Comment on page

Google Workspace Service User (RBAC)

There are some actions that regular staff do not have permission to perform, such as:
  • listing the users in the organisation
  • interacting directly with resource calendars


  • Google Workspace Administrative Access


Create a New User

The new user may sit in a different OU to your regular users for security purposes.
To create a new user, if you are not already familiar you can follow these instructions from Google on Creating a Google Workspace User.
Do not assign a password to this user.
It will never have to log on as it will be used solely by the API application.

Assign Permissions

  1. 1.
    Select the newly created user from the user list.
  2. 2.
    Click the Roles and Privileges tab.
  3. 3.
    Click Edit.
  4. 4.
    Click create Custom Role.
  5. 5.
    On the privileges selection screen, under the 'Admin API Privileges' select the following permissions:
    1. 1.
      Organization Units: Read
    2. 2.
      Users: Read
    3. 3.
      Groups: Read
  6. 6.
    When completed, the role summary should look like:
  7. 7.
    Assign the role to the account.