0

Lets say I am building an application which allows users to submit code reviews. Some users are allowed to review the submitted reviews. Others are allowed to delete them for various reasons, etc.

Can the Google Directory API be used to assign such privileges to users that have logged into my application using Google Sign In/OpenID Connect?

The key here is that the privileges are not used for doing Google specific stuff, but for actions in my own application domain.

If not, is there any other Google API available that allows me to assign role based access/user privileges to any Google user?

On a side note: I am using Google Apps For Work and would like to have such a privilege system for all employees.

Thijs Riezebeek
  • 1,762
  • 1
  • 15
  • 22

1 Answers1

0

I think Directory API has the Managing Roles which you can use.

Here's a part that might be of interest:

Admin Console UI Functionality Privileges Needed

Organization Units - Read ORGANIZATION_UNITS_RETRIEVE
Organization Units - Create ORGANIZATION_UNITS_RETRIEVE + ORGANIZATION_UNITS_CREATE
Organization Units - Update ORGANIZATION_UNITS_RETRIEVE + ORGANIZATION_UNITS_UPDATE
Organization Units - Delete ORGANIZATION_UNITS_RETRIEVE + ORGANIZATION_UNITS_DELETE
Organization Units ORGANIZATION_UNITS_ALL
Users - Read USERS_RETRIEVE + ORGANIZATION_UNITS_RETRIEVE
Users - Create USERS_CREATE + USERS_UPDATE + ORGANIZATION_UNITS_RETRIEVE
Users - Update USERS_UPDATE + ORGANIZATION_UNITS_RETRIEVE
Users - Move Users USERS_MOVE + USERS_RETRIEVE + ORGANIZATION_UNITS_RETRIEVE
Users - Rename Users USERS_ALIAS + USERS_RETRIEVE + ORGANIZATION_UNITS_RETRIEVE
Users - Reset Password USERS_RESET_PASSWORD + USERS_RETRIEVE + ORGANIZATION_UNITS_RETRIEVE
Users - Force Password Change USERS_FORCE_PASSWORD_CHANGE + USERS_RETRIEVE + ORGANIZATION_UNITS_RETRIEVE
Users - Add/Remove Aliases USERS_ADD_NICKNAME + USERS_RETRIEVE + ORGANIZATION_UNITS_RETRIEVE
Users - Suspend Users USERS_SUSPEND + USERS_RETRIEVE + ORGANIZATION_UNITS_RETRIEVE
GROUPS GROUPS_ALL
Security - User Security Management USER_SECURITY_ALL + USERS_RETRIEVE + ORGANIZATION_UNITS_RETRIEVE

Check the docs for additional info.

ReyAnthonyRenacia
  • 17,219
  • 5
  • 37
  • 56