This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Narrow Domain-Wide Delegation to specific group/user

Posted on 09-19-2022 07:40 AM
JonathanBern
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello, I'm creating an application that retrieves the ongoing event out of the calendar in an gmail account. Since this application will be running in Google Cloud Functions, OAuth2.0 application is no option and I'm relying on a service account.

The service account needs permission to scopes in domain-wide delegation. Since The service account only need read only access to only one calendar and contacts (of a gmail acc) we want to narrow the scope to this account. We cannot give the service account domain-wide delegation since the tenant has over thousand users we don't want the service account access over the other accounts.

Is there any solution to narrow the scope you give at domain-wide delegations?

2 4 465
4 REPLIES 4

Posted on --/--/---- --:-- AM
CronosBelgium
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

This would really help us as well.

Multiple companies together under 1 google tenant make it impossible to just assign domain wide read-only (or even worse, write) rights for a service account. It needs to be scoped so it can be narrowed to just a user, few users or groups.

 
0 Likes

Posted on --/--/---- --:-- AM
Aryan1
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

its just impossible to do that

 

0 Likes

Posted on --/--/---- --:-- AM
JonathanBern
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

@Aryan1 You have any suggestions as a work-a-round? 

0 Likes

Posted on --/--/---- --:-- AM
Aryan1
Bronze 4
Bronze 4
In response to JonathanBern
Reply posted on --/--/---- --:-- AM

Sorry to say but i don't think any other option to do that thing

0 Likes
Top Solution Authors
View all