Added option batchsize <Integer> to calendar delete|purge events

Re-enable screenshot functionality and pauses for ARM64 execution flow.

.github/ISSUE_TEMPLATE/za-bug-report.md

@@ -11,7 +11,7 @@ The issue tracker is for reporting product deficiencies. "How do I?" questions s
 
 Please confirm the following:
 * I have upgraded to the latest GAM release from https://github.com/GAM-team/GAM/releases and I still have this issue.
-* I am typing the command as described in the GAM Wiki at https://github.com/jay0lee/gam/wiki
+* I am typing the command as described in the GAM Wiki at https://github.com/GAM-team/GAM/wiki.
 
 Full steps to reproduce the issue:
 1.

.github/workflows/build.yml

@@ -153,7 +153,7 @@ jobs:
         with:
           path: |
             cache.tar.xz
-          key: gam-${{ matrix.jid }}-20251031
+          key: gam-${{ matrix.jid }}-20251218
 
       - name: Untar Cache archive
         if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
@@ -669,8 +669,10 @@ jobs:
         if: runner.os == 'Windows'
         shell: pwsh
         run: |
-          $url = "https://files.certum.eu/software/SimplySignDesktop/Windows/9.3.2.67/SimplySignDesktop-9.3.2.67-64-bit-en.msi"
-          $file = "SimplySignDesktop-9.3.2.67-64-bit-en.msi"
+          #$url = "https://files.certum.eu/software/SimplySignDesktop/Windows/9.3.2.67/SimplySignDesktop-9.3.2.67-64-bit-en.msi"
+          #$file = "SimplySignDesktop-9.3.2.67-64-bit-en.msi"
+          $url = "https://files.certum.eu/software/SimplySignDesktop/Windows/9.3.4.72/SimplySignDesktop-9.3.4.72-64-bit-en.msi"
+          $file = "SimplySignDesktop-9.3.4.72-64-bit-en.msi"
           Invoke-WebRequest $url -OutFile $file
           $log = "install.log" 
           $procMain = Start-Process "msiexec" "/i `"$file`" /qn /l*! `"$log`"" -NoNewWindow -PassThru
@@ -791,7 +793,8 @@ jobs:
 
       - name: Archive production artifacts
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
-        if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && matrix.goal != 'test'
+        #if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && matrix.goal != 'test'
+        if: always()
         with:
           name: gam-binaries-${{ env.GAMOS }}-${{ env.arch }}-${{ matrix.jid }}
           path: |

src/GamCommands.txt

@@ -512,6 +512,8 @@ If an item contains spaces, it should be surrounded by ".
 <MatterItem> ::= <UniqueID>|<String>
 <MatterState> ::= open|closed|deleted
 <MeetConferenceName> ::= conferenceRecords/<String>
+<MeetID> ::= <String>
+       Must match this Python Regular Expression: [a-z]{3}-[a-z]{4}-[a-z]{3}
 <MeetSpaceName> ::= spaces/<String> | <String>
 <MessageContent> ::=
         (message|textmessage|htmlmessage <String>)|
@@ -527,6 +529,7 @@ If an item contains spaces, it should be surrounded by ".
         (gdoc|ghtml <UserGoogleDoc>)|
         (gcsdoc|gcshtml <StorageBucketObjectName>)
 <NumberOfSeats> ::= <Number>
+<NumberRange> ::= <Number>|(<Number>/<Number>)
 <OrgUnitID> ::= id:<String>
 <OrgUnitPath> ::= /|(/<String>)+
 <OrgUnitItem> ::= <OrgUnitID>|<OrgUnitPath>
@@ -764,6 +767,7 @@ If an item contains spaces, it should be surrounded by ".
 <MimeTypeNameList> ::= "<MimeTypeName>(,<MimeTypeName>)*"
 <NamespaceList> ::= "<Namespace>(,<Namespace>)*"
 <NotesNameList> ::= "<NotesName>(,<NotesName>)*"
+<NumberRangeList> ::= "<NumberRange>(,<NumberRange>)*"
 <OrgUnitList> ::= "<OrgUnitItem>(,<OrgUnitItem>)*"
 <OtherContactsResourceNameList> ::= "<OtherContactsResourceName>(,<OtherContactsResourceName>)*"
 <PeopleResourceNameList> ::= "<PeopleResourceName>(,<PeopleResourceName>)*"
@@ -1286,11 +1290,12 @@ Specify a collection of items by directly specifying them; the item type is dete
 
 ## Select a section from gam.cfg and process a GAM command using values from that section
 <Select> ::=
-        select <Section> [save] [verify]
+        select <Section> [save] [verify [variables <RESearchPattern>]]
 save
     Set section = <Section> in the [DEFAULT] section and write configuration data to gam.cfg
 verify
     Print the variable values for the selected section
+    Use `variables <RESearchPattern>` to display variables with names selected by `<RESearchPattern>`
     Values are determined in this order: Selected section, DEFAULT section, Program default
 
 ## Display all of the sections in gam.cfg and mark the currently selected section with a *.
@@ -1314,7 +1319,7 @@ csv_input_row_drop_filter, csv_input_row_drop_filter_mode and csv_input_row_limi
 ## Set variables in gam.cfg.
 
 <Config> ::=
-        config (<VariableName> [=] <Value>)* [save] [verify]
+        config (<VariableName> [=] <Value>)* [save] [verify [variables <RESearchPattern>]]
 <VariableName> [=] <Value>
     Set <VariableName> = <Value> in the current section
     All <VariableNames> except section are allowed.
@@ -1323,6 +1328,7 @@ save
     Write configuration data to gam.cfg
 verify
     Print the variable values for the current section
+    Use `variables <RESearchPattern>` to display variables with names selected by `<RESearchPattern>`.
     Values are determined in this order: Current section, DEFAULT section, Program default
 
 ## Terminate processing of a CSV or batch file when one of the subprocesses returns a matching return code.
@@ -1737,13 +1743,16 @@ gam calendar <CalendarEntity> printacl [todrive <ToDriveAttribute>*]
 <AttendeeStatus> ::= accepted|declined|needsaction|tentative
 
 <EventAttribute> ::=
+        (allday <Date>)|
         (anyonecanaddself [<Boolean>])|
         (attachment <String> <URL>)|
         (attendee <EmailAddress>)|
         (attendeestatus [<AttendeeAttendance>] [<AttendeeStatus>] <EmailAddress>)|
         available|
+        (birthday <Date>)|
         (color <EventColorName>)|
         (colorindex|colorid <EventColorIndex>)|
+        (conferencedata meet <MeetID>)|
         (description <String>)|
         (end|endtime (allday <Date>)|<Time>)|
         (guestscaninviteothers <Boolean>)|
@@ -1751,7 +1760,7 @@ gam calendar <CalendarEntity> printacl [todrive <ToDriveAttribute>*]
         (guestscanmodify <Boolean>)|
         (guestscanseeotherguests <Boolean>)|
         guestscantseeotherguests|
-        hangoutsmeet|
+        googlemeet|hangoutsmeet|
         <JSONData>|
         (jsonattendees [charset <Charset>] <String>)|
         (jsonattendees file <FileName> [charset <Charset>])|
@@ -1762,7 +1771,7 @@ gam calendar <CalendarEntity> printacl [todrive <ToDriveAttribute>*]
         (privateproperty <PropertyKey> <PropertyValue>)|
         (range <Date> <Date>)|
         (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)|
-        (reminder <Number> email|popup))|
+        (reminder <Number> email|popup)|
         (resource <ResourceID>)|
         (selectattendees [<AttendeeAttendance>] [<AttendeeStatus>] <UserTypeEntity>)|
         (sequence <Integer>)|
@@ -1792,7 +1801,7 @@ The following attributes are equivalent:
         <EventAttribute>|
         clearattachments|
         clearattendees|
-        clearhangoutsmeet|
+        cleargooglemeet|clearhangoutsmeet|
         (clearprivateproperty <PropertyKey>)|
         clearresources|
         (clearsharedproperty <PropertyKey>)|
@@ -1818,8 +1827,10 @@ gam calendar|calendars <CalendarEntity> import event icaluid <iCalUID> <EventImp
 gam calendar|calendars <CalendarEntity> update events [<EventEntity>] [replacemode] <EventUpdateAttribute>+ [<EventNotificationAttribute>]
         [showdayofweek]
         [csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]]]
-gam calendar|calendars <CalendarEntity> delete events [<EventEntity>] [doit] [<EventNotificationAttribute>]
-gam calendar|calendars <CalendarEntity> purge events [<EventEntity>] [doit] [<EventNotificationAttribute>]
+gam calendar|calendars <CalendarEntity> delete events [<EventEntity>]
+#       [batchsize <Integer>] [doit] [<EventNotificationAttribute>]
+gam calendar|calendars <CalendarEntity> purge events [<EventEntity>]
+#       [batchsize <Integer>] [doit] [<EventNotificationAttribute>]
 gam calendar|calendars <CalendarEntity> wipe events
 gam calendar|calendars <CalendarEntity> move events [<EventEntity>] destination|to <CalendarItem> [<EventNotificationAttribute>]
 gam calendar|calendars <CalendarEntity> empty calendartrash
@@ -1911,7 +1922,7 @@ gam calendar|calendars <CalendarEntity> empty calendartrash
         <EventOrganizerSubfieldName>|
         originalstart|originalstarttime|
         outofofficeproperties|
-        <EventOutOfOfficePropertiesSubfieldName>
+        <EventOutOfOfficePropertiesSubfieldName>|
         privatecopy|
         recurrence|
         recurringeventid|
@@ -1962,6 +1973,7 @@ gam calendar <CalendarEntity> printevents <EventSelectProperty>* <EventDisplayPr
         [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
 
 <CalendarSettingsField> ::=
+        autoacceptinvitations|
         conferenceproperties|
         description|
         id|
@@ -1971,6 +1983,7 @@ gam calendar <CalendarEntity> printevents <EventSelectProperty>* <EventDisplayPr
 <CalendarSettingsFieldList> ::= "<CalendarSettingsField>(,<CalendarSettingsField>)*"
 
 <CalendarSettings> ::=
+        (autoacceptinvitations [<Boolean>])|
         (description <String>)|
         (location <String>)|
         (summary <String>)|
@@ -1987,10 +2000,10 @@ gam calendar|calendars <CalendarEntity> modify <CalendarSettings>+
 # Chat Bot
 
 <ChatContent> ::=
-        ((text <String>)|
-         (textfile <FileName> [charset <Charset>])|
-         (gdoc <UserGoogleDoc>)|
-         (gcsdoc <StorageBucketObjectName>))
+        (text <String>)|
+        (textfile <FileName> [charset <Charset>])|
+        (gdoc <UserGoogleDoc>)|
+        (gcsdoc <StorageBucketObjectName>)
 
 <ChatMember> ::= spaces/<String>/members/<String>
 <ChatMessage> ::= spaces/<String>/messages/<String>
@@ -2572,7 +2585,7 @@ gam print cros [todrive <ToDriveAttribute>*]
         [start <Date>] [end <Date>] [listlimit <Number>]
         [reverselists <CrOSListFieldNameList>]
         [timerangeorder ascending|descending] [showdvrsfp]
-        (addcsvdata <FieldName> <String>)*
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [sortheaders]
         [formatjson [quotechar <Character>]]
         [showitemcountonly]
@@ -2586,6 +2599,7 @@ gam print cros [todrive <ToDriveAttribute>*] select <CrOSTypeEntity>
         [start <Date>] [end <Date>] [listlimit <Number>]
         [reverselists <CrOSListFieldNameList>]
         [timerangeorder ascending|descending] [showdvrsfp]
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [sortheaders]
         [formatjson [quotechar <Character>]]
         [showitemcountonly]
@@ -2597,7 +2611,7 @@ gam <CrOSTypeEntity> print cros [todrive <ToDriveAttribute>*]
         [start <Date>] [end <Date>] [listlimit <Number>]
         [reverselists <CrOSListFieldNameList>]
         [timerangeorder ascending|descending] [showdvrsfp]
-        (addcsvdata <FieldName> <String>)*
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [sortheaders]
         [formatjson [quotechar <Character>]]
         [showitemcountonly]
@@ -3201,10 +3215,10 @@ gam course <CourseID> create|add alias <CourseAlias>
 gam course <CourseID> delete alias <CourseAlias>
 
 <CourseAnnouncementContent> ::=
-        ((text <String>)|
-         (textfile <FileName> [charset <Charset>])|
-         (gdoc <UserGoogleDoc>)|
-         (gcsdoc <StorageBucketObjectName>))
+        (text <String>)|
+        (textfile <FileName> [charset <Charset>])|
+        (gdoc <UserGoogleDoc>)|
+        (gcsdoc <StorageBucketObjectName>)
 
 gam course <CourseID> create announcement
         <CourseAnnouncementContent> [scheduledtime <Time>] [state draft|published]
@@ -3268,6 +3282,11 @@ gam print course-participants [todrive <ToDriveAttribute>*]
         [formatjson [quotechar <Character>]]
         [showitemcountonly]
 
+gam print course-counts students|teachers [todrive <ToDriveAttribute>*]
+        (course|class <CourseEntity>)*|([teacher <UserItem>] [student <UserItem>] [states <CourseStateList>])
+        [mincount <Integer>]
+        [formatjson [quotechar <Character>]]
+
 <CourseAnnouncementFieldName> ::=
         alternatelink|
         assigneemode|
@@ -3570,6 +3589,12 @@ gam show domainaliases|aliasdomains
 
 # Domain - Contacts and Global Address List
 
+<ContactNoteContent> ::=
+        <String>|
+        (file|textfile <FileName> [charset <Charset>])|
+        (gdoc <UserGoogleDoc>)
+        (gcsdoc <StorageBucketObjectName>)
+         
 <ContactAttribute> ::=
         (additionalname|middlename <String>)|
         (address clear|(work|home|other|<String> ((formatted|unstructured <String>)|(streetaddress <String>)|(pobox <String>)|
@@ -3595,7 +3620,7 @@ gam show domainaliases|aliasdomains
         (mileage <String>)|
         (name <String>)|
         (nickname <String>)|
-        (note <NoteContent>)|
+        (note <ContactNoteContent>)|
         (occupation <String>)|
         (organization clear|(work|other|<String> <String> ((location <String>)|(department <String>)|(title <String>)|(jobdescription <String>)|(symbol <String>))* notprimary|primary))|
         (phone clear|(work|home|other|fax|work_fax|home_fax|other_fax|main|company_main|assistant|mobile|work_mobile|pager|work_pager|car|radio|callback|isdn|telex|tty_tdd|<String> <String> notprimary|primary))|
@@ -3988,6 +4013,7 @@ gam print groups [todrive <ToDriveAttribute>*]
         [types <GroupMemberTypeList>]
         [memberemaildisplaypattern|memberemailskippattern <REMatchPattern>]
         [convertcrnl] [delimiter <Character>] [sortheaders]
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [formatjson [quotechar <Character>]]
         [showitemcountonly]
 
@@ -4029,6 +4055,7 @@ gam print group-members [todrive <ToDriveAttribute>*]
         [(recursive [noduplicates])|includederivedmembership] [nogroupemail]
         [peoplelookup|(peoplelookupuser <EmailAddress>)]
         [unknownname <String>] [cachememberinfo [Boolean]]
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [formatjson [quotechar <Character>]]
 `gam show group-members
         [([domain|domains <DomainNameEntity>] ([member|showownedby <EmailItem>]|[(query <QueryGroup>)|(queries <QueryGroupList>)]))|
@@ -4122,6 +4149,7 @@ gam print cigroups [todrive <ToDriveAttribute>*]
         [types <CIGroupMemberTypeList>]
         [memberemaildisplaypattern|memberemailskippattern <REMatchPattern>]
         [convertcrnl] [delimiter <Character>]
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [formatjson [quotechar <Character>]]
         [showitemcountonly]
 
@@ -4150,6 +4178,7 @@ gam print cigroup-members [todrive <ToDriveAttribute>*]
         <CIGroupMembersFieldName>* [fields <CIGroupMembersFieldNameList>]
         [minimal|basic|full]
         [(recursive [noduplicates]) | includederivedmembership] [nogroupemail]
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [formatjson [quotechar <Character>]]
 gam show cigroup-members
         [(cimember|ciowner <UserItem>)|(cigroup <GroupItem>)|(select <GroupEntity>)]
@@ -4285,7 +4314,7 @@ gam update deviceuserstate <DeviceUserEntity> [clientid <String>]
         [customid <String>] [assettags clear|<AssetTagList>]
         [compliantstate|compliancestate compliant|noncompliant] [managedstate clear|managed|unmanaged]
         [healthscore very_poor|poor|neutral|good|very_good] [scorereason clear|<String>]
-        (customvalue (bool|boolean <Boolean>)|(number <Integer>)|(string <String>))*
+        (customvalue clear|(bool|boolean <String> <Boolean>)|(number <String> <Integer>)|(string <String> <String>))*
 
 # Cloud Identity Policies
 
@@ -4446,22 +4475,21 @@ gam print mobile [todrive <ToDriveAttribute>*]
 <OrgUnitFieldName> ::=
         description|
         id|orgunitid|
-        inherit|blockinheritance|
         name|
         parentid|parentorgunitid|
         parent|parentorgunitpath|
         path|orgunitpath
 <OrgUnitFieldNameList> ::= "<OrgUnitFieldName>(,<OrgUnitFieldName>)*"
 
-gam create|add org|ou <OrgUnitPath> [description <String>] [parent <OrgUnitItem>] [inherit|(blockinheritance False)] [buildpath]
-gam update org|ou <OrgUnitItem> [name <String>] [description <String>] [parent <OrgUnitItem>] [inherit|(blockinheritance False)]
+gam create|add org|ou <OrgUnitPath> [description <String>] [parent <OrgUnitItem>] [buildpath]
+gam update org|ou <OrgUnitItem> [name <String>] [description <String>] [parent <OrgUnitItem>]
 gam update org|ou <OrgUnitItem> add|move <CrOSTypeEntity> [quickcrosmove [<Boolean>]]
 gam update org|ou <OrgUnitItem> add|move <UserTypeEntity>
 gam update org|ou <OrgUnitItem> sync <CrOSTypeEntity> [removetoou <OrgUnitItem>] [quickcrosmove [<Boolean>]]
 gam update org|ou <OrgUnitItem> sync <UserTypeEntity> [removetoou <OrgUnitItem>]
 gam delete org|ou <OrgUnitItem>
 
-gam update orgs|ous <OrgUnitEntity> [name <String>] [description <String>] [parent <OrgUnitItem>] [inherit|(blockinheritance False)]
+gam update orgs|ous <OrgUnitEntity> [name <String>] [description <String>] [parent <OrgUnitItem>]
 gam update orgs|ous <OrgUnitEntity> add|move <CrOSTypeEntity> [quickcrosmove [<Boolean>]]
 gam update orgs|ous <OrgUnitEntity> add|move <UserTypeEntity>
 gam update orgs|ous <OrgUnitEntity> sync <CrOSTypeEntity> [removetoou <OrgUnitItem>] [quickcrosmove [<Boolean>]]
@@ -4570,39 +4598,54 @@ gam report usage customer [todrive <ToDriveAttribute>*]
         [convertmbtogb]
 
 <ActivityApplicationName> ::=
+        accessevaluation|
         accesstransparency|access|
         admin|
+        admindataaction|
+        assignments|
         calendar|calendars|
         chat|
         chrome|
         classroom|
+        cloudsearch|
+        contacts|
         contextawareaccess|
+        datamigration|
         datastudio|
+        directorysync|
         drive|doc|docs|
         gcp|cloud|
         geminiinworkspaceapps|gemini|geminiforworkspace|
         gmail|
         gplus|currents|google+|
+        graduation|
         groups|group|
         groupsenterprise|enterprisegroups|
         jamboard|
         keep|
+        ldap|
         login|logins|
         meet|hangoutsmeet|
+        meethardware|
         mobile|devices|
+        profile|
         rules|
         saml|
+        takeout|
+        tasks|
         token|tokens|oauthtoken|
         useraccounts|
         vault
 
 gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
         [(user all|<UserItem>)|(orgunit|org|ou <OrgUnitPath> [showorgunit])|(select <UserTypeEntity>)]
+        [userisactor]
         [([start <Time>] [end <Time>])|(range <Time> <Time>)|
          yesterday|today|thismonth|(previousmonths <Integer>)]
         [filter <String> (filtertime<String> <Time>)*]
         [event|events <EventNameList>] [ip <String>]
-        [groupidfilter <String>]
+        [gmaileventtypes <NumberRangeList>]
+        [groupidfilter <String>] [resourcedetailsfilter <String>]
         [maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
         [countsonly [bydate|summary] [eventrowfilter]]
         (addcsvdata <FieldName> <String>)* [shownoactivities]
@@ -4724,6 +4767,7 @@ gam print resoldsubscriptions [todrive <ToDriveAttribute>*]
         (zipcode|postalcode <String>)
 
 <ResourceAttribute> ::=
+        (autoacceptinvitations [<Boolean>])|
         (addfeatures <FeatureNameList>)|
         (buildingid <BuildingID>)|
         (capacity <Number>)|
@@ -4739,6 +4783,7 @@ gam print resoldsubscriptions [todrive <ToDriveAttribute>*]
 
 <ResourceFieldName> ::=
         acls|
+        autoacceptinvitations|
         buildingid|
         calendar|
         capacity|
@@ -5181,11 +5226,13 @@ gam copy shareddriveacls <SharedDriveEntity> to <SharedDriveEntity>
         [adminaccess|asadmin]
         [showpermissionsmessages [<Boolean>]]
         [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
+        (mappermissionsemail <EmailAddress> <EmailAddress>)* [mappermissionsemailfile <CSVFileInput> endcsv]
         (mappermissionsdomain <DomainName> <DomainName>)*
 gam sync shareddriveacls <SharedDriveEntity> with <SharedDriveEntity>
         [adminaccess|asadmin]
         [showpermissionsmessages [<Boolean>]]
         [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
+        (mappermissionsemail <EmailAddress> <EmailAddress>)* [mappermissionsemailfile <CSVFileInput> endcsv]
         (mappermissionsdomain <DomainName> <DomainName>)*
 
 gam print shareddriveacls [todrive <ToDriveAttribute>*]
@@ -5210,11 +5257,13 @@ gam <UserTypeEntity> copy shareddriveacls <SharedDriveEntity> to <SharedDriveEnt
         [adminaccess|asadmin]
         [showpermissionsmessages [<Boolean>]]
         [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
+        (mappermissionsemail <EmailAddress> <EmailAddress>)* [mappermissionsemailfile <CSVFileInput> endcsv]
         (mappermissionsdomain <DomainName> <DomainName>)*
 gam <UserTypeEntity> sync shareddriveacls <SharedDriveEntity> with <SharedDriveEntity>
         [adminaccess|asadmin]
         [showpermissionsmessages [<Boolean>]]
         [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
+        (mappermissionsemail <EmailAddress> <EmailAddress>)* [mappermissionsemailfile <CSVFileInput> endcsv]
         (mappermissionsdomain <DomainName> <DomainName>)*
 
 gam <UserTypeEntity> print shareddriveacls [todrive <ToDriveAttribute>*]
@@ -5404,7 +5453,7 @@ gam print vaultcounts [todrive <ToDriveAttributes>*]
         [wait <Integer>]
 gam print vaultcounts [todrive <ToDriveAttributes>*]
         matter <MatterItem>
-	corpus mail|groups
+        corpus mail|groups
         [scope [all_data|held_data|unprocessed_data]]
         [(accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone]
         [terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>] [timezone <TimeZone>]
@@ -5566,7 +5615,7 @@ gam create vaultquery <MatterItem> [name <String>]
         [locationquery <StringList>] [peoplequery <StringList>] [minuswords <StringList>]
         [responsestatuses <AttendeeStatus>(,<AttendeeStatus>)*] [calendarversiondate <Date>|<Time>]
         (covereddata calllogs|textmessages|voicemails)*
-	[<JSONData>]
+        [<JSONData>]
         [shownames]
         [showdetails|returnidonly|formatjson]
 
@@ -5660,6 +5709,11 @@ gam download storagefile <StorageBucketObjectName>
 <UserOrderByFieldName> ::=
         familyname|lastname|givenname|firstname|email
 
+<UserNoteContent> ::=
+        <String>|
+        (file|textfile|htmlfile <FileName> [charset <Charset>])|
+        (gdoc|ghtml <UserGoogleDoc>)
+         
 <UserBasicAttribute> ::=
         (archive|archived <Boolean>)|
         (changepassword|changepasswordatnextlogin <Boolean>)|
@@ -5673,9 +5727,7 @@ gam download storagefile <StorageBucketObjectName>
         (ipwhitelisted <Boolean>)|
         (language clear|<LanguageList>)|
         (lastname|familyname <String>)|
-        (note clear|([text_html|text_plain] <String>|
-                                            (file|htmlfile <FileName> [charset <Charset>])|
-                                            (gdoc|ghtml <UserGoogleDoc>)))|
+        (note clear|([text_html|text_plain] <UserNoteContent))|
         (ou|org|orgunitpath <OrgUnitPath>|<OrgUnitID>)
         (password (random [<Integer>])|(uniquerandom [<Integer>])|
                    blocklogin|
@@ -5898,7 +5950,7 @@ gam print users [todrive <ToDriveAttribute>*]
         [delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
         [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
         [issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
-        [showvalidcolumn] (addcsvdata <FieldName> <String>)*
+        [showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [showitemcountonly]
 
 Print fields for specified users.
@@ -5915,7 +5967,7 @@ gam print users [todrive <ToDriveAttribute>*] select <UserTypeEntity>
         [delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
         [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
         [issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
-        [showvalidcolumn] (addcsvdata <FieldName> <String>)*
+        [showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [showitemcountonly]
 
 gam <UserTypeEntity> print users [todrive <ToDriveAttribute>*]
@@ -5930,7 +5982,7 @@ gam <UserTypeEntity> print users [todrive <ToDriveAttribute>*]
         [delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
         [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
         [issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
-        [showvalidcolumn] (addcsvdata <FieldName> <String>)*
+        [showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [showitemcountonly]
 
 The first column will always be primaryEmail; the remaining field names will be sorted if allfields, basic, full or sortheaders is specified;
@@ -6046,6 +6098,7 @@ gam <UserTypeEntity> print backupcodes|verificationcodes [todrive <ToDriveAttrib
         (summary <String>)
 
 <CalendarSettings> ::=
+        (autoacceptinvitations [<Boolean>])|
         (description <String>)|
         (location <String>)|
         (summary <String>)|
@@ -6088,7 +6141,7 @@ gam <UserTypeEntity> show calendars
         [formatjson]
 gam <UserTypeEntity> print calendars [todrive <ToDriveAttribute>*]
         [primary] <CalendarSelectProperty>* [noprimary] [nogroups] [noresources] [nosystem] [nousers]
-        [fields <CalendarListFieldList>] [permissions]
+        [fields <CalendarListFieldList>] [permissions] [oneitemperrow]
         [formatjson] [delimiter <Character>] [quotechar <Character>]
 
 Display a users calendar settings
@@ -6206,6 +6259,7 @@ gam <UserTypeEntity> transfer calendars|seccals <UserItem> [<UserCalendarEntity>
         (birthday <Date>)|
         (color <EventColorName>)|
         (colorindex|colorid <EventColorIndex>)|
+        (conferencedata meet <MeetID>)|
         (description <String>)|
         (end|endtime (allday <Date>)|<Time>)|
         (guestscaninviteothers <Boolean>)|
@@ -6213,7 +6267,7 @@ gam <UserTypeEntity> transfer calendars|seccals <UserItem> [<UserCalendarEntity>
         (guestscanmodify <Boolean>)|
         (guestscanseeotherguests <Boolean>)|
         guestscantseeotherguests|
-        hangoutsmeet|
+        googlemeet|hangoutsmeet|
         <JSONData>|
         (jsonattendees [charset <Charset>] <String>)|
         (jsonattendees file <FileName> [charset <Charset>])|
@@ -6225,6 +6279,7 @@ gam <UserTypeEntity> transfer calendars|seccals <UserItem> [<UserCalendarEntity>
         (range <Date> <Date>)|
         (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)|
         (reminder <Number> email|popup)|
+        (resource <ResourceID>)|
         (selectattendees [<AttendeeAttendance>] [<AttendeeStatus>] <UserTypeEntity>)|
         (sequence <Integer>)|
         (sharedproperty <PropertyKey> <PropertyValue>)|
@@ -6253,10 +6308,12 @@ The following attributes are equivalent:
         <EventAttribute>|
         clearattachments|
         clearattendees|
-        clearhangoutsmeet|
+        cleargooglemeet|clearhangoutsmeet|
         (clearprivateproperty <PropertyKey>)|
+        clearresources|
         (clearsharedproperty <PropertyKey>)|
         (removeattendee <EmailAddress>)|
+        (removeresource <ResourceID>)|
         (replacedescription <REMatchPattern> <RESubstitution>)|
         (selectremoveattendees <UserTypeEntity>)
 
@@ -6279,8 +6336,10 @@ gam <UserTypeEntity> import event <UserCalendarEntity> icaluid <iCalUID> <EventI
 gam <UserTypeEntity> update events <UserCalendarEntity> [<EventEntity>] [replacemode] <EventUpdateAttribute>+ [<EventNotificationAttribute>]
         [showdayofweek]
         [csv [todrive <ToDriveAttribute>*] [formatjson [quotechar <Character>]]]
-gam <UserTypeEntity> delete events <UserCalendarEntity> [<EventEntity>] [doit] [<EventNotificationAttribute>]
-gam <UserTypeEntity> purge events <UserCalendarEntity> [<EventEntity>] [doit] [<EventNotificationAttribute>]
+gam <UserTypeEntity> delete events <UserCalendarEntity> [<EventEntity>]
+#       [batchsize <Integer>] [doit] [<EventNotificationAttribute>]
+gam <UserTypeEntity> purge events <UserCalendarEntity> [<EventEntity>]
+#       [batchsize <Integer>] [doit] [<EventNotificationAttribute>]
 gam <UserTypeEntity> wipe events <UserCalendarEntity>
 gam <UserTypeEntity> move events <UserCalendarEntity> [<EventEntity>] destination|to <CalendarItem> [<EventNotificationAttribute>]
 gam <UserTypeEntity> empty calendartrash <UserCalendarEntity>
@@ -6305,7 +6364,7 @@ gam <UserTypeEntity> print events <UserCalendarEntity> [<EventEntity>] <EventDis
 
 gam <UserTypeEntity> update calattendees <UserCalendarEntity> <EventEntity> [anyorganizer]
         [<EventNotificationAttribute>] [splitupdate] [dryrun|doit]
-        (csv|csvfile <CSVFileInput>)
+        (csv|csvfile <CSVFileInput> endcsv)
         (delete <EmailAddress>)*
         (deleteentity <EmailAddressEntity>)*
         (add <EmailAddress>)*
@@ -6324,14 +6383,25 @@ gam <UserTypeEntity> create focustime
         [declinemode none|all|new]
         [declinemessage <String>]
         [summary <String>]
-        (timerange <Time> <Time> [recurrence <String>])+
+        ((date yyyy-mm-dd)|
+         (range yyyy-mm-dd yyyy-mm-dd)|
+         (daily yyyy-mm-dd N)|
+         (weekly yyyy-mm-dd N)|
+         (timerange <Time> <Time> (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)*))+
+        [timezone <String>]
+        (noreminders|(reminder email|popup <Number>)+)
 
 gam <UserTypeEntity> create outofoffice
         [declinemode none|all|new]
         [declinemessage <String>]
         [summary <String>]
-        (timerange <Time> <Time> [recurrence <String>])+
+        ((date yyyy-mm-dd)|
+         (range yyyy-mm-dd yyyy-mm-dd)|
+         (daily yyyy-mm-dd N)|
+         (weekly yyyy-mm-dd N)|
+         (timerange <Time> <Time>) (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)*)+
         [timezone <String>]
+        (noreminders|(reminder email|popup <Number>)+)
 
 gam <UserTypeEntity> create workinglocation
         (home|
@@ -6342,8 +6412,9 @@ gam <UserTypeEntity> create workinglocation
          (range yyyy-mm-dd yyyy-mm-dd)|
          (daily yyyy-mm-dd N)|
          (weekly yyyy-mm-dd N)|
-         (timerange <Time> <Time>))+
+         (timerange <Time> <Time>) (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)*)+
         [timezone <String>]
+        (noreminders|(reminder email|popup <Number>)+)
 
 gam <UserTypeEntity> delete focustime|outofoffice|workinglocation
         ((date yyyy-mm-dd)|
@@ -6372,10 +6443,10 @@ gam <UserTypeEntity> print focustime|outofoffice|workinglocation
 # Users - Chat
 
 <ChatContent> ::=
-        ((text <String>)|
-         (textfile <FileName> [charset <Charset>])|
-         (gdoc <UserGoogleDoc>)|
-         (gcsdoc <StorageBucketObjectName>))
+        (text <String>)|
+        (textfile <FileName> [charset <Charset>])|
+        (gdoc <UserGoogleDoc>)|
+        (gcsdoc <StorageBucketObjectName>)
 
 <ChatMember> ::= spaces/<String>/members/<String>
 <ChatMemberList> ::= "<ChatMember>(,<ChatMember>)*"
@@ -6783,7 +6854,12 @@ gam <UserTypeEntity> copy drivefile <DriveFileEntity>
         [skipids <DriveFileEntity>]
         [copysubfiles [<Boolean>]] [filenamematchpattern <REMatchPattern>]
              [filemimetype [not] <MimeTypeList>]
-        [copysubfilesownedby any|me|others]
+        [copysubfilesownedby
+            any|me|others|
+            users <EmailAddressList>|
+            notusers <EmailAddressList>|
+            regex <REMatchPattern>|
+            notregex <REMatchPattern>]
         [copysubfolders [<Boolean>]] [foldernamematchpattern <REMatchPattern>]
         [copysubshortcuts [<Boolean>]] [shortcutnamematchpattern <REMatchPattern>]
         [duplicatefiles overwriteolder|overwriteall|duplicatename|uniquename|skip]
@@ -6804,6 +6880,7 @@ gam <UserTypeEntity> copy drivefile <DriveFileEntity>
         [copypermissionroles <DriveFileACLRoleList>]
         [copypermissiontypes <DriveFileACLTypeList>]
         [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
+        (mappermissionsemail <EmailAddress> <EmailAddress>)* [mappermissionsemailfile <CSVFileInput> endcsv]
         (mappermissionsdomain <DomainName> <DomainName>)*
         [copysheetprotectedranges [<Boolean>]]
         [copysheetprotectedrangesinheritedpermissions [<Boolean>]]
@@ -6830,8 +6907,8 @@ gam <UserTypeEntity> move drivefile <DriveFileEntity> [newfilename <DriveFileNam
         [copysubfolderinheritedpermissions [<Boolean>]]
         [copysubfoldernoniheritedpermissions never|always|syncallfolders|syncupdatedfolders]
         [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
+        (mappermissionsemail <EmailAddress> <EmailAddress>)* [mappermissionsemailfile <CSVFileInput> endcsv]
         (mappermissionsdomain <DomainName> <DomainName>)*
-        [updatefilepermissions [<Boolean>]]
         [retainsourcefolders [<Boolean>]]
         [sendemailifrequired [<Boolean>]]
         [verifyorganizer [<Boolean>]]
@@ -7470,7 +7547,7 @@ gam <UserTypeEntity> print filelist [todrive <ToDriveAttribute>*]
         [showparentsidsaslist] [showpermissionslast]
         (orderby <DriveFileOrderByFieldName> [ascending|descending])* [delimiter <Character>]
         [stripcrsfromname]
-        (addcsvdata <FieldName> <String>)*
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [formatjson [quotechar <Character>]]
 
 gam <UserTypeEntity> print diskusage <DriveFileEntity> [todrive <ToDriveAttribute>*]
@@ -7873,9 +7950,9 @@ gam <UserTypeEntity> show messages|threads
          [labelids <LabelIDList>]
          [quick|notquick] [max_to_show <Number>] [includespamtrash])|(ids <MessageIDEntity>)
         [labelmatchpattern <REMatchPattern>] [sendermatchpattern <REMatchPattern>]
-        [countsonly|positivecountsonly] [useronly]
+        [countsonly|positivecountsonly]
         [headers all|<SMTPHeaderList>] [dateheaderformat iso|rfc2822|<String>] [dateheaderconverttimezone [<Boolean>]]
-        [showlabels] [delimiter <Character>] [showbody] [showhtml] [showdate] [showsize] [showsnippet]
+        [showlabels] [useronly] [delimiter <Character>] [showbody] [showhtml] [showdate] [showsize] [showsnippet]
         [maxmessagesperthread <Number>]
         [[attachmentnamepattern <REMatchPattern>]
             [showattachments [noshowtextplain]]
@@ -7886,9 +7963,9 @@ gam <UserTypeEntity> print messages|threads [todrive <ToDriveAttribute>*]
          [labelids <LabelIDList>]
          [quick|notquick] [max_to_print <Number>] [includespamtrash])|(ids <MessageIDEntity>)
         [labelmatchpattern <REMatchPattern>] [sendermatchpattern <REMatchPattern>]
-        [countsonly|positivecountsonly] [useronly]
+        [countsonly|positivecountsonly]
         [headers all|<SMTPHeaderList>] [dateheaderformat iso|rfc2822|<String> [dateheaderconverttimezone [<Boolean>]]]
-        [showlabels] [delimiter <Character>] [showbody] [showhtml] [showdate] [showsize] [showsnippet]
+        [showlabels] [useronly] [delimiter <Character>] [showbody] [showhtml] [showdate] [showsize] [showsnippet]
         [maxmessagesperthread <Number>]
         [convertcrnl] [delimiter <Character>]
         [[attachmentnamepattern <REMatchPattern>]
@@ -8062,16 +8139,16 @@ gam <UserTypeEntity> check isinvitable [todrive <ToDriveAttribute>*]
 
 # Users - Keep Notes
 
-<NoteContent> ::=
-        ((text <String>)|
-         (textfile <FileName> [charset <Charset>])|
-         (gdoc <UserGoogleDoc>)|
-         (gcsdoc <StorageBucketObjectName>)|
-         <JSONData>)
+<KeepNoteContent> ::=
+        (text <String>)|
+        (textfile <FileName> [charset <Charset>])|
+        (gdoc <UserGoogleDoc>)|
+        (gcsdoc <StorageBucketObjectName>)|
+        <JSONData>
 
 gam <UserTypeEntity> create note [title <String>]
         [missingtextvalue <String>]
-        <NoteContent>
+        <KeepNoteContent>
         [copyacls [copyowneraswriter]]
         [compact|formatjson|nodetails]
 
@@ -8242,12 +8319,17 @@ gam <UserItem> print meettranscripts <MeetConferenceName> [todrive <ToDriveAttri
 
 # Users - Contacts and Profiles
 
+<BiographyContent> ::=
+        <String>|
+        (file|textfile <FileName> [charset <Charset>])|
+        (gdoc <UserGoogleDoc>)
+
 <PeopleContactAttribute> ::=
         (additionalname|middlename <String>)|
         (address clear|(work|home|other|<String> ((formatted|unstructured <String>)|(streetaddress <String>)|(pobox <String>)|
             (neighborhood <String>)|(locality <String>)|(region <String>)|(postalcode <String>)|(country <String>))* notprimary|primary))|
         (billinginfo <String>)|
-        (biography|biographies <String>|(file <FileName> [charset <Charset>])|(gdoc <UserGoogleDoc>))|
+        (biography|biographies <BiographyContent)|
         (birthday <Date>)|
         (calendar clear|(work|home|free-busy|<String> <URL> notprimary|primary))|
         (clientdata <String> <String>)|

src/GamUpdate.txt

@@ -1,3 +1,223 @@
+7.31.06
+
+Added option `batchsize <Integer>` to `gam calendar <CalendarEntity> delete|purge events` and
+`gam <UserTypeEntity> delete|purge events <UserCalendarEntity>` that causes GAM to delete events
+with batch API calls rather than with individual API calls.
+
+7.31.05
+
+Added option `variables <RESearchPattern>` to `gam select section <SectionName> verify` and `gam config verify`
+that causes GAM to only display variables with names selected by `<RESearchPattern>`.
+```
+gam select School verify variables "^(customer|domain)"
+Section: School
+  customer_id = C03abc123
+  domain = school.edu
+
+gam config verify variables  'dir'
+Section: DEFAULT
+  cache_dir = ~/GamConfig/gamcache ; /Users/gamteam/GamConfig/gamcache
+  config_dir = ~/GamConfig ; /Users/gamteam/GamConfig
+  drive_dir = ~/GamWork ; /Users/gamteam/GamWork
+  gmail_cse_incert_dir = ~/GmailCSE/Certs ; /Users/gamteam/GmailCSE/Certs
+  gmail_cse_inkey_dir = ~/GmailCSE/Keys ; /Users/gamteam/GmailCSE/Keys
+  input_dir = .
+```
+
+7.31.04
+
+Fixed bug in `gam report admin|chrome` that caused to events to not be displayed.
+
+Updated `gam <UserTypeEntity> print|show messages|threads ... query <QueryGmail>` to display the query.
+
+7.31.03
+
+Due to the following Calendar API update, the `gam <UserTypeEntity> transfer calendars` command has been removed.
+* See: https://developers.google.com/workspace/calendar/release-notes#October_27_2025
+Data ownership can be transferred in the Google Calendar UI.
+
+7.31.02
+
+Added the following options to `gam <UserTypeEntity> copy drivefile`
+to limit copying to those files owned by selected users.
+* `copysubfilesownedby users <EmailAddressList>` - Only files owned by users in `<EmailAddressList>` are copied.
+* `copysubfilesownedby notusers <EmailAddressList>` - Only files not owned by users in `<EmailAddressList>` are copied.
+* `copysubfilesownedby regex <REMatchPattern>` - Only files owned by users whose email addresses match `<REMatchPattern>` are copied.
+* `copysubfilesownedby notregex <REMatchPattern>` - Only files owned by users whose email addresses do not match `<REMatchPattern>` are copied.
+
+7.31.01
+
+Code cleanup for `addcsvdata <FieldName> <String>`.
+
+7.31.00
+
+Fixed bug in `gam report chrome (user <UserItem>)|(select <UserTypeEntity>)` where no activities were returned.
+`report chrome` does not use the parameter `userKey=<EmailAddress>` as do other applications but requires
+parameter `filter DEVICE_USER==<EmailAddress>`.
+
+Updated `gam report admin (user <UserItem>)|(select <UserTypeEntity>)` to use parameter `filter USER_EMAIL==<EmailAddress>`
+to display activiities affecting the user `<EmailAddress>`. Use option `userisactor` to use the parameter `userKey=<EmailAddress>`
+that displays activities where user `<EmailAddress>` executed the command that generated the activity.
+
+Fixed bug in `gam print cros|filelist|users ... (addcsvdata <FieldName> <String>)+ formatjson` where the `addcsvdata` columns
+were not displayed but the additional field values were included in the JSON data. Now, the `addcsvdata` columns
+are displayed but the additional field values are only included in the JSON data when option `includdecsvdatainjson` is specified.
+
+Added option `addcsvdata <FieldName> <String>` to `gam <UserTypeEntity> print cigroups|groups`
+that adds additional columns of data to the CSV file output.
+
+Added option `addcsvdata <FieldName> <String>` to `gam <UserTypeEntity> print cigroupmembere|group-members`
+that adds additional columns of data to the CSV file output.
+
+7.30.05
+
+Added option `gmaileventtypes <NumberRangeList>` to `gam report gmail` that can be used to limit the event types displayed.
+```
+<NumberRange> ::= <Number>|(<Number>/<Number>)
+<NumberRangeList> ::= "<NumberRange>(,<NumberRange>)*"
+
+gam report gmail user user@domain.com gmaileventtypes 1,10/11
+```
+* See: https://developers.google.com/workspace/admin/reports/v1/appendix/activity/gmail
+
+Updated sorting of column headers in `gam report <ActivityApplicationName>`.
+
+7.30.04
+
+Updated `gam report gmail` to avoid the following error when incomplete start/end time information is provided.
+```
+ERROR: Invalid request: Start time and end time should both be provided, and the scan duration should not be greater than 30 days.
+```
+* No time information provided - GAM sets `range -30d today`
+* Only `start <Time>`  provided - GAM sets `end <Time>+30d`
+* Only `end <Time>` provided - GAM sets `start <Time>-30d`
+
+7.30.03
+
+Updated `gam report <ActivityApplicationName>` to reflect the changes described here:
+* See: https://workspaceupdates.googleblog.com/2025/12/google-workspace-audit-log-api.html
+
+Added option `resourcedetailsfilter <String>` to `gam report <ActivityApplicationName>` described here:
+* See: https://developers.google.com/workspace/admin/reports/reference/rest/v1/activities/list#query-parameters
+
+For `gam <UserTypeEntity> print <Objects>`, expanded the list of `<Objects>` covered by `gam.cfg csv_output_users_audit = True`.
+
+7.30.02
+
+Added option `conferencedata meet <MeetID>` to `<EventAttribute>` that allows specifying
+a reference to an existing Google Meet when creating/updating a calendar event.
+
+Upgraded to Python 3.14.2.
+
+7.30.01
+
+Fixed bug introduced in 7.30.00 that caused errors when reading CSV files.
+
+Added the following options to `gam <UserTypeEntity> create focustime|outofoffice`:
+```
+((date yyyy-mm-dd)|
+ (range yyyy-mm-dd yyyy-mm-dd)|
+ (daily yyyy-mm-dd N)|
+ (weekly yyyy-mm-dd N))
+```
+
+Added the following options to `gam <UserTypeEntity> create focustime|outofoffice|workinglocation`:
+```
+noreminders|(reminder email|popup <Number>)+
+```
+
+7.30.00
+
+Added `input_dir` directory variable to `gam.cfg` that is used to select a directory for reading files with non-absolute file names.
+The default is '.' that matches the current behavior where these files are read from the current working directory.
+This will be most useful in multiple domain situations where each domain will have distinct `drive_dir` and `input_dir` values.
+
+Added support for the new resource calendar setting `autoAcceptInvitations`.
+
+7.29.04
+
+Updated `gam delete chromepolicy chrome.users.apps.InstallType ou <OrgUnitItem> appid <AppID>`
+to allow deleting an app, i.e., explicitly remove it from management. `<OrgUnitItem>` must specify where it was added for management.
+
+7.29.03
+
+Remove debugging message from `gam <UserTypeEntity> move drivefile <DriveFileEntity>`.
+
+7.29.02
+
+Fixed bug in `gam <UserTypeEntity> move drivefile <DriveFileEntity>` where the following options
+were only applied to top level files or folders re-created in the destination. Now, domain
+and email address mappings apply to all moved files/folders.
+```
+excludepermissionsfromdomains <DomainNameList>
+includepermissionsfromdomains <DomainNameList>
+mappermissionsdomain <DomainName> <DomainName>
+mappermissionsemail <EmailAddress> <EmailAddress>
+mappermissionsemailfile <CSVFileInput> endcsv
+```
+
+Upgraded to Python 3.14.1.
+
+7.29.01
+
+Added option `oneitemperrow` to `gam <UserTypeEntity> print calendars ... permissions` to have each of a
+calendar's permissions displayed on a separate row with all of the other calendar fields.
+
+Updated `gam yubikey reset_piv` to handle YubiKey firmware updates that caused an error.
+
+7.29.00
+
+Added options `mappermissionsemail <EmailAddress> <EmailAddress>` and ` mappermissionsemailfile <CSVFileInput> endcsv`
+to these commands:
+```
+gam [<UserTypeEntity>] copy shareddriveacls <SharedDriveEntity> to <SharedDriveEntity>
+gam [<UserTypeEntity>] sync shareddriveacls <SharedDriveEntity> with <SharedDriveEntity>
+gam <UserTypeEntity> copy drivefile <DriveFileEntity>
+gam <UserTypeEntity> move drivefile <DriveFileEntity>
+```
+When `mappermissionsemail <EmailAddress> <EmailAddress>` is specifed, an ACL that references the first `<EmailAddress>`
+in the source will be modified to reference the second `<EmailAddress>` in the destination.
+
+Bulk permission email address mapping can be specified with `mappermissionsemailfile <CSVFileInput> endcsv`.
+`<CSVFileInput>` must include these columns: `sourceEmail` and `destinationEmail`.
+
+These options will be most useful with inter-workspace Shared Drive copies and moves.
+
+7.28.13
+
+Added option `addcsvdata <FieldName> <String>` to `gam <UserTypeEntity> print messages`
+that adds additional columns of data to the CSV file output.
+
+7.28.12
+
+Updated `gam delete project` to handle the following error:
+```
+ERROR: 400: failedPrecondition - Project not active
+```
+
+7.28.11
+
+Removed all options/fields referencing inheritance from `gam create|update|info|print org` as this option/field is deprecated.
+
+7.28.10
+
+Added a command `gam print course-counts` that dsplays the count of the number of courses in which a teacher or student is a participant.
+
+* See: https://github.com/GAM-team/GAM/wiki/Classroom-Membership#display-course-counts-for-teachers-students
+
+7.28.09
+
+Fixed bug in `gam print cigroups ... descriptionmatchpattern [not] <REMatchPattern>` that caused a trap.
+
+7.28.08
+
+Updated `gam <UserTypeEntity> print|show chatmessages` to cache the sender UID to email address
+map so that each sender UID only has to be looked up once; this improves performance.
+
+7.28.07
+
+Fixed bug in `gam report users ... aggregatebydate|aggregatebyuser` where `accounts:used_quota_in_percentage` was incorrectly displayed.
+
 7.28.06
 
 Updated `gam <UserTypeEntity> info|print|show calendars` and
@@ -17311,7 +17531,7 @@ Current version of Gam with drive_v3_name_names = false
 Owner,title,parents,parents.0.id,parents.1.id
 testuser@domain.com,TestFile,2,PPPP1111,PPPP2222
 
-Current        version        of Gam with drive_v3_name_names        = true
+Current version of Gam with drive_v3_name_names = true
 Owner,name,parents
 testuser@domain.com,TestFile,PPPP1111 PPPP2222
 

src/gam/gamlib/glapi.py

@@ -50,6 +50,7 @@ CLOUDIDENTITY_INBOUND_SSO = 'cloudidentityinboundsso'
 CLOUDIDENTITY_ORGUNITS = 'cloudidentityorgunits'
 CLOUDIDENTITY_ORGUNITS_BETA = 'cloudidentityorgunitsbeta'
 CLOUDIDENTITY_POLICY = 'cloudidentitypolicy'
+CLOUDIDENTITY_POLICY_BETA = 'cloudidentitypolicybeta'
 CLOUDIDENTITY_USERINVITATIONS = 'cloudidentityuserinvitations'
 CLOUDRESOURCEMANAGER = 'cloudresourcemanager'
 CONTACTS = 'contacts'
@@ -245,6 +246,7 @@ _INFO = {
   CLOUDIDENTITY_ORGUNITS: {'name': 'Cloud Identity API - OrgUnits', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
   CLOUDIDENTITY_ORGUNITS_BETA: {'name': 'Cloud Identity API - OrgUnits Beta', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
   CLOUDIDENTITY_POLICY: {'name': 'Cloud Identity API - Policy', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
+  CLOUDIDENTITY_POLICY_BETA: {'name': 'Cloud Identity API - Policy Beta', 'version': 'v1beta1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
   CLOUDIDENTITY_USERINVITATIONS: {'name': 'Cloud Identity API - User Invitations', 'version': 'v1', 'v2discovery': True, 'mappedAPI': 'cloudidentity'},
   CLOUDRESOURCEMANAGER: {'name': 'Cloud Resource Manager API v3', 'version': 'v3', 'v2discovery': True},
   CONTACTS: {'name': 'Contacts API', 'version': 'v3', 'v2discovery': False},
@@ -398,6 +400,11 @@ _CLIENT_SCOPES = [
    'subscopes': READONLY,
    'roByDefault': True,
    'scope': 'https://www.googleapis.com/auth/cloud-identity.policies'},
+  {'name': 'Cloud Identity API - Policy Beta',
+   'api': CLOUDIDENTITY_POLICY_BETA,
+   'subscopes': [],
+   'offByDefault': True,
+   'scope': 'https://www.googleapis.com/auth/cloud-identity.policies'},
   {'name': 'Cloud Identity API - User Invitations',
    'api': CLOUDIDENTITY_USERINVITATIONS,
    'subscopes': READONLY,

src/gam/gamlib/glcfg.py

@@ -157,7 +157,7 @@ DEVELOPER_PREVIEW_API_KEY = 'developer_preview_api_key'
 DEVICE_MAX_RESULTS = 'device_max_results'
 # Domain obtained from gam.cfg or oauth2.txt
 DOMAIN = 'domain'
-# Google Drive download directory
+# directory for file output
 DRIVE_DIR = 'drive_dir'
 # When retrieving lists of Drive files/folders from API, how many should be retrieved in each chunk
 DRIVE_MAX_RESULTS = 'drive_max_results'
@@ -177,6 +177,8 @@ EXTRA_ARGS = 'extra_args'
 GMAIL_CSE_INCERT_DIR = 'gmail_cse_incert_dir'
 # Gmail CSE KACL wrapped key files
 GMAIL_CSE_INKEY_DIR = 'gmail_cse_inkey_dir'
+# directory for file input
+INPUT_DIR = 'input_dir'
 # When processing items in batches, how many seconds should GAM wait between batches
 INTER_BATCH_WAIT = 'inter_batch_wait'
 # When retrieving lists of licenses from API, how many should be retrieved in each chunk
@@ -394,6 +396,7 @@ Defaults = {
   EXTRA_ARGS: '',
   GMAIL_CSE_INCERT_DIR: '',
   GMAIL_CSE_INKEY_DIR: '',
+  INPUT_DIR: '.',
   INTER_BATCH_WAIT: '0',
   LICENSE_MAX_RESULTS: '100',
   LICENSE_SKUS: '',
@@ -564,6 +567,7 @@ VAR_INFO = {
   EXTRA_ARGS: {VAR_TYPE: TYPE_FILE, VAR_SIGFILE: FN_EXTRA_ARGS_TXT, VAR_SFFT: ('', FN_EXTRA_ARGS_TXT), VAR_ACCESS: os.R_OK},
   GMAIL_CSE_INCERT_DIR: {VAR_TYPE: TYPE_DIRECTORY},
   GMAIL_CSE_INKEY_DIR: {VAR_TYPE: TYPE_DIRECTORY},
+  INPUT_DIR: {VAR_TYPE: TYPE_DIRECTORY},
   INTER_BATCH_WAIT: {VAR_TYPE: TYPE_FLOAT, VAR_LIMITS: (0.0, 60.0)},
   LICENSE_MAX_RESULTS: {VAR_TYPE: TYPE_INTEGER, VAR_LIMITS: (10, 1000)},
   LICENSE_SKUS: {VAR_TYPE: TYPE_STRING, VAR_LIMITS: (0, None)},

src/gam/gamlib/glclargs.py

@@ -788,6 +788,7 @@ class GamCLArgs():
   ARG_CLASSIFICATIONLABELPERMISSIONS = 'classificationlabelpermissions'
   ARG_CLASS = 'class'
   ARG_CLASSES = 'classes'
+  ARG_CLASSCOUNTS = 'classcounts'
   ARG_CLASSPARTICIPANTS = 'classparticipants'
   ARG_CLASSROOMINVITATION = 'classroominvitation'
   ARG_CLASSROOMINVITATIONS = 'classroominvitations'
@@ -806,6 +807,7 @@ class GamCLArgs():
   ARG_COURSE = 'course'
   ARG_COURSES = 'courses'
   ARG_COURSEANNOUNCEMENTS = 'courseannouncements'
+  ARG_COURSECOUNTS = 'coursecounts'
   ARG_COURSEMATERIALS = 'coursematerials'
   ARG_COURSEPARTICIPANTS = 'courseparticipants'
   ARG_COURSESTUDENTGROUP = 'coursestudentgroup'
@@ -1276,6 +1278,7 @@ class GamCLArgs():
   OB_MATTER_ITEM = 'MatterItem'
   OB_MATTER_ITEM_LIST = 'MatterItemList'
   OB_MEET_CONFERENCE_NAME = 'MeetConferenceName'
+  OB_MEET_ID = 'MeetID'
   OB_MESSAGE_ID = 'MessageID'
   OB_MIMETYPE = 'MimeType'
   OB_MIMETYPE_LIST = 'MimeTypeList'
@@ -1283,6 +1286,7 @@ class GamCLArgs():
   OB_MOBILE_ENTITY = 'MobileEntity'
   OB_NETWORK_ID = 'networkID'
   OB_NAME = 'Name'
+  OB_NUMBER_RANGE_LIST = 'NumberRangeList'
   OB_ORGANIZER_TYPE_LIST = 'OrganizerTypeList'
   OB_ORGUNIT_ENTITY = 'OrgUnitEntity'
   OB_ORGUNIT_ITEM = 'OrgUnitItem'

src/gam/gamlib/glgapi.py

@@ -42,6 +42,7 @@ CANNOT_DELETE_PERMISSION = 'cannotDeletePermission'
 CANNOT_DELETE_PRIMARY_CALENDAR = 'cannotDeletePrimaryCalendar'
 CANNOT_DELETE_PRIMARY_SENDAS = 'cannotDeletePrimarySendAs'
 CANNOT_DELETE_RESOURCE_WITH_CHILDREN = 'cannotDeleteResourceWithChildren'
+CANNOT_MODIFY_ACL_OF_CALENDAR_OWNER = 'cannotModifyAclOfCalendarOwner'
 CANNOT_MODIFY_INHERITED_PERMISSION = 'cannotModifyInheritedPermission'
 CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION = 'cannotModifyInheritedTeamDrivePermission'
 CANNOT_MODIFY_RESTRICTED_LABEL = 'cannotModifyRestrictedLabel'
@@ -55,6 +56,7 @@ CANNOT_SHARE_GROUPS_WITHLINK = 'cannotShareGroupsWithLink'
 CANNOT_SHARE_USERS_WITHLINK = 'cannotShareUsersWithLink'
 CANNOT_SHARE_TEAMDRIVE_TOPFOLDER_WITH_ANYONEORDOMAINS = 'cannotShareTeamDriveTopFolderWithAnyoneOrDomains'
 CANNOT_SHARE_TEAMDRIVE_WITH_NONGOOGLE_ACCOUNTS = 'cannotShareTeamDriveWithNonGoogleAccounts'
+CANNOT_UNSUBSCRIBE_FROM_OWNED_CALENDAR = 'cannotUnsubscribeFromOwnedCalendar'
 CANNOT_UPDATE_PERMISSION = 'cannotUpdatePermission'
 CONDITION_NOT_MET = 'conditionNotMet'
 CONFLICT = 'conflict'
@@ -179,6 +181,7 @@ TEAMDRIVES_SHARING_RESTRICTION_NOT_ALLOWED = 'teamDrivesSharingRestrictionNotAll
 TEAMDRIVES_SHORTCUT_FILE_NOT_SUPPORTED = 'teamDrivesShortcutFileNotSupported'
 TIME_RANGE_EMPTY = 'timeRangeEmpty'
 TRANSIENT_ERROR = 'transientError'
+UNIMPLEMENTED_ERROR = 'unimplementedError'
 UNKNOWN_ERROR = 'unknownError'
 UNSUPPORTED_LANGUAGE_CODE = 'unsupportedLanguageCode'
 UNSUPPORTED_SUPERVISED_ACCOUNT = 'unsupportedSupervisedAccount'
@@ -405,6 +408,8 @@ class cannotDeletePrimarySendAs(Exception):
   pass
 class cannotDeleteResourceWithChildren(Exception):
   pass
+class cannotModifyAclOfCalendarOwner(Exception):
+  pass
 class cannotModifyInheritedPermission(Exception):
   pass
 class cannotModifyInheritedTeamDrivePermission(Exception):
@@ -431,6 +436,8 @@ class cannotShareTeamDriveTopFolderWithAnyoneOrDomains(Exception):
   pass
 class cannotShareTeamDriveWithNonGoogleAccounts(Exception):
   pass
+class cannotUnsubscribeFromOwnedCalendar(Exception):
+  pass
 class cannotUpdatePermission(Exception):
   pass
 class conditionNotMet(Exception):
@@ -671,6 +678,8 @@ class timeRangeEmpty(Exception):
   pass
 class transientError(Exception):
   pass
+class unimplementedError(Exception):
+  pass
 class unknownError(Exception):
   pass
 class unsupportedLanguageCode(Exception):
@@ -710,6 +719,7 @@ REASON_EXCEPTION_MAP = {
   CANNOT_DELETE_PRIMARY_CALENDAR: cannotDeletePrimaryCalendar,
   CANNOT_DELETE_PRIMARY_SENDAS: cannotDeletePrimarySendAs,
   CANNOT_DELETE_RESOURCE_WITH_CHILDREN: cannotDeleteResourceWithChildren,
+  CANNOT_MODIFY_ACL_OF_CALENDAR_OWNER: cannotModifyAclOfCalendarOwner,
   CANNOT_MODIFY_INHERITED_PERMISSION: cannotModifyInheritedPermission,
   CANNOT_MODIFY_INHERITED_TEAMDRIVE_PERMISSION: cannotModifyInheritedTeamDrivePermission,
   CANNOT_MODIFY_RESTRICTED_LABEL: cannotModifyRestrictedLabel,
@@ -723,6 +733,7 @@ REASON_EXCEPTION_MAP = {
   CANNOT_SHARE_USERS_WITHLINK: cannotShareUsersWithLink,
   CANNOT_SHARE_TEAMDRIVE_TOPFOLDER_WITH_ANYONEORDOMAINS: cannotShareTeamDriveTopFolderWithAnyoneOrDomains,
   CANNOT_SHARE_TEAMDRIVE_WITH_NONGOOGLE_ACCOUNTS: cannotShareTeamDriveWithNonGoogleAccounts,
+  CANNOT_UNSUBSCRIBE_FROM_OWNED_CALENDAR: cannotUnsubscribeFromOwnedCalendar,
   CANNOT_UPDATE_PERMISSION: cannotUpdatePermission,
   CONDITION_NOT_MET: conditionNotMet,
   CONFLICT: conflict,
@@ -843,6 +854,7 @@ REASON_EXCEPTION_MAP = {
   TEAMDRIVES_SHORTCUT_FILE_NOT_SUPPORTED: teamDrivesShortcutFileNotSupported,
   TIME_RANGE_EMPTY: timeRangeEmpty,
   TRANSIENT_ERROR: transientError,
+  UNIMPLEMENTED_ERROR: unimplementedError,
   UNKNOWN_ERROR: unknownError,
   UNSUPPORTED_LANGUAGE_CODE: unsupportedLanguageCode,
   UNSUPPORTED_SUPERVISED_ACCOUNT: unsupportedSupervisedAccount,

src/gam/gamlib/glmsgs.py

@@ -355,6 +355,7 @@ LESS_THAN_1_SECOND = 'less than 1 second'
 LIST_CHROMEOS_INVALID_INPUT_PAGE_TOKEN_RETRY = 'List ChromeOSdevices Invalid Input: pageToken retry'
 LOGGING_INITIALIZATION_ERROR = 'Logging initialization error: {0}'
 LOOKING_UP_GOOGLE_UNIQUE_ID = 'Looking up Google Unique ID'
+MAP_PERMISSIONS_EMAIL_FILE_HEADERS_REQUIRED = '{0} <CSVFileInput> requires headers "sourceEmail" and "destinationEmail"'
 MARKED_AS = 'Marked as'
 MATCHED_THE_FOLLOWING = 'Matched the following'
 MATTER_NOT_OPEN = 'Matter needs to be open, current state is: {0}'

src/gam/gamlib/yubikey.py

@@ -19,12 +19,11 @@
 """YubiKey"""
 
 import base64
+from datetime import datetime, timedelta
 from secrets import SystemRandom
 import string
 import sys
 
-import arrow
-
 from gam import mplock
 
 from gam import systemErrorExit
@@ -41,7 +40,6 @@ from ykman.piv import generate_self_signed_certificate, generate_chuid
 from yubikit.piv import DEFAULT_MANAGEMENT_KEY, \
                         InvalidPinError, \
                         KEY_TYPE, \
-                        MANAGEMENT_KEY_TYPE, \
                         PIN_POLICY, \
                         PivSession, \
                         OBJECT_ID, \
@@ -149,17 +147,17 @@ class YubiKey():
         piv.change_puk('12345678', new_puk)
         piv.change_pin('123456', new_pin)
         writeStdout(Msg.YUBIKEY_PIN_SET_TO.format(new_pin))
-        piv.authenticate(MANAGEMENT_KEY_TYPE.TDES, DEFAULT_MANAGEMENT_KEY)
+        piv.authenticate(piv.management_key_type, DEFAULT_MANAGEMENT_KEY)
         piv.verify_pin(new_pin)
         writeStdout(Msg.YUBIKEY_GENERATING_NONEXPORTABLE_PRIVATE_KEY)
         pubkey = piv.generate_key(SLOT.AUTHENTICATION,
                                   KEY_TYPE.RSA2048,
                                   PIN_POLICY.ALWAYS,
                                   TOUCH_POLICY.NEVER)
-        now = arrow.utcnow()
-        valid_to = now.shift(days=36500)
+        now = datetime.utcnow()
+        valid_to = now + timedelta(days=3650)
         subject = 'CN=GAM Created Key'
-        piv.authenticate(MANAGEMENT_KEY_TYPE.TDES, DEFAULT_MANAGEMENT_KEY)
+        piv.authenticate(piv.management_key_type, DEFAULT_MANAGEMENT_KEY)
         piv.verify_pin(new_pin)
         cert = generate_self_signed_certificate(piv,
                                                 SLOT.AUTHENTICATION,

src/tools/ssd.mjs

@@ -9,7 +9,7 @@ import { TOTP } from 'totp-generator';
 
 async function screenshot(driver, filename) {
   // uncomment to save .png screenshots
-  //await driver.saveScreenshot(filename);
+  await driver.saveScreenshot(filename);
   return
 }
 

wiki/Authorization.md

@@ -30,8 +30,8 @@
   - [Update an existing Service Account key](#update-an-existing-service-account-key)
   - [Replace all existing Service Account keys](#replace-all-existing-service-account-keys)
   - [Delete Service Account keys](#delete-service-account-keys)
-  - [Upload a Service Account key to a service account with no keys](#upload-a-service-account-key-to-a-service-account-with-no-keys)
   - [Display Service Account keys](#display-service-account-keys)
+  - [Upload a Service Account key to a service account without a valid private key](#upload-a-service-account-key-to-a-service-account-without-a-valid-private-key)
 - [Manage Service Account access](#manage-service-account-access)
   - [Full Service Account access](#full-service-account-access)
   - [Selective Service Account access](#selective-service-account-access)
@@ -394,9 +394,9 @@ gam show projects [[admin] <EmailAddress>] [all|<ProjectIDEntity>]
 * `<EmailAddress>` - A Google Workspace admin/GCP project manager; if omitted, you will be prompted for the address
 
 Use these options to select projects.
-* `all` - All projects accessible by the administrator; this is the default
+* `all` - All projects accessible by the administrator
 * `current` - The project referenced in `client_secrets.json`
-* `gam` - Projects accessible by the administrator that were created by Gam, i.e, their project ID begins with `gam-project-`
+* `gam` - Projects accessible by the administrator that were created by Gam, i.e, their project ID begins with `gam-project-`; this is the default
 * `<ProjectID>` - A Google API project ID
 * `filter <String>` - A filter to select projects accessible by the administrator; see the API documentation
 * `states all|active|deleterequested` - Limit display to projects based on state; the default is `active`
@@ -412,9 +412,9 @@ gam print projects [[admin] <EmailAddress>] [all|<ProjectIDEntity>] [todrive <To
 * `<EmailAddress>` - A Google Workspace admin/GCP project manager; if omitted, you will be prompted for the address
 
 Use these options to select projects.
-* `all` - All projects accessible by the administrator; this is the default
+* `all` - All projects accessible by the administrator
 * `current` - The project referenced in `client_secrets.json`
-* `gam` - Projects accessible by the administrator that were created by Gam, i.e, their project ID begins with `gam-project-`
+* `gam` - Projects accessible by the administrator that were created by Gam, i.e, their project ID begins with `gam-project-`; this is the default
 * `<ProjectID>` - A Google API project ID
 * `filter <String>` - A filter to select projects accessible by the administrator; see the API documentation
 * `states all|active|deleterequested` - Limit display to projects based on state; the default is `active`
@@ -781,6 +781,14 @@ Here are some sample values:
 Create a new Service Account private key; all existing private keys remain valid.
 The `oauth2service.json` file is updated with the new private key.
 
+This command requires that the current Service Account private key is valid, if you get the following error:
+```
+ERROR: 401: authError - Request had invalid authentication credentials.
+Expected OAuth 2 access token, login cookie or other valid authentication credential.
+See https://developers.google.com/identity/sign-in/web/devconsole-project.
+```
+see: [Upload a Service Account key to a service account without a valid private key](#upload-a-service-account-key-to-a-service-account-without-a-valid-private-key)
+
 Keep a good record of where each Service Account key is used as the keys themselves do not record this information.
 
 The two forms of the command are equivalent; the second form is used by Legacy GAM.
@@ -809,6 +817,14 @@ The `oauth2service.json` file is updated with the new private key. If you had pr
 this `oauth2service.json` file to other users, you must redistribute the updated file as the private key
 in the distributed copies has been revoked.
 
+This command requires that the current Service Account private key is valid, if you get the following error:
+```
+ERROR: 401: authError - Request had invalid authentication credentials.
+Expected OAuth 2 access token, login cookie or other valid authentication credential.
+See https://developers.google.com/identity/sign-in/web/devconsole-project.
+```
+see: [Upload a Service Account key to a service account without a valid private key](#upload-a-service-account-key-to-a-service-account-without-a-valid-private-key)
+
 The two forms of the command are equivalent; the second form is used by Legacy GAM.
 ```
 gam update sakey
@@ -828,6 +844,14 @@ in the distributed copies has been revoked.
 
 This command can be used if your Service Account keys have been compromised; all existing private keys are revoked.
 
+This command requires that the current Service Account private key is valid, if you get the following error:
+```
+ERROR: 401: authError - Request had invalid authentication credentials.
+Expected OAuth 2 access token, login cookie or other valid authentication credential.
+See https://developers.google.com/identity/sign-in/web/devconsole-project.
+```
+see: [Upload a Service Account key to a service account without a valid private key](#upload-a-service-account-key-to-a-service-account-without-a-valid-private-key)
+
 The two forms of the command are equivalent; the second form is used by Legacy GAM.
 ```
 gam replace sakeys
@@ -844,25 +868,20 @@ You can delete Service Accounts keys thus revoking access for that key. Generall
 delete a service account key for a distributed copy of an `oauth2service.json` file to disable
 that user's service account access.
 
+This command requires that the current Service Account private key is valid, if you get the following error:
+```
+ERROR: 401: authError - Request had invalid authentication credentials.
+Expected OAuth 2 access token, login cookie or other valid authentication credential.
+See https://developers.google.com/identity/sign-in/web/devconsole-project.
+```
+see: [Upload a Service Account key to a service account without a valid private key](#upload-a-service-account-key-to-a-service-account-without-a-valid-private-key)
+
 You can disable your current Service Account key if you specify the `doit` argument. This is your
 acknowledgement that you will have to manually create a new Service Account key in the Developer's Console
 or upload a new key with the `gam upload sakey` command.
 ```
 gam delete sakeys <ServiceAccountKeyList>+ [doit]
 ```
-## Upload a Service Account key to a service account with no keys
-There are two cases where you will use this command:
-* Your workspace is configured to disable service account private key uploads and you are creating a project.
-* All of your service account keys have been deleted, either manually or with the `gam delete sakeys` command.
-
-The `oauth2service.json` file is updated with the new private key. If you had previously distributed
-any `oauth2service.json` file to other users, you must redistribute the updated file with the new key.
-```
-gam upload sakey [admin <EmailAddress>]
-        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        (localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
-```
 ## Display Service Account keys
 There are system keys and user keys; user keys are what Gam uses; GCP uses system keys.
 
@@ -876,6 +895,19 @@ gam show sakeys [all|system|user]
 
 The private key currently being used in `oauth2service.json` will be marked as `usedToAuthenticateThisRequest: True`.
 
+## Upload a Service Account key to a service account without a valid private key
+There are two cases where you will use this command:
+* Your workspace is configured to disable service account private key uploads and you are creating a project.
+* All of your service account keys have been deleted, either manually or with the `gam delete sakeys` command.
+
+The `oauth2service.json` file is updated with the new private key. If you had previously distributed
+any `oauth2service.json` file to other users, you must redistribute the updated file with the new key.
+```
+gam upload sakey [admin <EmailAddress>]
+        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
+```
 ## Manage Service Account access
 
 ## Full Service Account access

wiki/Basic-Items.md

@@ -409,6 +409,8 @@
 <MatterItem> ::= <UniqueID>|<String>
 <MatterState> ::= open|closed|deleted
 <MeetConferenceName> ::= conferenceRecords/<String>
+<MeetID> ::= <String>
+       Must match this Python Regular Expression: [a-z]{3}-[a-z]{4}-[a-z]{3}
 <MeetSpaceName> ::= spaces/<String> | <String>
 <MessageContent> ::=
         (message|textmessage|htmlmessage <String>)|
@@ -424,6 +426,7 @@
         (gdoc|ghtml <UserGoogleDoc>)|
         (gcsdoc|gcshtml <StorageBucketObjectName>)
 <NumberOfSeats> ::= <Number>
+<NumberRange> ::= <Number>|(<Number>/<Number>)
 <OrgUnitID> ::= id:<String>
 <OrgUnitPath> ::= /|(/<String>)+
 <OrgUnitItem> ::= <OrgUnitID>|<OrgUnitPath>
@@ -564,11 +567,11 @@
         (tdreturnidonly [<Boolean>])|
         (tdshare <EmailAddress> commenter|reader|writer)*|
         (tdsheet (id:<Number>)|<String>)|
-        (tdsheettimestamp [<Boolean>] [tdsheettimeformat <String>])
+        (tdsheettimestamp [<Boolean>] [tdsheettimeformat <DateTimeFormat>])
         (tdsheettitle <String>)|
         (tdsubject <String>)|
         ([tdsheetdaysoffset <Number>] [tdsheethoursoffset <Number>])|
-        (tdtimestamp [<Boolean>] [tdtimeformat <String>]
+        (tdtimestamp [<Boolean>] [tdtimeformat <DateTimeFormat>]
             [tddaysoffset <Number>] [tdhoursoffset <Number>])|
         (tdtimezone <TimeZone>)|
         (tdtitle <String>)|

wiki/Bulk-Processing.md

@@ -38,6 +38,7 @@ Batch files can contain the following types of lines:
 * Blank lines - Ignored
 * \# Comment line - Ignored
 * gam \<GAMArgumentList\> - Execute a GAM command 
+  * File path arguments in \<GAMArgumentList\> should be enclosed in \"
 * commit-batch
   * GAM waits for all running GAM commands to complete
   * GAM continues

wiki/Calendars-Events.md

@@ -78,6 +78,8 @@ Client access works when accessing Resource calendars.
         <CSVkmdSelector> | <CSVDataSelector>
         See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <iCalUID> ::= <String>
+<MeetID> ::= <String>
+       Must match this Python Regular Expression: [a-z]{3}-[a-z]{4}-[a-z]{3}
 
 <EventAttachmentsSubfieldName> ::=
         attachments.fileid|
@@ -150,7 +152,8 @@ Client access works when accessing Resource calendars.
         endtimeunspecified|
         extendedproperties|
         eventtype|
-        <EventFocusTimePropertiesSubfieldName>
+        focustimeproperties|
+        <EventFocusTimePropertiesSubfieldName>|
         gadget|
         guestscaninviteothers|
         guestscanmodify|
@@ -164,7 +167,8 @@ Client access works when accessing Resource calendars.
         organizer|
         <EventOrganizerSubfieldName>|
         originalstart|originalstarttime|
-        <EventOutOfOfficePropertiesSubfieldName>
+        outofofficeproperties|
+        <EventOutOfOfficePropertiesSubfieldName>|
         privatecopy|
         recurrence|
         recurringeventid|
@@ -254,6 +258,7 @@ Client access works when accessing Resource calendars.
         (birthday <Date>)|
         (color <EventColorName>)|
         (colorindex|colorid <EventColorIndex>)|
+        (conferencedata meet <MeetID>)|
         (description <String>)|
         (end|endtime (allday <Date>)|<Time>)|
         (guestscaninviteothers <Boolean>)|
@@ -261,7 +266,7 @@ Client access works when accessing Resource calendars.
         (guestscanmodify <Boolean>)|
         (guestscanseeotherguests <Boolean>)|
         guestscantseeotherguests|
-        hangoutsmeet|
+        googlemeet|hangoutsmeet|
         <JSONData>|
         (jsonattendees [charset <Charset>] <String>)|
         (jsonattendees file <FileName> [charset <Charset>])|
@@ -302,7 +307,7 @@ The following attributes are equivalent:
         <EventAttribute>|
         clearattachments|
         clearattendees|
-        clearhangoutsmeet|
+        cleargooglemeet|clearhangoutsmeet|
         (clearprivateproperty <PropertyKey>)|
         clearresources|
         (clearsharedproperty <PropertyKey>)|

wiki/Calendars.md

@@ -27,12 +27,14 @@ Client access works when accessing Resource calendars.
         See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 
 <CalendarSettings> ::=
+        (autoacceptinvitations [<Boolean>])|
         (description <String>)|
         (location <String>)|
         (summary <String>)|
         (timezone <TimeZone>)
 
 <CalendarSettingsField> ::=
+        autoacceptinvitations|3
         conferenceproperties|
         dataowner|
         description|

wiki/Chrome-Policies.md

@@ -9,6 +9,7 @@
 - [Create a Chrome policy image](#create-a-chrome-policy-image)
 - [Update Chrome policy](#update-chrome-policy)
 - [Delete Chrome policy](#delete-chrome-policy)
+- [Delete Chrome app](#delete-chrome-app)
 - [Display Chrome policies](#display-chrome-policies)
 - [Copy simple policies set directly in one OU to another OU](#copy-simple-policies-set-directly-in-one-ou-to-another-ou)
 - [Copy simple and complex policies set directly in one OU to another OU](#copy-simple-and-complex-policies-set-directly-in-one-ou-to-another-ou)
@@ -265,6 +266,13 @@ gam delete chromepolicy
         ((ou|orgunit <OrgUnitItem>)|(group <GroupItem>))
         [(printerid <PrinterID>)|(appid <AppID>)]
 ```
+
+## Delete Chrome app
+You can  delete an app, i.e., explicitly remove it from management. `<OrgUnitItem>` must specify where the app was added for management.
+```
+gam delete chromepolicy chrome.users.apps.InstallType ou|orgunit <OrgUnitItem> appid <AppID>
+```
+
 ## Display Chrome policies
 You can display policies for all devices/users within an OU, users with a group or for a specific printer or application within an OU.
 

wiki/ChromeOS-Devices.md

@@ -544,7 +544,7 @@ gam print cros [todrive <ToDriveAttribute>*]
         [start <Date>] [end <Date>] [listlimit <Number>]
         [reverselists <CrOSListFieldNameList>]
         [timerangeorder ascending|descending] [showdvrsfp]
-        (addcsvdata <FieldName> <String>)*
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [sortheaders]
         [formatjson [quotechar <Character>]]
 ```
@@ -591,9 +591,11 @@ Add additional columns of data from the command line to the output
 * `addcsvdata <FieldName> <String>`
 
 By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format:
-
 - `formatjson` - Display the fields in JSON format.
 
+If `formatjson` and `addcsvdata` are specified, the option `includecsvdatainjson` causes GAM to add the
+additional field values to the JSON data.
+
 By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
 the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
 When using the `formatjson` option, double quotes are used extensively in the data resulting in hard to read/process output.
@@ -612,7 +614,7 @@ gam <CrOSTypeEntity> print cros [todrive <ToDriveAttribute>*]
         [start <Date>] [end <Date>] [listlimit <Number>]
         [reverselists <CrOSListFieldNameList>]
         [timerangeorder ascending|descending] [showdvrsfp]
-        (addcsvdata <FieldName> <String>)*
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [sortheaders]
         [formatjson [quotechar <Character>]]
 
@@ -623,6 +625,7 @@ gam print cros [todrive <ToDriveAttribute>*] select <CrOSTypeEntity>
         [start <Date>] [end <Date>] [listlimit <Number>]
         [reverselists <CrOSListFieldNameList>]
         [timerangeorder ascending|descending] [showdvrsfp]
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [sortheaders]
         [formatjson [quotechar <Character>]]
 ```
@@ -645,9 +648,11 @@ Add additional columns of data from the command line to the output
 * `addcsvdata <FieldName> <String>`
 
 By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format:
-
 - `formatjson` - Display the fields in JSON format.
 
+If `formatjson` and `addcsvdata` are specified, the option `includecsvdatainjson` causes GAM to add the
+additional field values to the JSON data.
+
 By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
 the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
 When using the `formatjson` option, double quotes are used extensively in the data resulting in hard to read/process output.

wiki/Classroom-Courses.md

@@ -379,7 +379,7 @@ Drive files with `shareMode` `Each student will get a copy` don't seem to be abl
 
 ## Delete courses
 Classes can only be deleted when they are in the ARCHIVED state; to delete a class, you can update its state to ARCHIVED
-and then delete it or you can specify that it be archived as parot of the delete command.
+and then delete it or you can specify that it be archived as part of the delete command.
 ```
 gam delete course <CourseID> [archived]
 gam delete courses <CourseEntity> [archived]

wiki/Classroom-Membership.md

@@ -7,6 +7,7 @@
 - [Bulk membership changes](#bulk-membership-changes)
 - [Display course membership](#display-course-membership)
 - [Display course membership counts](#display-course-membership-counts)
+- [Display course counts for teachers-students](#display-course-counts-for-teachers-students)
 
 ## API documentation
 * [Google Classroom API](https://developers.google.com/classroom/reference/rest)
@@ -167,3 +168,46 @@ $count = & gam print course-participants teacher asmith states active show stude
 Windows Command Prompt
 for /f "delims=" %a in ('gam print course-participants teacher asmith states active show students showitemcountonly') do set count=%a
 ```
+
+## Display course counts for teachers-students
+You can get a count of the number of courses in which a teacher or student is a participant.
+```
+gam print course-counts students|teachers [todrive <ToDriveAttribute>*]
+        (course|class <CourseEntity>)*|([teacher <UserItem>] [student <UserItem>] [states <CourseStateList>])
+        [mincount <Integer>]
+        [formatjson [quotechar <Character>]]
+```
+By default, the `print course-counts` command displays participant counts about all courses.
+
+To get participant counts for a specific set of courses, use the following option; it can be repeated to select multiple courses.
+* `(course|class <CourseID>)*` - Display courses with the specified `<CourseID>`.
+
+To get participant counts for courses based on their having a particular participant, use the following options. Both options can be specified.
+* `teacher <UserItem>` - Display courses with the specified teacher.
+* `student <UserItem>` - Display courses with the specified student.
+
+To get participant counts for courses based on their state, use the following option. This option can be combined with the `teacher` and `student` options.
+By default, all course states are selected.
+* `states <CourseStateList>` - Display courses with any of the specified states.
+
+By default, all count values are displayed, use `mincount <Integer>` to limit the display to those counts
+greater that or equal to the specified `<Integer>`.
+
+By default, Gam displays the counts as columns of fields; the following option causes the output to be in JSON format,
+* `formatjson` - Display the fields in JSON format.
+
+By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
+the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
+When using the `formatjson` option, double quotes are used extensively in the data resulting in hard to read/process output.
+The `quotechar <Character>` option allows you to choose an alternate quote character, single quote for instance, that makes for readable/processable output.
+`quotechar` defaults to `gam.cfg/csv_output_quote_char`. When uploading CSV files to Google, double quote `"` should be used.
+
+### Example
+For teachers in all active courses, print the number of classes for which they are a participant.
+```
+gam print coursecounts teachers states active
+```
+For teachers in all active courses, print the number of classes (if it is >= 5) for which they are a participant.
+```
+gam print coursecounts teachers states active mincount 5
+```

wiki/Cloud-Identity-Devices.md

@@ -40,6 +40,18 @@ Use `gam user user@domain.com update serviceaccount` and make sure that the foll
 * [Filters](https://support.google.com/a/answer/7549103)
 * [Device Search Fields](https://developers.google.com/admin-sdk/directory/v1/search-operators)
 
+Use this table to filter/query for specific device types:
+| Device Type | Filter/Query |
+|-------------|--------------|
+| ANDROID | type:android |
+| CHROME_OS | type:chromeos |
+| GOOGLE_SYNC | type:googlesync |
+| IOS | type:ios |
+| LINUX | type:linux |
+| MAC_OS | type:mac |
+| WINDOWS | type:windows |
+
+
 ## Definitions
 ```
 <AssetTag> ::= <String>
@@ -370,7 +382,6 @@ Windows Command Prompt
 for /f "delims=" %a in ('gam print deviceusers queries "'model:Mac'" showitemcountonly') do set count=%a
 ```
 
-
 ## Display device user client state
 ```
 gam info deviceuserstate <DeviceUserEntity> [clientid <String>] 
@@ -379,11 +390,11 @@ gam info deviceuserstate <DeviceUserEntity> [clientid <String>]
 ## Update device user client state
 The API that supports this command is in beta mode. In particular, setting `assettags` and `customvalues`
 works if you set the values once; each additional time you set values they are added to the existing values
-and they is no way at the moment to clear values.
+and the `clear` option does not work to clear values.
 ```
 gam update deviceuserstate <DeviceUserEntity> [clientid <String>] 
         [customid <String>] [assettags clear|<AssetTagList>]
         [compliantstate|compliancestate compliant|noncompliant] [managedstate clear|managed|unmanaged]
         [healthscore very_poor|poor|neutral|good|very_good] [scorereason clear|<String>]
-        (customvalue (bool|boolean <Boolean>)|(number <Integer>)|(string <String>))*
+        (customvalue clear|(bool|boolean <String> <Boolean>)|(number <String> <Integer>)|(string <String> <String>))*
 ```

wiki/Cloud-Identity-Groups-Membership.md

@@ -354,6 +354,8 @@ gam print cigroup-members [todrive <ToDriveAttribute>*]
         [minimal|basic|full]
         [(recursive [noduplicates]) | |includederivedmembership] [nogroupeemail]
         [memberemaildisplaypattern|memberemailskippattern <REMatchPattern>]
+        (addcsvdata <FieldName> <String>)*
+        [formatjson [quotechar <Character>]]
 ```
 By default, the group membership of all groups in the account are displayed, these options allow selection of subsets of groups:
 * `cimember <UserItem>` - Limit display to groups that contain `<UserItem>` as a member
@@ -414,6 +416,9 @@ has in any constituent group, it is not necessarily its role in the top group.
 The options `recursive noduplicates` and `includederivedmembership types user` return the same list of users.
 The `includederivedmembership` option makes less API calls but doesn't show level and subgroup information.
 
+Add additional columns of data from the command line to the output
+* `addcsvdata <FieldName> <String>`
+
 By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
 * `formatjson` - Display the fields in JSON format.
 

wiki/Cloud-Identity-Groups.md

@@ -322,6 +322,7 @@ gam print cigroups [todrive <ToDriveAttribute>*]
         [types <CIGroupMemberTypeList>]
         [memberemaildisplaypattern|memberemailskippattern <REMatchPattern>]
         [convertcrnl] [delimiter <Character>]
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [formatjson [quotechar <Character>]]
 ```
 By default, all groups in the account are displayed, these options allow selection of subsets of groups:
@@ -385,9 +386,15 @@ Members that have met the above qualifications to be displayed can be further qu
 * `memberemaildisplaypattern <REMatchPattern>` - Members with email addresses that match `<REMatchPattern>` will be displayed; others will not be displayed
 * `memberemailskippattern <REMatchPattern>` - Members with email addresses that match `<REMatchPattern>` will not be displayed; others will be displayed
 
+Add additional columns of data from the command line to the output
+* `addcsvdata <FieldName> <String>`
+
 By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
 * `formatjson` - Display the fields in JSON format.
 
+If `formatjson` and `addcsvdata` are specified, the option `includecsvdatainjson` causes GAM to add the
+additional field values to the JSON data.
+
 By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
 the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
 When using the `formatjson` option, double quotes are used extensively in the data resulting in hard to read/process output.

wiki/Domain-SharedContacts.md

@@ -29,11 +29,11 @@
 <UserGoogleDoc> ::=
         <EmailAddress> <DriveFileIDEntity>|<DriveFileNameEntity>|(<SharedDriveEntity> <SharedDriveFileNameEntity>)
 
-<NoteContent> ::=
-        ((<String>)|
-         (file <FileName> [charset <Charset>])|
-         (gdoc <UserGoogleDoc>)|
-         (gcsdoc <StorageBucketObjectName>))
+<ContactNoteContent> ::=
+        (<String>)|
+        (file|textfile <FileName> [charset <Charset>])|
+        (gdoc <UserGoogleDoc>)|
+        (gcsdoc <StorageBucketObjectName>)
 
 <Date> ::=
         <Year>-<Month>-<Day> |
@@ -79,7 +79,7 @@
         (mileage <String>)|
         (name <String>)|
         (nickname <String>)|
-        (note <NoteContent>)|
+        (note <ContactNoteContent>)|
         (occupation <String>)|
         (prefix <String>)|
         (priority low|normal|high)

wiki/GamUpdates.md

@@ -10,7 +10,221 @@ Add the `-s` option to the end of the above commands to suppress creating the `g
 
 See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
 
-### 7.28.05
+### 7.31.05
+
+Added option `variables <RESearchPattern>` to `gam select section <SectionName> verify` and `gam config verify`
+that causes GAM to only display variables with names selected by `<RESearchPattern>`.
+```
+gam select School verify variables "^(customer|domain)"
+Section: School
+  customer_id = C03abc123
+  domain = school.edu
+
+gam config verify variables  'dir'
+Section: DEFAULT
+  cache_dir = ~/GamConfig/gamcache ; /Users/gamteam/GamConfig/gamcache
+  config_dir = ~/GamConfig ; /Users/gamteam/GamConfig
+  drive_dir = ~/GamWork ; /Users/gamteam/GamWork
+  gmail_cse_incert_dir = ~/GmailCSE/Certs ; /Users/gamteam/GmailCSE/Certs
+  gmail_cse_inkey_dir = ~/GmailCSE/Keys ; /Users/gamteam/GmailCSE/Keys
+  input_dir = .
+```
+
+### 7.31.04
+
+Fixed bug in `gam report admin|chrome` that caused to events to not be displayed.
+
+Updated `gam <UserTypeEntity> print|show messages|threads ... query <QueryGmail>` to display the query.
+
+### 7.31.03
+
+Due to the following Calendar API update, the `gam <UserTypeEntity> transfer calendars` command has been removed.
+* See: https://developers.google.com/workspace/calendar/release-notes#October_27_2025
+Data ownership can be transferred in the Google Calendar UI.
+
+### 7.31.02
+
+Added the following options to `gam <UserTypeEntity> copy drivefile`
+to limit copying to those files owned by selected users.
+* `copysubfilesownedby users <EmailAddressList>` - Only files owned by users in `<EmailAddressList>` are copied.
+* `copysubfilesownedby notusers <EmailAddressList>` - Only files not owned by users in `<EmailAddressList>` are copied.
+* `copysubfilesownedby regex <REMatchPattern>` - Only files owned by users whose email addresses match `<REMatchPattern>` are copied.
+* `copysubfilesownedby notregex <REMatchPattern>` - Only files owned by users whose email addresses do not match `<REMatchPattern>` are copied.
+
+### 7.31.01
+
+Code cleanup for `addcsvdata <FieldName> <String>`.
+
+### 7.31.00
+
+Fixed bug in `gam report chrome (user <UserItem>)|(select <UserTypeEntity>)` where no activities were returned.
+`report chrome` does not use the parameter `userKey=<EmailAddress>` as do other applications but requires
+parameter `filter DEVICE_USER==<EmailAddress>`.
+
+Updated `gam report admin (user <UserItem>)|(select <UserTypeEntity>)` to use parameter `filter USER_EMAIL==<EmailAddress>`
+to display activiities affecting the user `<EmailAddress>`. Use option `userisactor` to use the parameter `userKey=<EmailAddress>`
+that displays activities where user `<EmailAddress>` executed the command that generated the activity.
+
+Fixed bug in `gam print cros|filelist|users ... (addcsvdata <FieldName> <String>)+ formatjson` where the `addcsvdata` columns
+were not displayed but the additional field values were included in the JSON data. Now, the `addcsvdata` columns
+are displayed but the additional field values are only included in the JSON data when option `includdecsvdatainjson` is specified.
+
+Added option `addcsvdata <FieldName> <String>` to `gam <UserTypeEntity> print cigroups|groups`
+that adds additional columns of data to the CSV file output.
+
+Added option `addcsvdata <FieldName> <String>` to `gam <UserTypeEntity> print cigroupmembere|group-members`
+that adds additional columns of data to the CSV file output.
+
+### 7.30.05
+
+Added option `gmaileventtypes <NumberRangeList>` to `gam report gmail` that can be used to limit the event types displayed.
+```
+<NumberRange> ::= <Number>|(<Number>/<Number>)
+<NumberRangeList> ::= "<NumberRange>(,<NumberRange>)*"
+
+gam report gmail user user@domain.com gmaileventtypes 1,10/11
+```
+* See: https://developers.google.com/workspace/admin/reports/v1/appendix/activity/gmail
+
+Updated sorting of column headers in `gam report <ActivityApplicationName>`.
+
+### 7.30.04
+
+Updated `gam report gmail` to avoid the following error when incomplete start/end time information is provided.
+```
+ERROR: Invalid request: Start time and end time should both be provided, and the scan duration should not be greater than 30 days.
+```
+* No time information provided - GAM sets `range -30d today`
+* Only `start <Time>`  provided - GAM sets `end <Time>+30d`
+* Only `end <Time>` provided - GAM sets `start <Time>-30d`
+
+### 7.30.03
+
+Updated `gam report <ActivityApplicationName>` to reflect the changes described here:
+* See: https://workspaceupdates.googleblog.com/2025/12/google-workspace-audit-log-api.html
+
+Added option `resourcedetailsfilter <String>` to `gam report <ActivityApplicationName>` described here:
+* See: https://developers.google.com/workspace/admin/reports/reference/rest/v1/activities/list#query-parameters
+
+For `gam <UserTypeEntity> print <Objects>`, expanded the list of `<Objects>` covered by `gam.cfg csv_output_users_audit = True`.
+
+### 7.30.02
+
+Added option `conferencedata meet <MeetID>` to `<EventAttribute>` that allows specifying
+a reference to an existing Google Meet when creating/updating a calendar event.
+
+Upgraded to Python 3.14.2.
+
+### 7.30.01
+
+Fixed bug introduced in 7.30.00 that caused errors when reading CSV files.
+
+Added the following options to `gam <UserTypeEntity> create focustime|outofoffice`:
+```
+((date yyyy-mm-dd)|
+ (range yyyy-mm-dd yyyy-mm-dd)|
+ (daily yyyy-mm-dd N)|
+ (weekly yyyy-mm-dd N))
+```
+
+Added the following options to `gam <UserTypeEntity> create focustime|outofoffice|workinglocation`:
+```
+noreminders|(reminder email|popup <Number>)+
+```
+
+### 7.30.00
+
+Added `input_dir` directory variable to `gam.cfg` that is used to select a directory for reading files with non-absolute file names.
+The default is an empty string that matches the current behavior where these files are read from the current working directory.
+This will be most useful in multiple domain situations where each domain will have distinct `drive_dir` and `input_dir` values.
+
+Added support for the new resource calendar setting `autoAcceptInvitations`.
+
+### 7.29.04
+
+Updated `gam delete chromepolicy chrome.users.apps.InstallType ou <OrgUnitItem> appid <AppID>`
+to allow deleting an app, i.e., explicitly remove it from management. `<OrgUnitItem>` must specify where it was added for management.
+
+### 7.29.03
+
+Remove debugging message from `gam <UserTypeEntity> move drivefile <DriveFileEntity>`.
+
+### 7.29.02
+
+Fixed bug in `gam <UserTypeEntity> move drivefile <DriveFileEntity>` where the following options
+were only applied to top level files or folders re-created in the destination. Now, domain
+and email address mappings apply to all moved files/folders.
+```
+excludepermissionsfromdomains <DomainNameList>
+includepermissionsfromdomains <DomainNameList>
+mappermissionsdomain <DomainName> <DomainName>
+mappermissionsemail <EmailAddress> <EmailAddress>
+mappermissionsemailfile <CSVFileInput> endcsv
+```
+
+Upgraded to Python 3.14.1.
+
+### 7.29.01
+
+Added option `oneitemperrow` to `gam <UserTypeEntity> print calendars ... permissions` to have each of a
+calendar's permissions displayed on a separate row with all of the other calendar fields.
+
+Updated `gam yubikey reset_piv` to handle YubiKey firmware updates that caused an error.
+
+### 7.29.00
+
+Added options `mappermissionsemail <EmailAddress> <EmailAddress>` and ` mappermissionsemailfile <CSVFileInput> endcsv`
+to these commands:
+```
+gam [<UserTypeEntity>] copy shareddriveacls <SharedDriveEntity> to <SharedDriveEntity>
+gam [<UserTypeEntity>] sync shareddriveacls <SharedDriveEntity> with <SharedDriveEntity>
+gam <UserTypeEntity> copy drivefile <DriveFileEntity>
+gam <UserTypeEntity> move drivefile <DriveFileEntity>
+```
+When `mappermissionsemail <EmailAddress> <EmailAddress>` is specifed, an ACL that references the first `<EmailAddress>`
+in the source will be modified to reference the second `<EmailAddress>` in the destination.
+
+Bulk permission email address mapping can be specified with `mappermissionsemailfile <CSVFileInput> endcsv`.
+`<CSVFileInput>` must include these columns: `sourceEmail` and `destinationEmail`.
+
+These options will be most useful with inter-workspace Shared Drive copies and moves.
+
+### 7.28.13
+
+Added option `addcsvdata <FieldName> <String>` to `gam <UserTypeEntity> print messages`
+that adds additional columns of data to the CSV file output.
+
+### 7.28.12
+
+Updated `gam delete project` to handle the following error:
+```
+ERROR: 400: failedPrecondition - Project not active
+```
+
+### 7.28.11
+
+Removed all options/fields referencing inheritance from `gam create|update|info|print org` as this option/field is deprecated.
+
+### 7.28.10
+
+Added a command `gam print course-counts` that dsplays the count of the number of courses in which a teacher or student is a participant.
+
+* See: https://github.com/GAM-team/GAM/wiki/Classroom-Membership#display-course-counts-for-teachers-students
+
+### 7.28.09
+
+Fixed bug in `gam print cigroups ... descriptionmatchpattern [not] <REMatchPattern>` that caused a trap.
+
+### 7.28.08
+
+Updated `gam <UserTypeEntity> print|show chatmessages` to cache the sender UID to email address
+map so that each sender UID only has to be looked up once; this improves performance.
+
+### 7.28.07
+
+Fixed bug in `gam report users ... aggregatebydate|aggregatebyuser` where `accounts:used_quota_in_percentage` was incorrectly displayed.
+
+### 7.28.06
 
 Updated	`gam <UserTypeEntity> info|print|show calendars` and
 `gam calendars <CalendarEntity> print|show settings` to display the

wiki/Groups-Membership.md

@@ -626,6 +626,7 @@ gam print group-members [todrive <ToDriveAttribute>*]
         [(recursive [noduplicates])|includederivedmembership] [nogroupemail]
         [peoplelookup|(peoplelookupuser <EmailAddress>)]
         [unknownname <String>] [cachememberinfo [Boolean]]
+        (addcsvdata <FieldName> <String>)*
         [formatjson [quotechar <Character>]]
 ```
 By default, the group membership of all groups in the account are displayed, these options allow selection of subsets of groups:
@@ -733,6 +734,9 @@ The options `recursive noduplicates` and `includederivedmembership types user no
 The `includederivedmembership` option makes less API calls but doesn't show level and subgroup information.
 Expanding a member of type CUSTOMER may produce a large volume of data as it will display all users in your domain.
 
+Add additional columns of data from the command line to the output
+* `addcsvdata <FieldName> <String>`
+
 By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
 * `formatjson` - Display the fields in JSON format.
 

wiki/Groups.md

@@ -474,6 +474,7 @@ gam print groups [todrive <ToDriveAttribute>*]
         [types <GroupMemberTypeList>]
         [memberemaildisplaypattern|memberemailskippattern <REMatchPattern>]
         [convertcrnl] [delimiter <Character>] [sortheaders]
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [formatjson [quotechar <Character>]]
 ```
 By default, all groups in the account are displayed, these options allow selection of subsets of groups:
@@ -569,9 +570,15 @@ Members that have met the above qualifications to be displayed can be further qu
 * `memberemaildisplaypattern <REMatchPattern>` - Members with email addresses that match `<REMatchPattern>` will be displayed; others will not be displayed
 * `memberemailskippattern <REMatchPattern>` - Members with email addresses that match `<REMatchPattern>` will not be displayed; others will be displayed
 
+Add additional columns of data from the command line to the output
+* `addcsvdata <FieldName> <String>`
+
 By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
 * `formatjson` - Display the fields in JSON format.
 
+If `formatjson` and `addcsvdata` are specified, the option `includecsvdatainjson` causes GAM to add the
+additional field values to the JSON data.
+
 By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
 the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
 When using the `formatjson` option, double quotes are used extensively in the data resulting in hard to read/process output.

wiki/Home.md

@@ -10,7 +10,36 @@ To run all commands properly, GAM7 requires three things:
 * A special service account that is authorized to act on behalf of your users in order to modify user-specific settings and data such as Drive files, Calendars and Gmail messages and settings like signatures.
 
 # Documentation
-See the sections in the right-hand column for documentation.
+
+## Update History
+A log of updates to GAM7.
+
+## Installation
+Instructions detailing ways of installing GAM7 and alternate installation issues.
+
+## Configuration
+Instructions detailing configuration of GAM7 and alternate authorization methods.
+
+## Notes and Information
+References to resources that enhance your use of GAM7.
+
+## Definitions
+BNF definitions of common items in the GAM7 command syntax.
+
+## Command Processing
+Information regarding use of command line options to control how GAM7 operates.
+
+## Collections
+BNF Syntax definitions of ways to specify multiple Googlw Workspace opjects.
+
+## Client Access
+Syntax, descriptions and examples of commands that are executed by your Google Workspace administrator.
+
+## Special Service Account Access
+How to set up a GAM7 Chat Bot; this is required to use the Chat API to manage Chat Spaces in your Google Workspace.
+
+## Service Account Access
+Syntax, descriptions and examples of commands that are executed on behalf of your Google Workspace users.
 
 # Installation
 * [How to Install GAM7](How-to-Install-GAM7)

wiki/How-to-Upgrade-Legacy-GAM-to-GAM7.md

@@ -252,10 +252,10 @@ writes the credentials into the file oauth2.txt.
 admin@server:/Users/admin$ rm -f /Users/admin/GAMConfig/oauth2.txt
 admin@server:/Users/admin$ gam version
 WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
-GAM 7.28.05 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.31.05 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
-Python 3.14.0 64-bit final
-macOS Tahoe 26.1 x86_64
+Python 3.14.2 64-bit final
+macOS Tahoe 26.2 x86_64
 Path: /Users/admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
 
@@ -990,9 +990,9 @@ writes the credentials into the file oauth2.txt.
 C:\>del C:\GAMConfig\oauth2.txt
 C:\>gam version
 WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
-GAM 7.28.05 - https://github.com/GAM-team/GAM - pythonsource
+GAM 7.31.05 - https://github.com/GAM-team/GAM - pythonsource
 GAM Team <google-apps-manager@googlegroups.com>
-Python 3.14.0 64-bit final
+Python 3.14.2 64-bit final
 Windows 11 10.0.26200 AMD64
 Path: C:\GAM7
 Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com

wiki/List-Items.md

@@ -77,6 +77,7 @@
 <MimeTypeNameList> ::= "<MimeTypeName>(,<MimeTypeName>)*"
 <NamespaceList> ::= "<Namespace>(,<Namespace>)*"
 <NotesNameList> ::= "<NotesName>(,<NotesName>)*"
+<NumberRangeList> ::= "<NumberRange>(,<NumberRange>)*"
 <OrgUnitList> ::= "<OrgUnitItem>(,<OrgUnitItem>)*"
 <OtherContactsResourceNameList> ::= "<OtherContactsResourceName>(,<OtherContactsResourceName>)*"
 <PeopleResourceNameList> ::= "<PeopleResourceName>(,<PeopleResourceName>)*"

wiki/Meta-Commands-and-File-Redirection.md

@@ -27,12 +27,13 @@ gam [<Select>] [showsections] [<SelectOutputFilter>|<SelectInputFilter>] [<Confi
 Select a section from gam.cfg and process a GAM command using values from that section.
 ```
 <Select> ::=
-        select <Section> [save] [verify]
+        select <Section> [save] [verify [variables <RESearchPattern>]]
 ```
 - `save`
   - Set `section = <Section>` in the `[DEFAULT]` section and write configuration data to gam.cfg
 - `verify`
   - Print the variable values for the selected section
+  - Use `variables <RESearchPattern>` to display variables with names selected by `<RESearchPattern>`
   - Values are determined in this order: Selected section, DEFAULT section, Program default
 
 If you enter `gam select <SectionName>` and nothing else on the command line,
@@ -80,7 +81,7 @@ Set variables in gam.cfg.
 
 ```
 <Config> ::=
-        config (<VariableName> [=] <Value>)* [save] [verify]
+        config (<VariableName> [=] <Value>)* [save] [verify [variables <RESearchPattern>]]
 ```
 - `<VariableName> [=] <Value>`
   - Set `<VariableName> = <Value>` in the current section
@@ -90,6 +91,7 @@ Set variables in gam.cfg.
   - Write configuration data to gam.cfg
 - `verify`
   - Print the variable values for the current section
+  - Use `variables <RESearchPattern>` to display variables with names selected by `<RESearchPattern>`
   - Values are determined in this order: Current section, DEFAULT section, Program default
 
 You can prefix `<Config>` with `<Select>` to set a variable in a particular section.

wiki/Organizational-Units.md

@@ -32,7 +32,6 @@
 <OrgUnitFieldName> ::=
         description|
         id|orgunitid|
-        inherit|blockinheritance|
         name|
         parentid|parentorgunitid|
         parent|parentorgunitpath|
@@ -73,18 +72,15 @@ For quoting rules, see: [List Quoting Rules](Command-Line-Parsing)
 Create, update and delete organization units.
 ```
 gam create org|ou <OrgUnitPath> [description <String>]
-        [parent <OrgUnitItem>] [inherit|(blockinheritance False)]
+        [parent <OrgUnitItem>]
         [buildpath]
 gam update org|ou <OrgUnitPath> [name <String>] [description <String>]
-        [parent <OrgUnitItem>] [inherit|(blockinheritance False)]
+        [parent <OrgUnitItem>]
 gam delete org|ou <OrgUnitPath>
 gam update orgs|ous <OrgUnitEntity> [name <String>] [description <String>]
-        [parent <OrgUnitItem>] [inherit|(blockinheritance False)]
+        [parent <OrgUnitItem>]
 gam delete orgs|ous <OrgUnitEntity>
 ```
-Inheritance specifies whether sub-OUs of the specified OU inherit its settings.
-* `inherit|blockinheritance false` - Sub-OUs inherit settings from the specified OU; this is the default
-
 ## Add users to an organizational unit
 When adding users to an OU, Gam uses a batch method to speed up processing. 
 

wiki/Other-Resources.md

@@ -14,5 +14,10 @@ Thank you.
 * Korey Rideout - https://chatgpt.com/g/g-PTxxnVPMG-gam-assist-now-turbocharged-with-gam7
 * Paul Ogier (Taming.Tech) - GAM7 Course on Udemy https://taming.tech/GAMCourse
 * Paul Ogier (Taming.Tech) - GAM7 Tutorials https://www.youtube.com/watch?v=g9LDeyXQNLI&list=PL_dLiK09pJVhKJxZHNk9CHK0q5hkZ856w
+* Paul Ogier (Taming.Tech) - Installation videos
+  * GAM7 Windows Install - https://www.youtube.com/watch?v=l8pTF5UWz7o&list=PL_dLiK09pJVhKJxZHNk9CHK0q5hkZ856w&index=4
+  * GAM7 macOS Install - https://www.youtube.com/watch?v=eaLWpxhC91w&list=PL_dLiK09pJVhKJxZHNk9CHK0q5hkZ856w&index=5
+  * GAM7 Ubuntu Linux Install - https://www.youtube.com/watch?v=zBwhNTxGlcM&list=PL_dLiK09pJVhKJxZHNk9CHK0q5hkZ856w&index=7
+  * GAM7 ChromeOS Install - https://www.youtube.com/watch?v=BNWQh8GqvgY&list=PL_dLiK09pJVhKJxZHNk9CHK0q5hkZ856w&index=6
 * Paul Ogier (Taming.Tech) - https://taming.tech/taming-gam-a-practical-guide-to-gam-and-gamadv-xtd3/
 * Steve Larsen - https://docs.google.com/spreadsheets/d/1MzzA-u-cmoQcJnQOovCnZcEKMjvOyFhfkdFdf10X_GI/edit

wiki/Reports.md

@@ -12,10 +12,14 @@
 - [User reports](#user-reports)
 
 ## API documentation
-Changes starting 2025-10-29.
+* [Activity Data Sources](https://support.google.com/a/answer/11482175)
 
+Changes starting 2025-10-29.
 * [Reports API - Admin log event changes](https://support.google.com/a/answer/16601511)
 
+Changes starting 2025-12-20
+* [Reports API - Admin log enhancements](https://workspaceupdates.googleblog.com/2025/12/google-workspace-audit-log-api.html)
+
 These pages show event/parameter names; scroll down in the left column to: Reports.
 
 * [Reports API - Activities](https://developers.google.com/admin-sdk/reports/v1/reference/activities)
@@ -24,6 +28,8 @@ These pages show event/parameter names; scroll down in the left column to: Repor
 
 ## Definitions
 ```
+<NumberRange> ::= <Number>|(<Number>/<Number>)
+<NumberRangeList> ::= "<NumberRange>(,<NumberRange>)*"
 <DayOfWeek> ::= mon|tue|wed|thu|fri|sat|sun
 <Time> ::=
         <Year>-<Month>-<Day>(<Space>|T)<Hour>:<Minute>:<Second>[.<MilliSeconds>](Z|(+|-(<Hour>:<Minute>))) |
@@ -45,53 +51,70 @@ config csv_output_row_filter "'\"accounts:used_quota_in_mb\":count>15000'"
 ## Activity reports
 ```
 <ActivityApplicationName> ::=
+        accessevaluation|
         accesstransparency|access|
         admin|
+        admindataaction|
+        assignments|
         calendar|calendars|
         chat|
         chrome|
         classroom|
+        cloudsearch|
+        contacts|
         contextawareaccess|
-        gplus|currents|google+|
+        datamigration|
         datastudio|
+        directorysync|
         drive|doc|docs|
         gcp|cloud|
         geminiinworkspaceapps|gemini|geminiforworkspace|
+        gmail|
+        gplus|currents|google+|
+        graduation|
         groups|group|
         groupsenterprise|enterprisegroups|
         jamboard|
         keep|
+        ldap|
         login|logins|
         meet|hangoutsmeet|
+        meethardware|
         mobile|devices|
+        profile|
         rules|
         saml|
+        takeout|
+        tasks|
         token|tokens|oauthtoken|
         useraccounts|
         vault
 
 gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
         [(user all|<UserItem>)|(orgunit|org|ou <OrgUnitPath> [showorgunit])|(select <UserTypeEntity>)]
+        [userisactor]
         [([start <Time>] [end <Time>])|(range <Time> <Time>)|
          yesterday|today|thismonth|(previousmonths <Integer>)]
         [filter <String> (filtertime<String> <Time>)*]
         [event|events <EventNameList>] [ip <String>]
-        [groupidfilter <String>]
+        [gmaileventtypes <NumberRangeList>]
+        [groupidfilter <String>] [resourcedetailsfilter <String>]
         [maxactivities <Number>] [maxevents <Number>] [maxresults <Number>]
         [countsonly [bydate|summary] [eventrowfilter]]
         (addcsvdata <FieldName> <String>)* [shownoactivities]
 ```
 Select the application with `<ActivityApplicationName>`.
 
-For all `<ActivityApplicationNames>` other than `admin`, select the users for whom information is desired.
+For all `<ActivityApplicationNames>`, select the users for whom information is desired.
 * `user all` - All users, the default; there is one API call
 * `user <UserItem>` - An individual user; there is one API call
 * `orgunit|org|ou <OrgUnitPath>` - All users in the specified OU; there is one API call
   * `showorgunit` - Add a column labelled `actor.orgUnitPath` to the output; an additional API call is made to get the email addresses of the users in `<OrgUnitPath>`
 * `select <UserTypeEntity>` - A selected collection of users, e.g., `select group staff@domain.com`; there is one API call per user
 
-For `<ActivityApplicationName>` `admin`, the users selected are the admins that executed the command, not the targeted user.
-Use `filter "USER_EMAIL==user@domain.com"` to select the targeted user.
+For `<ActivityApplicationName>` `admin` and `chrome`, `orgunit|org|ou <OrgUnitPath>` does not work, use `select ou <OrgUnitPath>`.
+
+For `<ActivityApplicationName>` `admin`, use option `userisactor` to  display activities where the user executed the command that generated the activity.
 
 Limit the time period.
 * `start <Time>`
@@ -102,6 +125,15 @@ Limit the time period.
 * `thismonth` - The current calendar month up to the current time
 * `previousmonths <Integer>` - A number in the range 1 to 6 indicating calendar months previous to the current month
 
+For `gam report gmail`, `start <Time>`  and `end <Time>`should both be provided, and the scan duration should not be greater than 30 days.
+GAM will supply missing values:
+* No time information provided - GAM sets `range -30d today`
+* Only `start <Time>`  provided - GAM sets `end <Time>+30d`
+* Only `end <Time>` provided - GAM sets `start <Time>-30d`
+
+For `gam report gmail`, `gmaileventtypes <NumberRangeList>` can be used to limit the event types displayed.
+* See: https://developers.google.com/workspace/admin/reports/v1/appendix/activity/gmail
+
 Apply API filters.
 * `filter|filters <String>` - `<String>` is a comma separated list of filter expressions.
 
@@ -110,6 +142,12 @@ The `filtertime<String> <Time>` value replaces the string `#filtertime<String>#`
 The characters following `filtertime` can be any combination of lowercase letters and numbers. This is most useful in scripts
 where you can specify a relative date without having to change the script.
 
+Limit to those users that are a member of at least one of a list of groups.
+* `groupidfilter <String>` - Format: "id:abc123,id:xyz456"
+
+Limit based on resource details.
+* `resourcedetailsfilter <String>` - See: https://developers.google.com/workspace/admin/reports/reference/rest/v1/activities/list#query-parameters
+
 You can use `config csv_output_row_filter` to filter the events if the API filter can't produce the results you want.
 
 Limit to a list of specific events.
@@ -118,9 +156,6 @@ Limit to a list of specific events.
 Limit to a specific IP address.
 * `ip <String>`
 
-Limit to those users that are a member of at least one of a list of groups.
-* `groupidfilter <String>` - Format: "id:abc123,id:xyz456"
-
 Limit the total number of activites.
 * `maxactivities <Number>`
 

wiki/Resources.md

@@ -84,6 +84,7 @@ See [Collections of Items](Collections-of-Items)
         (zipcode|postalcode <String>)
 
 <ResourceAttribute> ::=
+        (autoacceptinvitations [<Boolean>])|
         (addfeatures <FeatureNameList>)|
         (buildingid <BuildingID>)|
         (capacity <Number>)|
@@ -99,6 +100,7 @@ See [Collections of Items](Collections-of-Items)
 
 <ResourceFieldName> ::=
         acls|
+        autoacceptinvitations|
         buildingid|
         calendar|
         capacity|

wiki/Shared-Drives.md

@@ -41,6 +41,7 @@
 * [Move content to Shared Drives](https://support.google.com/a/answer/7374057)
 * [Shared Drive Limits](https://support.google.com/a/users/answer/7338880)
 * [Shared Drives in Org Units](https://support.google.com/a/answer/7337635)
+* [Shared Drive Restrictions](https://developers.google.com/workspace/drive/api/guides/manage-shareddrives#backward-compatibility)
 
 ## Query documentation
 * [Shared Drives Search](https://developers.google.com/drive/api/guides/search-shareddrives)
@@ -80,6 +81,15 @@
 <ColorValue> ::= <ColorName>|<ColorHex>
 ```
 ```
+<CSVFileInput> ::=
+        ((<FileName> [charset <Charset>] )|
+         (gsheet <UserGoogleSheet>)|
+         (gdoc <UserGoogleDoc>)|
+         (gcscsv <StorageBucketObjectName>)|
+         (gcsdoc <StorageBucketObjectName>))
+        [warnifnodata] [columndelimiter <Character>] [noescapechar <Boolean>] [quotechar <Character>]
+        [endcsv|(fields <FieldNameList>)]
+
 <JSONData> ::= (json [charset <Charset>] <String>) | (json file <FileName> [charset <Charset>]) |
 
 <OrganizerType> ::= user|group
@@ -94,7 +104,8 @@
 <REMatchPattern> ::= <RegularExpression>
 <RESearchPattern> ::= <RegularExpression>
 <RESubstitution> ::= <String>>
-
+```
+```
 <DriveFileOrderByFieldName> ::=
         createddate|createdtime|
         folder|
@@ -288,6 +299,10 @@ gam [<UserTypeEntity>] create shareddrive <Name>
 * `[restrictions.]<SharedDriveRestrictionsSubfieldName> <Boolean>` - Set Shared Drive Restrictions
 * `hide <Boolean>` - Set Shared Drive visibility
 
+`<SharedDriveRestrictionsSubfieldName>` `copyrequireswriterpermission` can not be used with
+`downloadrestrictedforreaders|downloadrestrictions.restrictedforreaders` or
+`downloadrestrictedforreadersdownloadrestrictions.restrictedforwriters`.
+
 If any attributes other than `themeid` are specified, GAM must create the Drive and then update the Drive attributes.
 Even though the Create API returns success, the Update API fails and reports that the Drive does not exist. 
 * `errorretries <Integer>` - Number of create/update error retries; default value 5, range 0-10
@@ -370,6 +385,10 @@ gam [<UserTypeEntity>] update shareddrive <SharedDriveEntity> [name <Name>]
 * `[restrictions.]<SharedDriveRestrictionsSubfieldName> <Boolean>` - Set Shared Drive Restrictions
 * `hidden <Boolean>` - Set Shared Drive visibility
 
+`<SharedDriveRestrictionsSubfieldName>` `copyrequireswriterpermission` can not be used with
+`downloadrestrictedforreaders|downloadrestrictions.restrictedforreaders` or
+`downloadrestrictedforreadersdownloadrestrictions.restrictedforwriters`.
+
 * `ou|org|orgunit <OrgUnitItem>` - See: https://workspaceupdates.googleblog.com/2022/05/shared-drives-in-organizational-units-open-beta.html
 
 This option is only available when the command is run as an administrator.
@@ -649,15 +668,23 @@ When deleting permissions from JSON data, permissions with role `owner` true are
 These commands are used to transfer ACLs from one Shared Drive to another.
 * `copy` - Copy all ACLs from the source Shared Drive to the target Shared Drive. The role of an existing ACL in the target Shared Drive will never be reduced.
 * `sync` - Add/delete/update ACLs in the target Shared Drive to match those in the source Shared Drive.
+
+* `<UserTypeEntity>` - Not Specified
+  * All Shared Drives must be in the same workspace as the admin in `oauth2.txt`.
+* `<UserTypeEntity>` - Specified
+  * `adminaccess|asadmin` specified - All Shared Drives must be in the same workspace as `<UserTypeEntity>`.
+  * `adminaccess|asadmin` not specified - Shared Drives can be in separate workspaces if `<UserTypeEntity>` in a manager of all of them.
 ```
 gam [<UserTypeEntity>] copy shareddriveacls <SharedDriveEntity> to <SharedDriveEntity>
         [showpermissionsmessages [<Boolean>]]
         [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
+        (mappermissionsemail <EmailAddress> <EmailAddress)* [mappermissionsemailfile <CSVFileInput> endcsv]
         (mappermissionsdomain <DomainName> <DomainName>)*
         [adminaccess|asadmin]
 gam [<UserTypeEntity>] sync shareddriveacls <SharedDriveEntity> with <SharedDriveEntity>
         [showpermissionsmessages [<Boolean>]]
         [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
+        (mappermissionsemail <EmailAddress> <EmailAddress)* [mappermissionsemailfile <CSVFileInput> endcsv]
         (mappermissionsdomain <DomainName> <DomainName>)*
         [adminaccess|asadmin]
 ```
@@ -665,8 +692,14 @@ When `excludepermissionsfromdomains <DomainNameList>` is specified, any ACL that
 
 When `includepermissionsfromdomains <DomainNameList>` is specified, only ACLs that reference a domain in `<DomainNameList>` will be copied.
 
+When `mappermissionsemail <EmailAddress> <EmailAddress>` is specifed, an ACL that references the first `<EmailAddress>` will be modified
+to reference the second `<EmailAddress>` when copied; the original ACL is not modified. The option can be repeated if multiple email addresses are to be mapped.
+
+Bulk permission email address mapping can be specified with `mappermissionsemailfile <CSVFileInput> endcsv`.
+`<CSVFileInput>` must include these columns: `sourceEmail` and `destinationEmail`.
+
 When `mappermissionsdomain <DomainName> <DomainName>` is specifed, any ACL that references the first `<DomainName>` will be modified
-to reference the second `<DonainName>` when copied; the original ACL is not modified. The option can be repeated if multiple domain names are to me mapped.
+to reference the second `<DomainName>` when copied; the original ACL is not modified. The option can be repeated if multiple domain names are to be mapped.
 
 ## Display Shared Drive access
 

wiki/Users-Calendars-Access.md

@@ -145,40 +145,8 @@ The `quotechar <Character>` option allows you to choose an alternate quote chara
 ## Transfer calendar ownership
 
 You can transfer ownership of calendars from one user to another; only non-primary calendars owned by the source user can be transferred.
-```
-gam <UserTypeEntity> transfer calendars|seccals <UserItem> [<UserCalendarEntity>]
-        [keepuser | (retainrole <CalendarACLRole>)] [sendnotifications <Boolean>]
-        [noretentionmessages]
-        [<CalendarSettings>] [append description|location|summary] [noupdatemessages]
-        [deletefromoldowner] [addtonewowner <CalendarAttribute>*] [nolistmessages]
-```
-If `<UserCalendarEntity>` is not specified, all of a user's owned secondary calendars will be transferrdd.
 
-By default, the users in `<UserTypeEntity>` retain no role in the transferred calendars.
-* `keepuser` - The users in `<UserTypeEntity>` retain their ownership.
-* `retainrole <CalendarACLRole>` - The users in `<UserTypeEntity>` retain the specified role.
-* `noretentionmessages` - Suppress the original owner role retention messages.
+This capability is no longer available, see: https://developers.google.com/workspace/calendar/release-notes#October_27_2025
 
-By default, when you add or update a calendar ACL, a notification is sent to the affected users; use `sendnotifications false` to suppress sending the notifications.
+Data ownership can be transferred in the Google Calendar UI.
 
-You can update calendar settings as part of the transfer. In description, location and summary, #email#, #user# and #username# will be replaced
-by the original owner's full email address or just the name portion; #timestamp# will be replaced by the current date and time.
-* `<CalendarSettings>` - The value specified will replace the existing value.
-* `append description|location|summary` - The specified <CalendarSettings> value will be appended to the existing value.
-* `noupdatemessages` - Suppress the settings update messages.
-
-You can manipulate the old and new owner's calendar lists.
-* `deletefromoldowner` - Delete the calendar from the old owner's calendar list
-* `addtonewowner <CalendarAttribute>*` - Add the calendar to the new owner's calendar list; optionally specify attributes
-* `nolistmessages` - Suppress the calendar list add/delete messages.
-
-### Example
-Transfer a secondary calendar from oldowner to newowner. Remove the calendar from the old owner's calendar list and add to the new owner's  calendar list.
-```
-gam user oldowner@domain.com transfer calendars newowner@domain.com c_aaa123zzz@group.calendar.google.com removefromoldowner addtonewowner
-```
-
-Transfer ownership of all non-primary calendars from oldowner to newowner; append a message to the calendar description noting the old owner and the time of transfer.
-```
-gam user oldowner@domain.com transfer calendars newowner@domain.com minaccessrole owner description "(Transferred from #user# on #timestamp#)" append description
-```

wiki/Users-Calendars-Events.md

@@ -114,6 +114,8 @@
 <CourseState> ::= active|archived|provisioned|declined
 <CourseStateList> ::= all|"<CourseState>(,<CourseState>)*"
 <iCalUID> ::= <String>
+<MeetID> ::= <String>
+       Must match this Python Regular Expression: [a-z]{3}-[a-z]{4}-[a-z]{3}
 <ResourceID> ::= <String>
 <ResourceIDList> ::= "<ResourceID>(,<ResourceID>)*"
 <UniqueID> ::= id:<String>
@@ -215,7 +217,8 @@
         endtimeunspecified|
         extendedproperties|
         eventtype|
-        <EventFocusTimePropertiesSubfieldName>
+        focustimeproperties|
+        <EventFocusTimePropertiesSubfieldName>|
         gadget|
         guestscaninviteothers|
         guestscanmodify|
@@ -229,7 +232,8 @@
         organizer|
         <EventOrganizerSubfieldName>|
         originalstart|originalstarttime|
-        <EventOutOfOfficePropertiesSubfieldName>
+        outofofficeproperties|
+        <EventOutOfOfficePropertiesSubfieldName>|
         privatecopy|
         recurrence|
         recurringeventid|
@@ -320,6 +324,7 @@
         (birthday <Date>)|
         (color <EventColorName>)|
         (colorindex|colorid <EventColorIndex>)|
+        (conferencedata meet <MeetID>)|
         (description <String>)|
         (end|endtime (allday <Date>)|<Time>)|
         (guestscaninviteothers <Boolean>)|
@@ -327,7 +332,7 @@
         (guestscanmodify <Boolean>)|
         (guestscanseeotherguests <Boolean>)|
         guestscantseeotherguests|
-        hangoutsmeet|
+        googlemeet|hangoutsmeet|
         <JSONData>|
         (jsonattendees [charset <Charset>] <String>)|
         (jsonattendees file <FileName> [charset <Charset>])|
@@ -368,7 +373,7 @@ The following attributes are equivalent:
         <EventAttribute>|
         clearattachments|
         clearattendees|
-        clearhangoutsmeet|
+        cleargooglemeet|clearhangoutsmeet|
         (clearprivateproperty <PropertyKey>)|
         clearresources|
         (clearsharedproperty <PropertyKey>)|
@@ -718,7 +723,7 @@ properly processed.
 ```
 gam <UserTypeEntity> update calattendees <UserCalendarEntity> <EventEntity> [anyorganizer]
         [<EventNotificationAttribute>] [splitupdate] [dryrun|doit]
-        (csv|csvfile <CSVFileInput>)
+        (csv|csvfile <CSVFileInput> endcsv)
         (delete <EmailAddress>)*
         (deleteentity <EmailAddressEntity>)*
         (add <EmailAddress>)*
@@ -774,27 +779,43 @@ The attendee changes are displayed but not processed unless `doit` is specified.
 ## Focus time events
 
 ## Manage focus time events
-You can create and delete focus time events; they can not be updated.
-To update a focus time event, delete the focus time event and recreate it.
+To update a focus time event, see: [Update calendar events](#update-calendar-events)
 ```
 gam <UserTypeEntity> create focustime
         [chatstatus available|donotdisturb]|
         [declinemode none|all|new] [declinemessage <String>]|
         [summary <String>]
-        (timerange <Time> <Time>
-        (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)*
+        ((date yyyy-mm-dd)|
+         (range yyyy-mm-dd yyyy-mm-dd)|
+         (daily yyyy-mm-dd <Number>)|
+         (weekly yyyy-mm-dd <Number>)|
+         (timerange <Time> <Time> (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)*))+
+        [timezone <String>]
+        (noreminders|(reminder email|popup <Number>)+)
 
 gam <UserTypeEntity> delete focustime
-        (timerange <Time> <Time>)+
+        ((date yyyy-mm-dd)|
+         (range yyyy-mm-dd yyyy-mm-dd)|
+         (daily yyyy-mm-dd <Number>)|
+         (weekly yyyy-mm-dd <Number>)|
+         (timerange <Time> <Time>))+
 ```
 
-focus time events span a time range:
+Focus time events span a time range:
+* `date yyyy-mm-dd` - A specific day
+* `range yyyy-mm-dd yyyy-mm-dd` - Every day in the range
+* `daily yyyy-mm-dd <Number>` - Every day starting on the date for `<Number>` total days
+* `weekly yyyy-mm-dd <Number>` - A day per week starting on the date for `<Number>` total weeks
 * `timerange <Time> <Time>` - A time range, may span multiple days
 
 ## Display focus time events
 ```
 gam <UserTypeEntity> show focustime
-        (timerange <Time> <Time>)+
+        ((date yyyy-mm-dd)|
+         (range yyyy-mm-dd yyyy-mm-dd)|
+         (daily yyyy-mm-dd <Number>)|
+         (weekly yyyy-mm-dd <Number>)|
+         (timerange <Time> <Time>))+
         [showdayofweek]
         [formatjson]
 ```
@@ -805,7 +826,11 @@ By default, Gam displays the information as an indented list of keys and values.
 
 ```
 gam <UserTypeEntity> print focustime
-        (timerange <Time> <Time>)+
+        ((date yyyy-mm-dd)|
+         (range yyyy-mm-dd yyyy-mm-dd)|
+         (daily yyyy-mm-dd <Number>)|
+         (weekly yyyy-mm-dd <Number>)|
+         (timerange <Time> <Time>))+
         [showdayofweek]
         [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
 ```
@@ -825,27 +850,39 @@ The `quotechar <Character>` option allows you to choose an alternate quote chara
 ## Out of office events
 
 ## Manage out of office events
-You can create and delete out of office events; they can not be updated.
-To update an out of office event, delete the out of office event and recreate it.
+To update an out of office event, see: [Update calendar events](#update-calendar-events)
 ```
 gam <UserTypeEntity> create outofoffice
         [declinemode none|all|new]
         [declinemessage <String>]
         [summary <String>]
-        (timerange <Time> <Time>
-        (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)*
+        ((date yyyy-mm-dd)|
+         (range yyyy-mm-dd yyyy-mm-dd)|
+         (daily yyyy-mm-dd <Number>)|
+         (weekly yyyy-mm-dd <Number>)|
+         (timerange <Time> <Time> (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)*))+
+        [timezone <String>]
+        (noreminders|(reminder email|popup <Number>)+)
 
 gam <UserTypeEntity> delete outofoffice
         (timerange <Time> <Time>)+
 ```
 
 Out of office events span a time range:
+* `date yyyy-mm-dd` - A specific day
+* `range yyyy-mm-dd yyyy-mm-dd` - Every day in the range
+* `daily yyyy-mm-dd <Number>` - Every day starting on the date for `<Number>` total days
+* `weekly yyyy-mm-dd <Number>` - A day per week starting on the date for `<Number>` total weeks
 * `timerange <Time> <Time>` - A time range, may span multiple days
 
 ## Display out of office events
 ```
 gam <UserTypeEntity> show outofoffice
-        (timerange <Time> <Time>)+
+        ((date yyyy-mm-dd)|
+         (range yyyy-mm-dd yyyy-mm-dd)|
+         (daily yyyy-mm-dd <Number>)|
+         (weekly yyyy-mm-dd <Number>)|
+         (timerange <Time> <Time>))+
         [showdayofweek]
         [formatjson]
 ```
@@ -856,6 +893,11 @@ By default, Gam displays the information as an indented list of keys and values.
 
 ```
 gam <UserTypeEntity> print outofoffice
+        ((date yyyy-mm-dd)|
+         (range yyyy-mm-dd yyyy-mm-dd)|
+         (daily yyyy-mm-dd <Number>)|
+         (weekly yyyy-mm-dd <Number>)|
+         (timerange <Time> <Time>))+
         (timerange <Time> <Time>)+
         [showdayofweek]
         [formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
@@ -888,7 +930,9 @@ gam <UserTypeEntity> create workinglocation
          (range yyyy-mm-dd yyyy-mm-dd)|
          (daily yyyy-mm-dd <Number>)|
          (weekly yyyy-mm-dd <Number>)|
-         (timerange <Time> <Time>))+
+         (timerange <Time> <Time> (recurrence <RRULE, EXRULE, RDATE and EXDATE line>)*))+
+        [timezone <String>]
+        (noreminders|(reminder email|popup <Number>)+)
 
 gam <UserTypeEntity> delete workinglocation
         ((date yyyy-mm-dd)|

wiki/Users-Calendars.md

@@ -42,12 +42,14 @@
         editor|freebusy|freebusyreader|owner|reader|writer
 
 <CalendarSettings> ::=
+        (autoacceptinvitations [<Boolean>])|
         (description <String>)|
         (location <String>)|
         (summary <String>)|
         (timezone <TimeZone>)
 
 <CalendarSettingsField> ::=
+        autoacceptinvitations|3
         conferenceproperties|
         dataowner|
         description|
@@ -288,11 +290,10 @@ By default, Gam displays the information as an indented list of keys and values.
 gam <UserTypeEntity> print calendars [todrive <ToDriveAttribute>*]
          [primary] <CalendarSelectProperty>*
          [noprimary] [nogroups] [noresources] [nosystem] [nousers]
-         [fields <CalendarListFieldList>] [permissions]
+         [fields <CalendarListFieldList>] [permissions] [oneitemperrow]
          [formatjson] [delimiter <Character>] [quotechar <Character>]
 ```
 By default, information for all visible, non-deleted calendars is shown.
-* `permissions` adds permission information for user owned calendars to the output.
 * `primary` - Limits the selection to the user's primary calendar
 * `<CalendarSelectProperty>`
     * `minaccessrole <CalendarACLRole>`- Limits the selection to those calendars where the user's role is at least `<CalendarACLRole>`
@@ -303,6 +304,8 @@ By default, information for all visible, non-deleted calendars is shown.
 * `noresources` - Do not display resource calendars, email address ends in "@resource.calendar.google.com"
 * `nosystem` - Do not display system calendars, email address ends in "@group.v.calendar.google.com"
 * `nousers` - Do not display users calendars, email address ends in `domain` value from `gam.cfg`.
+* `permissions` Adds permission information for user owned calendars to the output.
+* `oneitemperrow` - Each permission is output on a separate row with all of the other calendar fields.
 
 By default, list items are separated by the `csv_output_field_delimiter' from `gam.cfg`.
 * `delimiter <Character>` - Separate list items with `<Character>`

wiki/Users-Drive-Copy-Move.md

@@ -26,6 +26,15 @@
 * [`<UserTypeEntity>`](Collections-of-Users)
 
 ```
+<CSVFileInput> ::=
+        ((<FileName> [charset <Charset>] )|
+         (gsheet <UserGoogleSheet>)|
+         (gdoc <UserGoogleDoc>)|
+         (gcscsv <StorageBucketObjectName>)|
+         (gcsdoc <StorageBucketObjectName>))
+        [warnifnodata] [columndelimiter <Character>] [noescapechar <Boolean>] [quotechar <Character>]
+        [endcsv|(fields <FieldNameList>)]
+
 <RegularExpression> ::= <String>
         See: https://docs.python.org/3/library/re.html
 <REMatchPattern> ::= <RegularExpression>
@@ -38,7 +47,8 @@
 <EmailAddress> ::= <String>@<DomainName>
 <UniqueID> ::= id:<String>
 <UserItem> ::= <EmailAddress>|<UniqueID>|<String>
-
+```
+```
 <DriveFileACLRole> ::=
         manager|organizer|owner|
         contentmanager|fileorganizer|
@@ -90,7 +100,12 @@ gam <UserTypeEntity> copy drivefile <DriveFileEntity>
         [skipids <DriveFileEntity>]
         [copysubfiles [<Boolean>]] [filenamematchpattern <REMatchPattern>]
              [filemimetype [not] <MimeTypeList>]
-        [copysubfilesownedby any|me|others]
+        [copysubfilesownedby
+            any|me|others|
+            users <EmailAddressList>|
+            notusers <EmailAddressList>|
+            regex <REMatchPattern>|
+            notregex <REMatchPattern>]
         [copysubfolders [<Boolean>]] [foldernamematchpattern <REMatchPattern>]
         [copysubshortcuts [<Boolean>]] [shortcutnamematchpattern <REMatchPattern>]
         [duplicatefiles overwriteolder|overwriteall|duplicatename|uniquename|skip]
@@ -114,6 +129,7 @@ gam <UserTypeEntity> copy drivefile <DriveFileEntity>
         [copysheetprotectedrangesinheritedpermissions [<Boolean>]]
         [copysheetprotectedrangesnoninheritedpermissions [<Boolean>]]
         [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
+        (mappermissionsemail <EmailAddress> <EmailAddress)* [mappermissionsemailfile <CSVFileInput> endcsv]
         (mappermissionsdomain <DomainName> <DomainName>)*
         [sendemailifrequired [<Boolean>]]
         [verifyorganizer [<Boolean>]]
@@ -177,9 +193,13 @@ You can specify `<REMatchPattern>` patterns that limit the items copied based on
 * `shortcutnamematchpattern <REMatchPattern>` - Only shortcuts whose name matches `<REMatchPattern>` are copied
 
 ### By default, when copying sub files, all files, regardless of ownership, are copied.
-* `copysubfilesownedby any` - All files, regardless of ownership, are copied.
+* `copysubfilesownedby any` - All files, regardless of ownership, are copied; this is the default.
 * `copysubfilesownedby me` - Only files owned by `<UserTypeEntity>`  are copied.
 * `copysubfilesownedby others` - Only files not owned by `<UserTypeEntity>`  are copied.
+* `copysubfilesownedby users <EmailAddressList>` - Only files owned by users in `<EmailAddressList>` are copied.
+* `copysubfilesownedby notusers <EmailAddressList>` - Only files not owned by users in `<EmailAddressList>` are copied.
+* `copysubfilesownedby regex <REMatchPattern>` - Only files owned by users whose email addresses match `<REMatchPattern>` are copied.
+* `copysubfilesownedby notregex <REMatchPattern>` - Only files owned by users whose email addresses do not match `<REMatchPattern>` are copied.
 
 ### Specify a new name for the file/folder
 * `newfilename <DriveFileName>` - The copied file/folder will be named `<DriveFileName>`
@@ -313,8 +333,14 @@ When `excludepermissionsfromdomains <DomainNameList>` is specified, any ACL that
 
 When `includepermissionsfromdomains <DomainNameList>` is specified, only ACLs that reference a domain in `<DomainNameList>` will be copied.
 
+When `mappermissionsemail <EmailAddress> <EmailAddress>` is specifed, an ACL that references the first `<EmailAddress>` will be modified
+to reference the second `<EmailAddress>` when copied; the original ACL is not modified. The option can be repeated if multiple email addresses are to be mapped.
+
+Bulk permission email address mapping can be specified with `mappermissionsemailfile <CSVFileInput> endcsv`.
+`<CSVFileInput>` must include these columns: `sourceEmail` and `destinationEmail`.
+
 When `mappermissionsdomain <DomainName> <DomainName>` is specified, any ACL that references the first `<DomainName>` will be modified
-to reference the second `<DomainName>` when copied; the original ACL is not modified. The option can be repeated if multiple domain names are to me mapped.
+to reference the second `<DomainName>` when copied; the original ACL is not modified. The option can be repeated if multiple domain names are to be mapped.
 
 When copying an ACL that references a non Google account, an error is generated unless an email is sent to the account;
 by default, no email notifications are sent. The `sendemailifrequired` options instructs GAM to send an email notification in this case.
@@ -542,8 +568,8 @@ gam <UserTypeEntity> move drivefile <DriveFileEntity> [newfilename <DriveFileNam
         [copysubfolderinheritedpermissions [<Boolean>]]
         [copysubfoldernoninheritedpermissions never|always|syncallfolders|syncupdatedfolders]
         [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
+        (mappermissionsemail <EmailAddress> <EmailAddress)* [mappermissionsemailfile <CSVFileInput> endcsv]
         (mappermissionsdomain <DomainName> <DomainName>)*
-        [updatefilepermissions [<Boolean>]]
         [retainsourcefolders [<Boolean>]]
         [sendemailifrequired [<Boolean>]]
         [verifyorganizer [<Boolean>]]
@@ -666,8 +692,14 @@ When `excludepermissionsfromdomains <DomainNameList>` is specified, any ACL that
 
 When `includepermissionsfromdomains <DomainNameList>` is specified, only ACLs that reference a domain in `<DomainNameList>` will be copied.
 
+When `mappermissionsemail <EmailAddress> <EmailAddress>` is specifed, an ACL that references the first `<EmailAddress>` will be modified
+to reference the second `<EmailAddress>` when copied; the original ACL is not modified. The option can be repeated if multiple email addresses are to be mapped.
+
+Bulk permission email address mapping can ge specified with `mappermissionsemailfile <CSVFileInput> endcsv`.
+`<CSVFileInput>` must include these columns: `sourceEmail` and `destinationEmail`.
+
 When `mappermissionsdomain <DomainName> <DomainName>` is specified, any ACL that references the first `<DomainName>` will be modified
-to reference the second `<DomainName>` when copied; the original ACL is not modified. The option can be repeated if multiple domain names are to me mapped.
+to reference the second `<DomainName>` when copied; the original ACL is not modified. The option can be repeated if multiple domain names are to be mapped.
 
 When copying an ACL that references a non Google account, an error is generated unless an email is sent to the account;
 by default, no email notifications are sent. The `sendemailifrequired` options instructs GAM to send an email notification in this case.
@@ -684,8 +716,14 @@ When `excludepermissionsfromdomains <DomainNameList>` is specified, any ACL that
 
 When `includepermissionsfromdomains <DomainNameList>` is specified, any ACLs that references a domain not in `<DomainNameList>` will be removed.
 
+When `mappermissionsemail <EmailAddress> <EmailAddress>` is specifed, an ACL that references the first `<EmailAddress>` will be removed;
+a new ACL with the same properties referencing the second `<EmailAddess>` will be created. The option can be repeated if multiple domain names are to be mapped.
+
+Bulk email address mapping can ge specified with `mappermissionsemailfile <CSVFileInput> endcsv`.
+`<CSVFileInput>` must include these columns: `sourceEmail` and `destinationEmail`.
+
 When `mappermissionsdomain <DomainName> <DomainName>` is specified, any ACL that references the first `<DomainName>` will be removed;
-a new ACL with the same properties referencing the second `<DomainName>` will be created. The option can be repeated if multiple domain names are to me mapped.
+a new ACL with the same properties referencing the second `<DomainName>` will be created. The option can be repeated if multiple domain names are to be mapped.
 
 When creating an ACL that references a non Google account, an error is generated unless an email is sent to the account;
 by default, no email notifications are sent. The `sendemailifrequired` options instructs GAM to send an email notification in this case.

wiki/Users-Drive-Files-Display.md

@@ -752,7 +752,7 @@ The option `showlastmodification` displays the following fields:
 `lastModifiedFileId,lastModifiedFileName,lastModifiedFileMimeType,lastModifiedFilePath,lastModifyingUser,lastModifiedTime`;
 these are for the most recently modified file.
 
-For print filecouts, add additional columns of data from the command line to the output:
+For print filecounts, add additional columns of data from the command line to the output:
 * `addcsvdata <FieldName> <String>` - Add additional columns of data from the command line to the output
 
 See [Select files for Display file counts, list, tree](#select-files-for-display-file-counts-list-tree)
@@ -1103,7 +1103,7 @@ gam <UserTypeEntity> print|show filelist [todrive <ToDriveAttribute>*]
         [showparentsidsaslist] [showpermissionslast]
         (orderby <DriveFileOrderByFieldName> [ascending|descending])* [delimiter <Character>]
         [stripcrsfromname]
-        (addcsvdata <FieldName> <String>)*
+        (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
         [formatjson [quotechar <Character>]]
 ```
 By default, `print filelist` displays all files owned by the specified [`<UserTypeEntity>`](https://github.com/GAM-team/GAM/wiki/Collections-of-Users)
@@ -1214,7 +1214,6 @@ If no query or select is performed, use these options to get file path informati
 * `filepath|fullpath` - For files and folders, display the full path(s) to them starting at the root (My Drive)
 * `addpathstojson` - When this option and `formatjson` are specified, the path information will be included in the
 JSON data rather than as additional columns
-* `addcsvdata <FieldName> <String>` - Add additional columns of data from the command line to the output
 
 When used with `filepath` or `fullpath`, `showdepth` will display a `depth` column.
 Files/folders directly in `My Drive` are at depth 0, the depth increases by 1
@@ -1308,9 +1307,15 @@ Use the `countsrowfilter` option to have GAM to apply `config csv_output_row_fil
 The `stripcrsfromname` option strips nulls, carriage returns and linefeeds from drive file names.
 This option is special purpose and will not generally be used.
 
+Add additional columns of data from the command line to the output
+* `addcsvdata <FieldName> <String>` - Add additional columns of data from the command line to the output
+
 By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
 * `formatjson` - Display the fields in JSON format.
 
+If `formatjson` and `addcsvdata` are specified, the option `includecsvdatainjson` causes GAM to add the
+additional field values to the JSON data.
+
 By default, when writing CSV files, Gam uses a quote character of double quote `"`. The quote character is used to enclose columns that contain
 the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
 When using the `formatjson` option, double quotes are used extensively in the data resulting in hard to read/process output.

wiki/Users-Drive-Permissions.md

@@ -234,7 +234,6 @@ The option `updatesheetprotectedranges` only applies to items in `<DriveFileEnti
     * ACLs with role reader or commenter will be removed from existing protected ranges
     * ACLs with role writer or higher will be added to existing protected ranges
 
-`
 `enforceexpansiveaccess` defaults to the value of `gam.cfg/enforce_expansive_access` that controls
 the ability to update inherited ACLs.
 * False - Inherited ACLs can be updated
@@ -261,7 +260,7 @@ The option `updatesheetprotectedranges` only applies to items in `<DriveFileEnti
     * ACLs with any role will be removed from existing protected ranges
 
 `enforceexpansiveaccess` defaults to the value of `gam.cfg/enforce_expansive_access` that controls
-the ability to delete delete inherited ACLs.
+the ability to delete inherited ACLs.
 * False - Inherited ACLs can be deleted
 * True = Inherited ACLs can not be deleted
 
@@ -308,7 +307,7 @@ gam <UserTypeEntity> delete permissions <DriveFileEntity> <DriveFilePermissionID
         [enforceexpansiveaccess [<Boolean>]]
 ```
 `enforceexpansiveaccess` defaults to the value of `gam.cfg/enforce_expansive_access` that controls
-the ability to delete delete inherited ACLs.
+the ability to delete inherited ACLs.
 * False - Inherited ACLs can be deleted
 * True = Inherited ACLs can not be deleted
 

wiki/Users-Gmail-Messages-Threads.md

@@ -589,9 +589,9 @@ gam <UserTypeEntity> show messages|threads
          [labelids <LabelIDList>]
          [quick|notquick] [max_to_show <Number>] [includespamtrash])|(ids <MessageIDEntity>)
         [labelmatchpattern <REMatchPattern>] [sendermatchpattern <REMatchPattern>]
-        [countsonly|positivecountsonly] [useronly]
+        [countsonly|positivecountsonly]
         [headers all|<SMTPHeaderList>] [dateheaderformat iso|rfc2822|<String>] [dateheaderconverttimezone [<Boolean>]]
-        [showlabels] [delimiter <Character>] [showbody] [showhtml] [showdate] [showsize] [showsnippet]
+        [showlabels] [useronly] [delimiter <Character>] [showbody] [showhtml] [showdate] [showsize] [showsnippet]
         [maxmessagesperthread <Number>]
         [showattachments [attachmentnamepattern <REMatchPattern>>] [noshowtextplain]]
         [saveattachments [attachmentnamepattern <REMatchPattern>>]]
@@ -601,12 +601,13 @@ gam <UserTypeEntity> print messages|threads [todrive <ToDriveAttribute>*]
          [labelids <LabelIDList>]
          [quick|notquick] [max_to_print <Number>] [includespamtrash])|(ids <MessageIDEntity>)
         [labelmatchpattern <REMatchPattern>] [sendermatchpattern <REMatchPattern>]
-        [countsonly|positivecountsonly] [useronly]
+        [countsonly|positivecountsonly]
         [headers all|<SMTPHeaderList>] [dateheaderformat iso|rfc2822|<String>] [dateheaderconverttimezone [<Boolean>]]
-        [showlabels] [delimiter <Character>] [showbody] [showhtml] [showdate] [showsize] [showsnippet]
+        [showlabels] [useronly] [delimiter <Character>] [showbody] [showhtml] [showdate] [showsize] [showsnippet]
         [maxmessagesperthread <Number>]
         [showattachments [attachmentnamepattern <REMatchPattern>>]]
         [convertcrnl]
+        (addcsvdata <FieldName> <String>)*
 ```
 ## Display all messages
 By default, Gam displays all messages.
@@ -692,6 +693,7 @@ The `dateheaderconverttimezone [<Boolean>]>` option converts `<SMTPDateHeader>`
 ## Print only options
 These options are valid with `print`.
 * `convertcrnl` - In the message body, convert carriage returns to `\r` and newlines to `\n`; the default value is `csv_output_convert_cr_nl` from `gam.cfg`.
+* `addcsvdata <FieldName> <String>` - Add additional columns of data from the command line to the output
 
 By default, message attachment information is not displayed.
 * `showattachments` - Display attachment filename, MIME type and size

wiki/Users-Keep-Notes.md

@@ -40,12 +40,12 @@ gam user user@domain.com update serviceaccount
 <JSONData> ::=
         (json [charset <Charset>] <String>) | (json file <FileName> [charset <Charset>]) |
 
-<NoteContent> ::=
-        ((text <String>)|
-         (textfile <FileName> [charset <Charset>])|
-         (gdoc <UserGoogleDoc>)|
-         (gcsdoc <StorageBucketObjectName>)|
-         <JSONData>)
+<KeepNoteContent> ::=
+        (text <String>)|
+        (textfile <FileName> [charset <Charset>])|
+        (gdoc <UserGoogleDoc>)|
+        (gcsdoc <StorageBucketObjectName>)|
+        <JSONData>
 
 <NotesName> ::= notes/<String>
 <NotesNameList> ::= "<NotesName>(,<NotesName)*"
@@ -84,11 +84,11 @@ you will use wherever `<NotesName>` is required.
 ```
 gam <UserTypeEntity> create note [title <String>]
         [missingtextvalue <String>]
-        <NoteContent>
+        <KeepNoteContent>
         [copyacls [copyowneraswriter]]
         [compact|formatjson|nodetails]
 ```
-`<NoteContent>` is the note text, there are four ways to specify it:
+`<KeepNoteContent>` is the note text, there are four ways to specify it:
 * `message|textmessage|htmlmessage <String>` - Use `<String>` as the note text
 * `file|htmlfile <FileName> [charset <Charset>]` - Read the note text from `<FileName>`
 * `gdoc|ghtml <UserGoogleDoc>` - Read the note text from `<UserGoogleDoc>`

wiki/Users-Photo.md

@@ -20,7 +20,7 @@
 ```
 gam <UserTypeEntity> update photo
 ```
-* The default file is named `#email#.#ext#` in the current working directory.
+* The default file is named `#email#.jpg` in the current working directory.
     * `#email#` will be replaced by the user's full email address
 
 ## Upload a user's photo specifying file name

wiki/Users-Shared-Drives.md

@@ -15,6 +15,7 @@
 - [Display Shared Drive Counts](#display-shared-drive-counts)
 - [Display Shared Drive Organizers](#display-shared-drive-organizers)
 - [Manage Shared Drive access](#manage-shared-drive-access)
+- [Transfer Shared Drive access](#transfer-shared-drive-access)
 - [Display Shared Drive access](#display-shared-drive-access)
   - [Display Shared Drive access for specific Shared Drives](#display-shared-drive-access-for-specific-shared-drives)
   - [Display Shared Drive access for selected Shared Drives](#display-shared-drive-access-for-selected-shared-drives)
@@ -72,6 +73,15 @@
 <ColorValue> ::= <ColorName>|<ColorHex>
 ```
 ```
+<CSVFileInput> ::=
+        ((<FileName> [charset <Charset>] )|
+         (gsheet <UserGoogleSheet>)|
+         (gdoc <UserGoogleDoc>)|
+         (gcscsv <StorageBucketObjectName>)|
+         (gcsdoc <StorageBucketObjectName>))
+        [warnifnodata] [columndelimiter <Character>] [noescapechar <Boolean>] [quotechar <Character>]
+        [endcsv|(fields <FieldNameList>)]
+
 <JSONData> ::= (json [charset <Charset>] <String>) | (json file <FileName> [charset <Charset>]) |
 
 <OrganizerType> ::= user|group
@@ -86,7 +96,8 @@
 <REMatchPattern> ::= <RegularExpression>
 <RESearchPattern> ::= <RegularExpression>
 <RESubstitution> ::= <String>>
-
+```
+```
 <DriveFileOrderByFieldName> ::=
         createddate|createdtime|
         folder|
@@ -516,6 +527,40 @@ When adding permissions from JSON data, permissions with `deleted` true are neve
 
 When deleting permissions from JSON data, permissions with role `owner` true are never processed.
 
+## Transfer Shared Drive access
+These commands are used to transfer ACLs from one Shared Drive to another.
+* `copy` - Copy all ACLs from the source Shared Drive to the target Shared Drive. The role of an existing ACL in the target Shared Drive will never be reduced.
+* `sync` - Add/delete/update ACLs in the target Shared Drive to match those in the source Shared Drive.
+
+* `adminaccess|asadmin` specified - All Shared Drives must be in the same workspace as `<UserTypeEntity>`.
+* `adminaccess|asadmin` not specified - Shared Drives can be in separate workspaces if `<UserTypeEntity>` in a manager of all of them.
+```
+gam <UserTypeEntity> copy shareddriveacls <SharedDriveEntity> to <SharedDriveEntity>
+        [showpermissionsmessages [<Boolean>]]
+        [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
+        (mappermissionsemail <EmailAddress> <EmailAddress)* [mappermissionsemailfile <CSVFileInput> endcsv]
+        (mappermissionsdomain <DomainName> <DomainName>)*
+        [adminaccess|asadmin]
+gam <UserTypeEntity> sync shareddriveacls <SharedDriveEntity> with <SharedDriveEntity>
+        [showpermissionsmessages [<Boolean>]]
+        [excludepermissionsfromdomains|includepermissionsfromdomains <DomainNameList>]
+        (mappermissionsemail <EmailAddress> <EmailAddress)* [mappermissionsemailfile <CSVFileInput> endcsv]
+        (mappermissionsdomain <DomainName> <DomainName>)*
+        [adminaccess|asadmin]
+```
+When `excludepermissionsfromdomains <DomainNameList>` is specified, any ACL that references a domain in `<DomainNameList>` will not be copied.
+
+When `includepermissionsfromdomains <DomainNameList>` is specified, only ACLs that reference a domain in `<DomainNameList>` will be copied.
+
+When `mappermissionsemail <EmailAddress> <EmailAddress>` is specifed, an ACL that references the first `<EmailAddress>` will be modified
+to reference the second `<EmailAddress>` when copied; the original ACL is not modified. The option can be repeated if multiple email addresses are to be mapped.
+
+Bulk permission email address mapping can be specified with `mappermissionsemailfile <CSVFileInput> endcsv`.
+`<CSVFileInput>` must include these columns: `sourceEmail` and `destinationEmail`.
+
+When `mappermissionsdomain <DomainName> <DomainName>` is specifed, any ACL that references the first `<DomainName>` will be modified
+to reference the second `<DomainName>` when copied; the original ACL is not modified. The option can be repeated if multiple domain names are to be mapped.
+
 ## Display Shared Drive access
 
 These commands are used to display the ACLs on Shared Drives themselves, not the files/folders on the Shared Drives.

wiki/Users.md

@@ -231,6 +231,11 @@ When specifying a `<UserMultiAttribute>` you have to specify all instances; ther
 
 You can remove all instances of a `<UserMultiAttribute>` with `<UserClearAttribute>`.
 ```
+<UserNoteContent> ::=
+        <String>|
+        (file|textfile|htmlfile <FileName> [charset <Charset>])|
+        (gdoc|ghtml <UserGoogleDoc>)
+         
 <UserBasicAttribute> ::=
         (archive|archived <Boolean>)|
         (changepassword|changepasswordatnextlogin <Boolean>)|
@@ -244,9 +249,7 @@ You can remove all instances of a `<UserMultiAttribute>` with `<UserClearAttribu
         (ipwhitelisted <Boolean>)|
         (language clear|<LanguageList>)|
         (lastname|familyname <String>)|
-        (note clear|([text_html|text_plain] <String>|
-                                            (file|htmlfile <FileName> [charset <Charset>])|
-                                            (gdoc|ghtml <UserGoogleDoc>)))|
+        (note clear|([text_html|text_plain] <UserNoteContent>))|
         (org|ou|orgunitpath <OrgUnitPath>|<OrgUnitID>)
         (password (random [<Integer>])|(uniquerandom [<Integer>])|
                   blocklogin|
@@ -1055,7 +1058,7 @@ gam print users [todrive <ToDriveAttribute>*]
         [delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
         [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
         [issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
-        [showvalidcolumn] (addcsvdata <FieldName> <String>)*
+        [showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
 ```
 
 By default, users in all domains in the account are selected; these options allow selection of subsets of users:
@@ -1081,7 +1084,7 @@ gam print users [todrive <ToDriveAttribute>*] select <UserTypeEntity>
         [delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
         [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
         [issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
-        [showvalidcolumn] (addcsvdata <FieldName> <String>)*
+        [showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
 
 gam <UserTypeEntity> print users [todrive <ToDriveAttribute>*]
         [orderby <UserOrderByFieldName> [ascending|descending]]
@@ -1095,7 +1098,7 @@ gam <UserTypeEntity> print users [todrive <ToDriveAttribute>*]
         [delimiter <Character>] [sortheaders [<Boolean>]] [scalarsfirst [<Boolean>]]
         [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
         [issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
-        [showvalidcolumn] (addcsvdata <FieldName> <String>)*
+        [showvalidcolumn] (addcsvdata <FieldName> <String>)* [includecsvdatainjson [<Boolean>]]
 ```
 
 By default, Gam gets no group membership information for each user. The `groups` and `groupsincolumns`
@@ -1164,6 +1167,9 @@ Add additional columns of data from the command line to the output
 By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format:
 * `formatjson` - Display the fields in JSON format.
 
+If `formatjson` and `addcsvdata` are specified, the option `includecsvdatainjson` causes GAM to add the
+additional field values to the JSON data.
+
 When you perform `gam print users` with the following `todrive` options to update a sheet within a Google Sheets file:
 `tdfileid <DriveFileID> tdsheet <SheetEntity> tdupdatesheet`
 and your data includes international phone numbers that start with a plus sign, Google Sheets generates a `Formula parse error`

wiki/Using-GAM7-with-a-YubiKey.md

@@ -29,23 +29,32 @@ No, because the YubiKey generated the private key it cannot be digitally exporte
 When using domain-wide delegation with GAM7, the service account and anyone possessing the service account private key oauth2service.json file has access to the Gmail, Drive and Calendar data of ALL Workspace users in your domain. For this reason, whether using a YubiKey or not, you should take strong measures to protect the service account private key.
 
 ## Setup Steps
-1 .Upgrade to the [latest version of GAM7](https://github.com/GAM-team/GAM/wiki/How-to-Update-GAM7).
-2. **If you are using a new YubiKey or don't care about the PIV app data on the YubiKey**
-    1. Tell GAM7 to reset and configure the PIV app data on the YubiKey. This wipes all existing keys and configuration and then configures a private key and PIN for GAM7.
+
+1. Upgrade to the [latest version of GAM7](https://github.com/GAM-team/GAM/wiki/How-to-Update-GAM7).
+
+2. If you are using a new YubiKey or don't care about the PIV app data on the YubiKey:
+   
+    a. Tell GAM7 to reset and configure the PIV app data on the YubiKey. This wipes all existing keys and configuration and then configures a private key and PIN for GAM7.
+
       * Single YubiKey - `gam yubikey reset_piv`
+
       * Multiple YubiKeys - `gam yubikey reset_piv yubikeyserialnumber <Number>`
-    2. During the PIV reset, GAM7 will print out a PIN for the private key, record this key.
-4. **If you are already using the YubiKey and wish to preserve the PIV app data and keys**
-    1. You need to configure one of the PIV slots for a private key GAM7 can use.
+
+    b. During the PIV reset, GAM7 will print out a PIN for the private key, record this key.
+
+3. OR if you are already using the YubiKey and wish to preserve the PIV app data and keys
+
+    a. You need to configure one of the PIV slots for a private key GAM7 can use.
       * [ykman piv keys generate](https://docs.yubico.com/software/yubikey/tools/ykman/PIV_Commands.html#ykman-piv-keys-options-command-args)
         `ykman piv keys generate -P <Text> --pin-policy ALWAYS --touch-policy NEVER --algorithm RSA2048 9a new_pubkey.txt`
       * Use `9a` for the `AUTHENTICATION` slot, `9c` for the `SIGNATURE` slot
-    2. You need to generate a certificate for that slot.
+
+    b. You need to generate a certificate for that slot.
       * [ykman piv certificates generate](https://docs.yubico.com/software/yubikey/tools/ykman/PIV_Commands.html#ykman-piv-certificates-generate-options-slot-public-key)
         `ykman piv certificates generate -P <Text> --subject "GAM Service Account" -d 36500 9a new_pubkey.txt`
       * Use `9a` for the `AUTHENTICATION` slot, `9c` for the `SIGNATURE` slot
 
-5. Now that you have a private key on your YubiKey, tell GAM7 to use that instead of the private_key stored in oauth2service.json. We can do that by rotating the key:
+4. Now that you have a private key on your YubiKey, tell GAM7 to use that instead of the private_key stored in oauth2service.json. We can do that by rotating the key:
 ```
 copy oauth2service.json to oauth2service.save
 gam create sakey yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
@@ -58,10 +67,10 @@ copy oauth2service.json to oauth2service.yk
 copy oauth2service.save to oauth2service.json
 ```
 
-6. Now you should be able to run GAM7 commands like:
+5. Now you should be able to run GAM7 commands like:
 ```
 gam user admin@example.com check serviceaccount
 ```
 and see the YubiKey lights flash as the YubiKey interacts with GAM7 to sign the GAM7 authentication requests. If you look at the oauth2service.json file, you'll see it contains some new fields like yubikey_serial and yubikey_pin but no longer contains the private_key field where GAM7 would normally store the private key data.
 
-7. As a last step, since YubiKey-stored private keys do not need to be and should not be rotated, you can remove the service account's permissions to change it's own key. Navigate to the [Cloud Console](https://console.cloud.google.com/iam-admin/serviceaccounts) select the correct project and service account and on the Permissions tab, edit and remove the "Service Account Key Admin" permission that the service account has to itself.
+6. As a last step, since YubiKey-stored private keys do not need to be and should not be rotated, you can remove the service account's permissions to change it's own key. Navigate to the [Cloud Console](https://console.cloud.google.com/iam-admin/serviceaccounts) select the correct project and service account and on the Permissions tab, edit and remove the "Service Account Key Admin" permission that the service account has to itself.

wiki/Version-and-Help.md

@@ -3,22 +3,22 @@
 Print the current version of Gam with details
 ```
 gam version
-GAM 7.28.05 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.31.05 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
-Python 3.14.0 64-bit final
-macOS Tahoe 26.1 x86_64
+Python 3.14.2 64-bit final
+macOS Tahoe 26.2 x86_64
 Path: /Users/Admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
-Time: 2023-06-02T21:10:00-07:00
+Time: 2025-12-23T13:57:00-08:00
 ```
 
 Print the current version of Gam with details and time offset information
 ```
 gam version timeoffset
-GAM 7.28.05 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.31.05 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
-Python 3.14.0 64-bit final
-macOS Tahoe 26.1 x86_64
+Python 3.14.2 64-bit final
+macOS Tahoe 26.2 x86_64
 Path: /Users/Admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
 Your system time differs from www.googleapis.com by less than 1 second
@@ -27,13 +27,13 @@ Your system time differs from www.googleapis.com by less than 1 second
 Print the current version of Gam with extended details and SSL information
 ```
 gam version extended
-GAM 7.28.05 - https://github.com/GAM-team/GAM - pyinstaller
+GAM 7.31.05 - https://github.com/GAM-team/GAM - pyinstaller
 GAM Team <google-apps-manager@googlegroups.com>
-Python 3.14.0 64-bit final
-macOS Tahoe 26.1 x86_64
+Python 3.14.2 64-bit final
+macOS Tahoe 26.2 x86_64
 Path: /Users/Admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
-Time: 2023-06-02T21:10:00-07:00
+Time: 2025-12-23T13:57:00-08:00
 Your system time differs from admin.googleapis.com by less than 1 second
 OpenSSL 3.5.3 16 Sep 2025
 arrow 1.3.0
@@ -68,7 +68,7 @@ MacOS High Sierra 10.13.6 x86_64
 Path: /Users/Admin/bin/gam7
 Version Check:
   Current: 5.35.08
-   Latest: 7.28.05
+   Latest: 7.31.05
 echo $?
 1
 ```
@@ -76,7 +76,7 @@ echo $?
 Print the current version number without details
 ```
 gam version simple
-7.28.05
+7.31.05
 ```
 In Linux/MacOS you can do:
 ```
@@ -86,13 +86,13 @@ echo $VER
 Print the current version of Gam and address of this Wiki
 ```
 gam help
-GAM 7.28.05 - https://github.com/GAM-team/GAM
+GAM 7.31.05 - https://github.com/GAM-team/GAM
 GAM Team <google-apps-manager@googlegroups.com>
-Python 3.14.0 64-bit final
-macOS Tahoe 26.1 x86_64
+Python 3.14.2 64-bit final
+macOS Tahoe 26.2 x86_64
 Path: /Users/Admin/bin/gam7
 Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, customer_id: my_customer, domain: domain.com
-Time: 2023-06-02T21:10:00-07:00
+Time: 2025-12-23T13:57:00-08:00
 Help: Syntax in file /Users/Admin/bin/gam7/GamCommands.txt
 Help: Documentation is at https://github.com/GAM-team/GAM/wiki
 ```

wiki/foo.lst

@@ -1 +0,0 @@
-ChromeOS-Devices.md Classroom-Courses.md Classroom-Membership.md Classroom-StudentGroups.md Cloud-Identity-Devices.md Cloud-Identity-Groups.md Domains.md GamUpdates.md Groups.md Mobile-Devices.md Organizational-Units.md Resources.md Shared-Drives.md Users-Shared-Drives.md Users.md

wiki/gam.cfg.md

@@ -1,7 +1,9 @@
 # GAM Configuration
 - [Introduction](#introduction)
 - [Variables](#variables)
+- [Set configuration variables](#set-configuration-variables)
 - [Multiple Computers](#multiple-computers)
+- [Separate Staff-Student Domains](#separate-staff-student-domains)
 - [Multiple Customers and Domains](#multiple-customers-and-domains)
 - [Multiple Users-Projects on One Computer](#multiple-users-projects-on-one-computer)
 
@@ -275,7 +277,8 @@ csv_output_row_limit
         Default: 0
 csv_output_sort_headers
         A list of column headers that causes GAM to sort CSV output rows by those headers.
-        The column headers are case insensitive and if column header does not appear in the CSV output, it is ignored.
+        The column headers are case insensitive and if column header does not appear in the CSV output,
+        it is ignored.
         Default: Blank
 csv_output_subfield_delimiter
         Character used to delimit fields and subfields in headers when writing CSV files;
@@ -289,8 +292,6 @@ csv_output_timestamp_column
 csv_output_users_audit
         Gam print commands that print objects belonging to users
         don't print rows for users that don't have any of the objects.
-        The objects are: calendars, calendar ACLs, calendar events, delegates, filters,
-        forwarding addresses, sendas addresses, S/MIME certificates and tokens.
         When csv_output_users_audit is true, a placeholder row will be output with the
         user's email address; these rows will useful for auditing purposes only,
         they can not be successfuly used in a gam csv command.
@@ -316,7 +317,7 @@ domain
         Default: Blank
         Environment variable: GA_DOMAIN
 drive_dir
-        Directory for get drivefile and CSV files
+        Output directory for files with non-absolute file names.
         Default: ~/Downloads
         Environment variable: GAMDRIVEDIR
 drive_max_results
@@ -342,7 +343,8 @@ enable_dasa
         customer_id may not be set to my_customer
         Signal file: OldGamPath/enabledasa.txt
 enforce_expansive_access
-        The default value for option `enforceexpansiveaccess` in all commands that delete or update drive file ACLs/permissions.
+        The default value for option `enforceexpansiveaccess` in all commands that delete or update
+        drive file ACLs/permissions.
         gam <UserTypeEntity> delete permissions
         gam <UserTypeEntity> delete drivefileacl
         gam <UserTypeEntity> update drivefileacl
@@ -364,8 +366,13 @@ gmail_cse_incert_dir
         Directory for the S/MIME certificate files used by Gmail Client Side Encryption.
         Default: Blank
 gmail_cse_inkey_dir
-        Directory for the Key Access Control List (KACL) wrapped private key data files used by Gmail Client Side Encryption.
+        Directory for the Key Access Control List (KACL) wrapped private key data files used by
+        Gmail Client Side Encryption.
         Default: Blank
+input_dir
+        Input directory for files with non-absolute file names.
+	The default 
+        Default: .
 inter_batch_wait
         When processing items in batches, how many seconds should GAM wait between batches
         Default: 0
@@ -377,7 +384,8 @@ license_max_results
         Range: 10 - 1000
 license_skus
         A comma separated list of license SKUs; when getting licenses, only these SKUs will be processed.
-        Each item in the list can be a <SKUID> which will be validated or <ProductID>/<SKUID> which will not
+        Each item in the list can be a <SKUID> which will be validated or
+        a <ProductID>/<SKUID> which will not be validated.
         Default: Blank
 meet_v2_beta
         Enable/disable use of Meet API v2 beta for additional Chat Space parameters.
@@ -495,8 +503,9 @@ print_cros_ous_and_children
         This allows predefining the list of org units so they don't have to be specified in each command.
         Default: Blank
 process_wait_limit
-        When processing batch/CSV files, how long (in seconds) GAM should wait for all batch|csv processes to complete
-        after all have been started. If the limit is reached, GAM terminates any remaining processes.
+        When processing batch/CSV files, how long (in seconds) GAM should wait for all
+        batch|csv processes to complete after all have been started.
+        If the limit is reached, GAM terminates any remaining processes.
         Default: 0: no limit
         Range: 0 - Unlimited
 quick_cros_move
@@ -564,10 +573,10 @@ timezone
         to your local timezone. If you are running GAM on a remote computer or on a
         cloud shell, "local" will mean the time at the remote/cloud shell computer,
         not your location, Use "+|-hh:mm" to specify the timezone at your location.
-	Starting with version 7.21.00 you can use a timezone name.
+	Starting with version 7.21.00 you can use a timezone name; the names are case sensitive.
         See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
         Default: utc
-        Range: utc|z|local|(+|-hh:mm)I<ValidTimezoneName>
+        Range: utc|z|local|(+|-hh:mm)|<ValidTimezoneName>
 tls_max_version
         Allowed values: '', tlsv1_2, tlsv1.2, tlsv1_3, tlsv1.3
         The maximum TLS version to use in https connections
@@ -577,10 +586,12 @@ tls_min_version
         The minimum TLS version to use in https connections
         Default: ''
 todrive_clearfilter
-        Enable/disable clearing the spreadsheet basic filter when uploading data to an existing sheet in an existing file.
+        Enable/disable clearing the spreadsheet basic filter when uploading data to an existing sheet in
+        an existing file.
         Default: False
 todrive_clientaccess
-        Enable/disable use of client access rather than service account access when uploading files with todrive
+        Enable/disable use of client access rather than service account access when uploading files
+        with todrive
         Default: False
 todrive_conversion
         Enable/disable conversion of CSV files to Google Sheets when todrive is specified
@@ -621,7 +632,7 @@ todrive_timeformat
         Default: '' which selects an ISO format timestamp
         Example: %Y-%m-%dT%H:%M:%S will display as 2020-07-06T17:48:54
 todrive_timezone
-        The Spreadsheet settings Timezone value.
+        The Spreadsheet settings Timezone value; the values are case sensitive.
         See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
         Default: ''
 todrive_upload_nodata
@@ -631,8 +642,9 @@ todrive_user
         Email address of user to receive CSV files when todrive is specified
         Default: '' which becomes admin user in admin_email or address from oauth2.txt
 truncate_client_id
-        Prior to version 6.74.00, GAM stripped '.apps.googleusercontent.com' from the client_id in oauth2.txt
-        and passed the truncated value in API calls; this is no longer performed unless truncate_client_id is true
+        Prior to version 6.74.00, GAM stripped '.apps.googleusercontent.com' from the client_id
+        in oauth2.txt and passed the truncated value in API calls; this is no longer performed
+        unless truncate_client_id is true
         Default: False
 update_cros_ou_with_id
         Update the OU of a Chromebook with the OU ID rather than the OU path.
@@ -670,7 +682,7 @@ user_service_account_access_only
 ```
 This is sample output:
 ```
-$gam select default verify.
+$gam select default verify
 Config File: /Users/admin/.gam/gam.cfg, Initialized
 Section: DEFAULT
   activity_max_results = 100
@@ -797,6 +809,33 @@ Section: DEFAULT
   user_service_account_access_only = false
 ```
 
+## Set configuration variables
+You can set variables in gam.cfg with an editor or from the command line with GAM.
+
+```
+<Config> ::=
+        config (<VariableName> [=] <Value>)* [save] [verify [variables <RESearchPattern>]]
+```
+- `<VariableName> [=] <Value>`
+  - Set `<VariableName> = <Value>` in the current section
+  - All `<VariableNames>` except section are allowed.
+  - The `=` is optional but must be surrounded by spaces if included.
+- `save`
+  - Write configuration data to gam.cfg
+- `verify`
+  - Print the variable values for the current section
+  - Use `variables <RESearchPattern>` to display variables with names selected by `<RESearchPattern>`
+  - Values are determined in this order: Current section, DEFAULT section, Program default
+
+You can prefix `<Config>` with `<Select>` to set a variable in a particular section.
+* `select default <Config>` - Set a variable in the `DEFAULT` section
+* `select xyz <Config>` - Set a variable in the `xyz` section
+
+For example, to set yiur workspace Customer ID and domain name:
+```
+gam config customer_id C0123abc domain mydomain.org save
+```
+
 ## Multiple Computers
 You can install GAM on multiple computers, all using the same project. After installing GAM on your
 initial computer, follow these quidelines.
@@ -816,6 +855,26 @@ Edit `gam.cfg` on the other computer
     * config_dir
     * drive_dir
 
+## Separate Staff-Student Domains
+Suppose you have a single workspace with separate staff and student domains; e.g., school.org and students.school.org.
+You can simplifiy typing email addresses by making two sections.
+
+```
+[DEFAULT]
+customer_id = C1234567
+[staff]
+domain = school.org
+[students]
+domain = students.school.org
+```
+To issue commands about staff users, do: `gam config staff save`
+Subsequent commands can omit `@school.org` from email addresses, GAM will supply `@school.org`.
+
+To issue commands about student users, do: `gam config students save`
+Subsequent commands can omit `@students.school.org` from email addresses, GAM will supply `@students.school.org`.
+
+You can always type a complete email address if desired.
+
 ## Multiple Customers and Domains
 There are four arguments to GAM that should simplify how you use GAM with multiple clients/domains.
 Each client/domain will have a section in gam.cfg that sets the values specific to it.
@@ -824,7 +883,7 @@ it's how you quickly switch from from one client to another.
 
 The arguments are optional, must appear in this order and must be the first arguments before any other GAM arguments.
 ```
-select <Section> [save] [verify]
+select <Section> [save] [verify [variables <RESearchPattern>]]
         Use <Section> from gam.cfg for the current GAM command.
         <Section> is case-sensitive except for DEFAULT which is case-insensitive.
     save
@@ -832,6 +891,7 @@ select <Section> [save] [verify]
         Write configuration data to gam.cfg
     verify
         Print the variable values for the current section
+        Use `variables <RESearchPattern>` to display variables with names selected by `<RESearchPattern>`
         Values are determined in this order: Current section, DEFAULT section, Program default
 ```
 Display all of the sections in gam.cfg and mark the currently selected section with a *.
@@ -840,7 +900,7 @@ showsections
 ```
 The config argument is used to set selected variables in gam.cfg via the command line.
 ```
-config [<VariableName> [=] <Value>]* [save] [verify]
+config [<VariableName> [=] <Value>]* [save] [verify [variables <RESearchPattern>]]
     <VariableName> [=] <Value>
         Set <VariableName> = <Value> in the current section
         All <VariableNames> except section are allowed.
@@ -849,6 +909,7 @@ config [<VariableName> [=] <Value>]* [save] [verify]
         Write configuration data to gam.cfg
     verify
         Print the variable values for the current section
+        Use `variables <RESearchPattern>` to display variables with names selected by `<RESearchPattern>`
         Values are determined in this order: Current section, DEFAULT section, Program default
 
 redirect csv <FileName> [multiprocess] [append] [noheader] [charset <Charset>] [columndelimiter <Character>]