
@@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
Path: /Users/Admin/bin/gam7 Path: /Users/Admin/bin/gam7
Version Check: Version Check:
Current: 5.35.08 Current: 5.35.08
Latest: 7.08.01 Latest: 7.09.03
echo $? echo $?
1 1
``` ```
@@ -72,7 +72,7 @@ echo $?
Print the current version number without details Print the current version number without details
``` ```
gam version simple gam version simple
7.08.01 7.09.03
``` ```
In Linux/MacOS you can do: In Linux/MacOS you can do:
``` ```
@@ -82,9 +82,9 @@ echo $VER
Print the current version of Gam and address of this Wiki Print the current version of Gam and address of this Wiki
``` ```
gam help gam help
GAM 7.08.01 - https://github.com/GAM-team/GAM GAM 7.09.03 - https://github.com/GAM-team/GAM
GAM Team <google-apps-manager@googlegroups.com> GAM Team <google-apps-manager@googlegroups.com>
Python 3.13.3 64-bit final Python 3.13.4 64-bit final
MacOS Sequoia 15.5 x86_64 MacOS Sequoia 15.5 x86_64
Path: /Users/Admin/bin/gam7 Path: /Users/Admin/bin/gam7
Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com

View File

@@ -328,6 +328,16 @@ enable_dasa
admin_email, customer_id and domain must be set when enable_dasa is True, admin_email, customer_id and domain must be set when enable_dasa is True,
customer_id may not be set to my_customer customer_id may not be set to my_customer
Signal file: OldGamPath/enabledasa.txt Signal file: OldGamPath/enabledasa.txt
enforce_expansive_access
The default value for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
gam <UserTypeEntity> delete permissions
gam <UserTypeEntity> delete drivefileacl
gam <UserTypeEntity> update drivefileacl
gam <UserTypeEntity> copy drivefile
gam <UserTypeEntity> move drivefile
gam <UserTypeEntity> transfer ownership
gam <UserTypeEntity> claim ownership
Default: False
event_max_results event_max_results
When retrieving lists of Calendar events from API, When retrieving lists of Calendar events from API,
how many should be retrieved in each API call how many should be retrieved in each API call