将Google目录组API限制为调用者自己的组 [英] Limiting google directory groups APIs to caller's own groups

问题描述

我们正在为内部组织使用一个Web应用程序.我们需要从后端检查特定组的成员及其角色.我们的Google管理员未向我们提供对Google Admin API的域范围访问，提及这将是一个安全漏洞.

We are doing a web app for our internal organization use. We need to check members and their roles for a particular group from our backend. Our google administrators are not providing us domain wide access to google admin APIs, mentioning it would be a security loop hole.

我们只想获取经过身份验证的用户或服务帐户为所有者/经理的组的成员及其角色.没有域范围的访问是否可能?

We would like to fetch the members and their roles only for the group(s) in which the authenticated user or service account is owner/manager. Is it possible without domain wide access?

或者，可以在Web前端检查登录到特定google组的用户的会员身份和角色的google吗?

Alternatively, in web front end is it possible to check a google logged in user's membership and role to a particular google group?

如果对我们的Google管理员还有其他可能的解决方案或建议，我们将不胜感激.

If there are other possible solutions or advice for our google admin, would be really appreciated.

获取 https://www.googleapis.com/admin/directory/v1/groups/groupKey

推荐答案

https://developers.google.com/apps-script/reference/groups/

获取用户组列表.如果组成员角色==所有者/经理获取小组成员列表.

Get a list of the users groups. if group member role == owner/manager get the list of group members.

您也可以直接获得该角色. https://developers.google.com/apps-script/reference/groups/角色

you can also just get the role. https://developers.google.com/apps-script/reference/groups/role

这篇关于将Google目录组API限制为调用者自己的组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！