I have a workspace user that can t make | Google Developer Community | Page 1

marsh night Sep 7, 2023, 7:47 PM

#

For non-admins to use that endpoint they need to set the query parameter viewType=domain_public, as described here: https://developers.google.com/admin-sdk/directory/v1/guides/manage-users#retrieve_users_non_admin

Google for Developers

Manage user accounts | Admin console | Google for Developers

#

It seems however you are referring to updating? If so, I'm not sure what the rules are for that API when it comes to updates.

compact smelt Sep 7, 2023, 8:48 PM

#

Yes the user is an admin already just not with every permission. The role has all API permissions enabled.

marsh night Sep 7, 2023, 8:49 PM

#

Can they edit user details in the web UI? If not then you need to enable that first for the API to work.

compact smelt Sep 7, 2023, 8:50 PM

#

Yes, they can. Only real ui permissions missing from the role is enabling/disabling services, they have all user, group, and ou permissions

marsh night Sep 7, 2023, 8:51 PM

#

Strange. It might be a bug then?

compact smelt Sep 7, 2023, 8:52 PM

#

Perhaps, I'll have to test more when I am back from vacation. I have set the customer ID, I may need to set the domain as well.

compact smelt Sep 11, 2023, 8:42 PM

#

This appears to be resolved somehow. Not 100% sure exactly how it was resolved but I am able to use a test user with the role of the affected user and it is now working.

compact smelt Sep 11, 2023, 9:08 PM

#

NVM it's now broken again. Heh

#

Seems like this may be dependent on the OU the target user of the API call is in.

compact smelt Sep 12, 2023, 4:04 PM

#

Ah the users that can't be edited all have a delegated admin role. Looks like we'll have to switch to a service account with domain wide delegation in lieu of giving super admin to tons of people. Upside is it can be fully automated then.

#I have a workspace user that can t make