-
Notifications
You must be signed in to change notification settings - Fork 473
l Managing Admins
- Grant a User an Admin Role
- Delete a User's Admin Role
- Print All Admin Role Assignments
- Print All Admin Roles
gam create admin <user> <role> customer|org_unit <OU> [condition securitygroup|nonsecuritygroup]
Grants the given user account rights as the given admin role. The command must specify whether the rights are to be granted to the entire customer G Suite domain or to a certain org_unit and it's children org unit's. Note that some roles cannot be granted to org units, they must specify customer. The optional argument condition limits the conditions for delegate admin access. This currently only works with the _GROUPS_EDITOR_ROLE and _GROUPS_READER_ROLE roles. Condition can be to limit the delegated admin to managing security groups (securitygroup) or to non-security groups (nonsecuritygroup).
This example makes [email protected] a super admin
gam create admin [email protected] _SEED_ADMIN_ROLE customer
This example makes [email protected] a helpdesk admin for the /NY Org Unit.
gam create admin [email protected] _HELP_DESK_ADMIN_ROLE org_unit "NY"
This example allows [email protected] to manage only groups that are NOT marked as security groups:
gam create admin [email protected] _GROUPS_EDITOR_ROLE customer condition nonsecuritygroup
gam delete admin <role assignment id>
Removes an admin role assignment. Use Print All Admins to see existing assignments, you're looking for the roleAssignmentId column. You can also use CSV commands to revoke all rights for a given user.
This example revokes the given user's admin role.
gam delete admin 8771356963373081
This example revokes ALL admin role assignments for the [email protected] user account.
gam print admins user [email protected] | gam csv - gam delete admin ~roleAssignmentId
gam print admins [user <user>] [role <role>] [condition] [todrive]
Prints all admin role assignments in the G Suite instance. Note that one user account can be assigned multiple roles and can be assigned one role on multiple orgs so a single user may be returned in multiple rows.
The optional user argument limits returned role assignments to those granted to the given user.
The optional role argument limits returned role assignments to those of the given role.
The optional condition argument displays any conditions associated with a role assignment.
The optional todrive argument tells GAM to create a Google Docs Spreadsheet instead of outputting the results to CSV.
This example prints out all admin role assignments
gam print admins
This example prints out all admin role assignments for [email protected]
gam print admins user [email protected]
This example prints out all super admin role assignments
gam print admins role _SEED_ADMIN_ROLE
gam print roles [todrive]
Prints all admin roles created within the G Suite Instance. The optional argument todrive causes GAM to create a Google Docs Spreadsheet of results instead of outputting CSV.
This example creates a spreadsheet of all admin roles for a domain.
gam print roles todrive
Need more help? Ask on the GAM Discussion Group
Update History
Installation
- How to Install GAM7
- How to Upgrade GAMADV-XTD3 to GAM7
- How to Upgrade Legacy GAM to GAM7
- How to Update GAM7
- Verifying a GAM7 Build is Legitimate and Official
- Install GAM as Python Library
- GAM7 on Chrome OS Devices
- GAM7 on Android Devices
- Google Network Addresses
- HTTPS Proxy
- SSL Root CA Certificates
- How to Uninstall GAM7
Configuration
- Authorization
- GAM Configuration
- Running GAM7 securely on a Google Compute Engine
- Using GAM7 with a delegated admin service account
- Using GAM7 with a YubiKey
- GAM with minimal GCP rights
Notes and Information
- Upgrade Benefits
- Questions? Visit the GAM Discussion Forum
- GAM Public Chat Room
- Scripts
- Other Resources
- Drive REST API v3
- BNF Syntax
- GAM Return Codes
- Python Regular Expressions
- Rclone
Definitions
Command Processing
- Bulk Processing
- Command Line Parsing
- Command Logging and Progress
- Command data from Google Docs/Sheets/Storage
- CSV Special Characters
- CSV Input Filtering
- CSV Output Filtering
- Meta Commands and File Redirection
- Permission matches
- Tag Replace
- Todrive
Collections
Client Access
- Addresses
- Administrators
- Alert Center
- Aliases
- Calendars
- Calendars - Access
- Calendars - Events
- Chrome Auto Update Expiration Counts
- Chrome Browser Cloud Management
- Chrome Device Needs Attention Counts
- Chrome Installed Apps
- Chrome Policies
- Chrome Printers
- Chrome Profile Management
- Chrome Version Counts
- Chrome Version History
- ChromeOS Devices
- Classroom - Courses
- Classroom - Guardians
- Classroom - Invitations
- Classroom - Membership
- Cloud Channel
- Cloud Identity Devices
- Cloud Identity Groups
- Cloud Identity Groups - Membership
- Cloud Identity Policies
- Cloud Storage
- Context Aware Access Levels
- Customer
- Domains
- Domains - Verification
- Domain People - Contacts & Profiles
- Domain Shared Contacts - Global Address List
- Email Audit Monitor
- Find File Owner
- Google Data Transfers
- Groups
- Groups - Membership
- Inbound SSO
- Licenses
- Mobile Devices
- Organizational Units
- Reports
- Reseller
- Resources
- Send Email
- Schemas
- Shared Drives
- Sites
- Users
- Unmanaged Accounts
- Users - Signout and Turn off 2-Step Verification
- Vault - Takeout
- Version and Help
Special Service Account Access
Service Account Access
- Users - Analytics Admin
- Users - Application Specific Passwords
- Users - Backup Verification Codes
- Users - Calendars
- Users - Calendars - Access
- Users - Calendars - Events
- Users - Chat
- Users - Classification Labels
- Users - Classroom - Profile
- Users - Deprovision
- Users - Contacts
- Users - Contacts - Delegates
- Users - Drive - File Selection
- Users - Drive - Activity/Settings
- Users - Drive - Cleanup
- Users - Drive - Comments
- Users - Drive - Copy/Move
- Users - Drive - Files-Display
- Users - Drive - Files-Manage
- Users - Drive - Orphans
- Users - Drive - Ownership
- Users - Drive - Permissions
- Users - Drive - Query
- Users - Drive - Revisions
- Users - Drive - Shortcuts
- Users - Drive - Transfer
- Users - Forms
- Users - Gmail - Client Side Encryption
- Users - Gmail - Delegates
- Users - Gmail - Filters
- Users - Gmail - Forwarding
- Users - Gmail - Labels
- Users - Gmail - Messages/Threads
- Users - Gmail - Profile
- Users - Gmail - S/MIME
- Users - Gmail - SendAs/Signature/Vacation
- Users - Gmail - Settings
- Users - Group Membership
- Users - Keep
- Users - Looker Studio
- Users - Meet
- Users - Classroom - Profile
- Users - People - Contacts & Profiles
- Users - Photo
- Users - Profile Sharing
- Users - Shared Drives
- Users - Spreadsheets
- Users - Tasks
- Users - Tokens
- Users - YouTube
GAM Tutorials
- Account Auditing
- Calendar Settings
- Chat Bot commands
- Chrome Browser Management
- Chrome Policy Settings
- Context Aware Access levels
- Data Transfers
- Domain Verification
- Google Drive Management
- Group Settings
- Inbound SSO Settings
- Managing Admins
- Managing Classroom
- Managing Custom User Schemas
- Managing Devices
- Managing Organizations
- Managing Product Licenses
- Managing Users, Groups, Aliases, Domains, Mobile and Chrome Devices, and Resource Calendars
- OAuth Authentication Related Commands
- Print Users, Groups, Aliases, Mobile and Chrome OS devices, OUs, Licenses and Reports
- Printers
- Unmanaged Users and Invitations
- User Email Settings
- User Security Settings