Thanks Jay. That still puts the burden on the administrator though. In my scenario I sell an application that integrates with Google Apps. I want the admin to do the least amount of things to be up and running quickly. If I ask him/her to create a special role and assign all its users to that role just because I want to get the groups each user belong to it sounds to me very intrusive. Instead if I could say "Give permission to this app XXX to the following scopes YYY" like you can do today through the control panel, that sounds like a better way to give permissions.
I managed to do it using OAuth 1.0a 2-legged auth but could not do it with Service Accounts and OAuth2. Seems like the Google Api console does not support the provisioning API yet. I am wondering, if OAuth 1.0a is deprecated my app won't work anymore and I have to move to OAuth2. Someone from Google knows when this will happen? When will OAuth 1.0a be retired? Thanks Matias On Thursday, September 6, 2012 6:05:59 PM UTC-3, Jay Lee wrote: > > Hi woloski, > > You can create delegated administrator accounts that only have rights to > perform read operations against users using the Provisioning API. See below. > > http://support.google.com/a/bin/answer.py?hl=en&answer=2406043 > > Jay > > On Sunday, August 26, 2012 2:49:12 PM UTC-4, woloski wrote: >> >> It seems the only way to know if a user is a Google Apps administrator is >> by using the Provisioning API >> >> >> https://developers.google.com/google-apps/provisioning/#retrieving_user_accounts >> >> Asking a user to enable the Provisioning API and allow access to >> everything seems a bit too much just to get read-only information about >> him/her. Ideally, this information should come as part of the user profile, >> together with the groups he belongs to. >> >> Is there another way to get the information? I want just read-only >> access. Another option would be to use Service Accounts through Google API >> Console so that the end user doesn't have to give consent to access such >> APIs and it's a one-time thing. Is that possible? >> >> Thanks, >> Matias >> > -- You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-apps-mgmt-apis/-/ARXi2CWuz1MJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
