非管理员用户的google admin SDK [英] google admin SDK for non admin-user

问题描述

1. 我在开发者控制台中创建了Google应用.
2. 启用管理SDK
3. 启用API访问权限
4. 在管理OAuth客户端访问"中，我添加了授权的API客户端" " https://www.googleapis.com/auth/admin.directory.user"范围.

1. I created google app in developer console.
2. Enable Admin SDK
3. Enable API access
4. In "Manage OAuth Client access" i added "Authorized API client" with "https://www.googleapis.com/auth/admin.directory.user" scope.

此外，我想从我的域中吸引用户.

Further, i want to get users from my domain.

JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();

ArrayList<String> scopeList = new ArrayList<>();
scopeList.add(DirectoryScopes.ADMIN_DIRECTORY_USER_READONLY);
GoogleCredential credential = new GoogleCredential.Builder()
          .setTransport(httpTransport)
          .setJsonFactory(JSON_FACTORY)
          .setServiceAccountId("bla-bla@developer.gserviceaccount.com")
          .setServiceAccountScopes(scopeList)
          .setServiceAccountPrivateKeyFromP12File(new File("p12 file")))
          .setServiceAccountUser("superadmin@my-domain.com")
          .build();

credential.setAccessToken("access token of current google user");

Directory admin = new Directory.Builder(httpTransport, JSON_FACTORY, credential)
          .setApplicationName("Capsidea")
          .setHttpRequestInitializer(credential).build();
return admin.users().list().setDomain("my-domain.com").execute();

当我通过superadmin@my-domain.com通过OAuth登录到Google时，所有功能都可以正常使用. 但是，当我通过some-user-non-admin@my-domain.com登录时，出现错误: 未授权访问此资源/api"

All it's working when i login into google via OAuth by superadmin@my-domain.com. But when i logined by some-user-non-admin@my-domain.com i have the error: "Not Authorized to access this resource/api"

非管理员用户可以获取域中所有用户的列表吗? 当域更改时，鉴于必须指定superadmin'a，因此此代码将起作用. 有什么想法吗?

Can an non admin user to get a list of all users in the domain? When the domain change this code will work given that it is necessary to specify superadmin'a ? Any ideas?

推荐答案

setServiceAccountUser需要能够使用Admin API的用户(有一个细粒度的角色配置工具).

setServiceAccountUser needs a user capable of Admin API usage (there is a fine-grained role configuration tool).

请声明需要这样的用户才能使您的代码正常工作.

Do state that such a user is needed for your code to work.

这篇关于非管理员用户的google admin SDK的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！