Google Workspace Service User (RBAC)
Last updated
Last updated
There are some actions that regular staff do not have permission to perform, such as:
listing the users in the organisation
interacting directly with resource calendars
Google Workspace Administrative Access
The new user may sit in a different OU to your regular users for security purposes.
To create a new user, if you are not already familiar you can follow these instructions from Google on Creating a Google Workspace User.
Do not assign a password to this user.
It will never have to log on as it will be used solely by the API application.
Select the newly created user from the user list.
Click the Roles and Privileges tab.
Click Edit.
Click create Custom Role.
On the privileges selection screen, under the 'Admin API Privileges' select the following permissions:
Organization Units: Read
Users: Read
Groups: Read
When completed, the role summary should look like:
Assign the role to the account.
