Comment on page
Google Workspace Service User (RBAC)
There are some actions that regular staff do not have permission to perform, such as:
- listing the users in the organisation
- interacting directly with resource calendars
- Google Workspace Administrative Access
The new user may sit in a different OU to your regular users for security purposes.
To create a new user, if you are not already familiar you can follow these instructions from Google on Creating a Google Workspace User.
Do not assign a password to this user.
It will never have to log on as it will be used solely by the API application.
- 1.Select the newly created user from the user list.
- 2.Click the Roles and Privileges tab.
- 3.Click Edit.
- 4.Click create Custom Role.
- 5.On the privileges selection screen, under the 'Admin API Privileges' select the following permissions:
- 1.Organization Units: Read
- 2.Users: Read
- 3.Groups: Read
- 6.When completed, the role summary should look like:
- 7.Assign the role to the account.