是否可以在Google Directory API中以非管理员身份检索成员的所有组? [英] Is there a way to retrieve all groups for a member as a Non Admin in the Google Directory API?
问题描述
我正在使用Google Directory API来检索一个人所属的所有组,以便在我正在使用的应用程序中实现基于角色的特权.
I am working with the Google Directory API to retrieve all of the groups that a person is part of for role based privileging in the app I'm working on.
https://developers.google.com/admin-sdk/directory/v1/guides/manage-groups#get_all_member_groups
Our Admin is able to successfully retrieve a list of groups that he is a part of, using the API Explorer, but I am not. I am getting the error below and I'm assuming it is because I am not an Admin.
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Not Authorized to access this resource/api"
}
],
"code": 403,
"message": "Not Authorized to access this resource/api"
}
}
我们如何检索用户所属的组?有没有办法提供管理员凭据来检索用户所属的组?
How do we retrieve the groups a user belongs to? Is there any way to supply an Admin Credentials to retrieve the groups a user belongs to?
推荐答案
普通用户无法以编程方式检索其组成员身份.我建议创建一个具有权限的委派管理员,以便通过API读取组,但别无其他.另外,在执行OAuth 2.0请求时,仅需要只读组作用域.与需要获取组成员身份或让您的应用以代表他们的委托用户身份进行api调用的任何用户共享这些凭据.
There's no way for regular users to programmatically retrieve their group membership. I'd recommend creating a delegated admin with priveledges to read groups via the API but nothing else. Also, when doing the OAuth 2.0 request, only the readonly groups scope is needed. Share these credentials with any users that need to get their group membership or have your app make the api call as the delegated user on their behalf.
这篇关于是否可以在Google Directory API中以非管理员身份检索成员的所有组?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
