I can obtain the information about each user for the given Google Workspace organization using the following endpoint:
GET https://admin.googleapis.com/admin/directory/v1/users
However, the licensing information is missed in the response. How can I get the list of all active subscriptions for the given Google Workspace user?
Related
In Google Workspace admin console, we can configure SSO for applications, and assign user groups to the application.
The group assignment can be checked using the following way:
https://support.google.com/a/answer/9050643?hl=en#step5&zippy=%2Csee-the-services-and-organizational-units-for-access-groups%2Cstep-check-service-access
Is there any api to retrieve this group assginment information?
I don't see any in Google Workspace Admin API.
Answer:
There's currently no API in Admin SDK that will retrieve this information.
Feature request:
If you're interested in this feature, I'd suggest you to request it on Issue Tracker using this template.
How to pull the list of IAM users from google cloud along with their last activity??
Tried "gcloud projects get-iam-policy"
but it gives only list of iam users/members but not their last activity
Ok, if it's for company, you have this information in the Google Cloud Identity platform. You can log in here: https://admin.google.com
Go to users and boom
Of course you can request these values by API with the admin sdk
It works only for managed accounts. If you have unmanaged account (in gmail.com or from another company) you don't have access to this information.
EDIT 1
To track the service account activity, you can rely on the documentation. Cloud Monitoring allow you to do that. If you need to export the data to BigQuery for analytics for example, let me know I could help on that.
To know the privilege that the users have, you can rely on the Asset Inventory, and especially on the IAM search policy feature.
What information can you retrieve from Google's API Key created through Google GCP Console.
GCP Console -> Menu -> APIs & Services -> Credentials -> API Key
Is there a way on the backend to get the project id associated to this query string ex: key=apiKey?
or
list all API keys for a GCP project using some googleAPI?
or
something like: gcloud iam api-keys list?
Thank you.
What information can you retrieve from Google's API Key created
through Google GCP Console.
You can see information such as:
API Key
Creation date
Created by
Total usage
Application Restrictions
Website Restrictions
Is there a way on the backend to get the project id associated to this
query string ex: key=apiKey?
Neither end-users nor GCP IAM members can see anything regarding the API Key except via the GCP Console.
list all API keys for a GCP project using some googleAPI?
A public API has not been published for API Keys.
something like: gcloud iam api-keys list?
No tools have been published that display information regarding API Keys.
I believe gcloud alpha services api-keys list is what you are asking for? - https://cloud.google.com/sdk/gcloud/reference/alpha/services/api-keys/list
I have a BigQuery table that references a Google Sheet document that my service account can't access. Currently getting
"Error: Not found: Files /gdrive/id/xxxx"
I'm using the NodeJs 3.0.0 client library to access the BigQuery API.
The service user account has Data Editor, Job User and User rights on BigQuery and I have explicitly shared the google sheet to the service account.
For clarity, the user account has no issues querying other tables that it has access to, just a bunch of these external tables.
Any thoughts on what else I might need to do?
After going back through this from the start it turns out the issue was due to Google Doc editor being disabled at an organisation level. This affects both normal users and service accounts. Also ensuring that Domain-wide delegation was in place heped resolved this.
I've been trying to get data from GA using a service account, however, my issue is that it keeps saying;
Error: User does not have sufficient permissions for this profile.
I have enabled GA reporting API and given access to GA account using the email of the service account. In addition, it was granted "read and analyze" permissions on the account.
Tried this method on a personal account, and everything worked fine, however, when working on a client project, the issue comes back.
What could I be missing?
This was interesting to figure out.
I've used Account ID against one Google Analytics Account and that worked.
For the one I have been having an issue with, I needed to use the View ID.