List users as non admin with custom fields

Question

As per the documentation, I should be able to get a list of users with a custom schema as long as the field in the schema has a value of ALL_DOMAIN_USERS in the readAccessType property. That is the exact set up I have in the admin console; Moreover, when I perform a get request to the schema get endpoint for the schema in question, I get confirmation that the schema fields are set to ALL_DOMAIN_USERS in the readAccessType property.

The problem is when I perform a users list request, I don't get the custom schema in the response. The request is the following:

GET /admin/directory/v1/users?customer=my_customer&projection=full&query=franc&viewType=domain_public 
HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: Bearer fakeTokena0AfH6SMD6jF2DwJbgiDZ

The response I get back is the following:

{
  "nextPageToken": "tokenData", 
  "kind": "admin#directory#users", 
  "etag": "etagData", 
  "users": [
    {
      "externalIds": [
        {
          "type": "organization", 
          "value": "value"
        }
      ], 
      "organizations": [
        {
          "department": "department", 
          "customType": "", 
          "name": "Name", 
          "title": "Title"
        }
      ], 
      "kind": "admin#directory#user", 
      "name": {
        "fullName": "Full Name", 
        "givenName": "Full", 
        "familyName": "Name"
      }, 
      "phones": [
        {
          "type": "work", 
          "value": "(999)999-9999"
        }
      ], 
      "thumbnailPhotoUrl": "https://photolinkurl", 
      "primaryEmail": "user@domain.com", 
      "relations": [
        {
          "type": "manager", 
          "value": "user@domain.com"
        }
      ], 
      "emails": [
        {
          "primary": true, 
          "address": "user@domain.com"
        }
      ], 
      "etag": "etagData", 
      "thumbnailPhotoEtag": "photoEtagData", 
      "id": "xxxxxxxxxxxxxxxxxx", 
      "addresses": [
        {
          "locality": "Locality", 
          "region": "XX", 
          "formatted": "999 Some St Some State 99999", 
          "primary": true, 
          "streetAddress": "999 Some St", 
          "postalCode": "99999", 
          "type": "work"
        }
      ]
    }
  ]
}

However, if I perform the same request with a super admin user, I get an extra property in the response:

  "customSchemas": {
    "Dir": {
      "fieldOne": false,
      "fieldTwo": "value",
      "fieldThree": value
    }
  }

My understanding is that I should get the custom schema with a non admin user as long as the custom schema fields are set to be visible by all domain users. This is not happening. I opened a support ticket with G Suite but the guy that provided "support", send me in this direction. I believe this is a bug or maybe I overlooked something.

Do you specify the `domain` in you list request? Are you listing both as super admin and non admin the same user and did you assign the custom scheme in question correctly to the user after creating the custom scheme? I assume you created the scheme as specified [here](https://support.google.com/a/answer/6208725?hl=en). — ziganotschka, Jul 07 '20 at 15:17
@ziganotschka I did not specify the domain, since it is not necessary but when I do, the result does not change. I am using two different users with the request, one is a super admin, the other is not. The non-super admin user is not getting the expected result. Yes, I created the custom schema as specified in the documentation you referenced. — Morfinismo, Jul 07 '20 at 15:33
This is strange, because with the same request and parameters like you I can retrieve as domain user the domain-accessible customSchemas without issues. Is your non-super admin user still a domain user? — ziganotschka, Jul 07 '20 at 16:09
@ziganotschka Yes, the non-super admin user is a domain user with a GSuite licence and everything. I even tried it with two different non-admin users. That's why I strongly suspect this is a bug concerning the G Suite account but G Suite support won't help me. Are you able to provide assistance? — Morfinismo, Jul 07 '20 at 18:01
If it were a bug, it should concern other users, but for me everything works as intended. This is why I think that the issue must be related to your specific settings. Doublecheck that you are not signed in in your browser session with multiple accounts simulatenously (silent switching of accounts is a common error source), check both in your [admin console](https://support.google.com/a/answer/6208725?hl=en) and [programmatically](https://developers.google.com/admin-sdk/directory/v1/reference/schemas/list) that your custom scheme is "Visible to organization". — ziganotschka, Jul 08 '20 at 09:01
Make sure that the non-admin user is from the same domain and same customer. Make sure that the custom scheme has been assigned succesfully to user `franc` AND THAT `Directory sharing` IS ENABLED FOR THIS USER. Try creating a new scheme, query for different users etc. — ziganotschka, Jul 08 '20 at 09:01
@ziganotschka thanks for your continued effort to help. To confirm the G Suite account is the problem, I perform the same tests with a different G Suite account and it worked as expected. In both accounts, I have the same settings in regards to contact sharing and in both domains all the custom schema fields are "Visible to organization". On one G Suite account it works and in the other it does not. What information can I provide so you can believe me? — Morfinismo, Jul 08 '20 at 12:01
If you are sure that that your GSuite account is the problem and it is not because the settings in the two domains are different, then you might want to contact GSuite again providing them convincing evidence that the issue is related to the domain and not to user settings(like e.g. the Directory sharing being turned off). — ziganotschka, Jul 08 '20 at 12:05
@ziganotschka Thank you, I will try that. It's only that G Suite support seems reluctant to get involved in helping me. I'll use this post as a reference for them. I greatly appreciate your time. I will update this post if I ever get help from them. — Morfinismo, Jul 08 '20 at 12:07
Just make sure to compare and double and triple check all possible admin and user settings between the two domains before contacting GSuite support. — ziganotschka, Jul 08 '20 at 12:11

Morfinismo · Accepted Answer · 2020-09-04T12:50:04.433

0

I contacted G Suite support and in fact, this issue is a domain specific problem.

It took several weeks for the issue to be addressed by the support engineers at Google but it was finally resolved. The behaviour is the intended one now.

edited Sep 04 '20 at 12:50

answered Aug 27 '20 at 12:49

Morfinismo

4,985
4
19
36

List users as non admin with custom fields

1 Answers1