Same as Entitlement in IDHUB.

Will map to different entities in Google workspace, for instance - Groups, GDrive Permissions, makeAdmin etc to name a few

Create/Delete/Modify Group

Attribute Name

Description

Data Type

Required

id

ID of the Group

String

type

Type of the Group

String

Other Required

Defined by parameters required for each type.

String

Assignment

Attribute Name

Description

Data Type

Required

id

ID of the Group

String

type

Type of the Group

String

userkey

Primary email

String

action

Add/Revoke

String

Other Required

Defined by parameters required for each type.

String

Type

Type is identifier to consolidate all the permissions related items in Google Workspace. This is used by the SCIM connector to determine which API call to make.

  • admin

  • groups

  • roles

  • drivePermissions

  • delegate

  • license

Type=admin

POST https://www.googleapis.com/admin/directory/v1/users/userKey/makeAdmin

Since userkey is already included in required attributes, no other parameters are required.

Type=group

Attribute Name

Description

Data Type

email

email of group

String

name

name of the group

String

description

Description of the group

String

Create

POST https://www.googleapis.com/admin/directory/v1/groups

Update

PUT https://admin.googleapis.com/admin/directory/v1/groups/{groupKey}

Delete

DELETE https://admin.googleapis.com/admin/directory/v1/groups/{groupKey}

ListMembers

GET https://admin.googleapis.com/admin/directory/v1/groups/{groupKey}/hasMember/{memberKey}

AssignMembers

POST https://admin.googleapis.com/admin/directory/v1/groups/{groupKey}/members

Type=drivePermissions

List

GET https://www.googleapis.com/drive/v3/files/fileId/permissions

Create

POST https://www.googleapis.com/drive/v3/files/fileId/permissions

Update

PATCH https://www.googleapis.com/drive/v3/files/fileId/permissions/permissionId

Delete

DELETE https://www.googleapis.com/drive/v3/files/fileId/permissions/permissionId

Type=license

List all user Licenses

Per user

GET https://www.googleapis.com/apps/licensing/v1/product/productId/users?customerId=primary domain name&maxResults=max results per page

Per product

GET https://www.googleapis.com/apps/licensing/v1/product/productId/sku/skuId/users?customerId=primary domain name&maxResults=max results per response page

Assign License

POST https://www.googleapis.com/apps/licensing/v1/product/productId/sku/skuId/user

Reassign License

PUT https://www.googleapis.com/apps/licensing/v1/product/productId/sku/the current skuId/user/user's email

Delete License

DELETE https://www.googleapis.com/apps/licensing/v1/product/productId/sku/skuId/user/userId

Type=roles

Get Privileges
GET https://www.googleapis.com/admin/directory/v1/customer/customer_id/roles/ALL/privileges
CODE
Get Existing Roles
GET https://www.googleapis.com/admin/directory/v1/customer/customer_id/roles
CODE
Create Role
POST https://www.googleapis.com/admin/directory/v1/customer/customer_id/roles

{
  "roleName": "My New Role",
  "rolePrivileges": [
    {
      "privilegeName": "USERS_ALL",
      "serviceId": "00haapch16h1ysv"
    },
    {
      "privilegeName": "GROUPS_ALL",
      "serviceId": "00haapch16h1ysv"
    }
  ]
}
CODE

Create Role Assignment

POST https://www.googleapis.com/admin/directory/v1/customer/customer_id/roleassignments

{
  "roleId": "3894208461012995",
  "assignedTo": "100662996240850794412",
  "scopeType": "CUSTOMER"
}
CODE