after v2 upgrade can't see custom attributes

[IAmStevenJohnson]

We upgraded our test environment today to v2 and we can't figure out how to see our schema's custom user attributes. We've read, and tried following the instructions on the "Custom schema" section of the Installation documentation but just aren't clear what we're doing wrong. We have four custom user attributes like this: xxGoogleUser_xxeid xxGoogleUser_xxEmail xxGoogleUser_xxHierarchy xxGoogleUser_xxcloudEA8

that we can no longer see on the select attributes screen. I hate asking a question like this but is it possible for someone to describe exactly how we get those attributes back? What exactly do we enter on the schema tab of the MA? And did we now have to create a new user object type LithnetGoogleAppsMA with a Text attribute called objectType? If so, can you describe what that does and how this works so we can understand it better? If no time for that, just any tips on troubleshooting or getting this working is much appreciated. Thanks so much for all the work on this. It's been working great for us.

[leoerlandsson]

Hi,

Could you first please confirm that the following permissions and scopes has been granted to the account used:

https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.userschema.readonly

I don't think the user object type LithnetGoogleAppsMA needs to be present to be able to use custom attributes on the user object.

Are there any errors in the log file or in System Diagnostics (if you don't want to configure diagnostics, you can use e.g. DebugView to catch these errors)?

More specifically, are any of the errors below present?

"Permission to read the user custom schema was denied" "Permission related TokenResponseException while reading the user custom schema"

Thanks.

Br, Leo

[IAmStevenJohnson]

Leo,

Thanks for your response. We re-checked the permissions and scopes and we have those set. We haven't changed any of them since upgrading the v2. Here is how they're set:

http://www.google.com/m8/feeds/contacts/ Email Settings (Read/Write)  https://apps-apis.google.com/a/feeds/emailsettings/2.0/ https://www.googleapis.com/auth/admin.directory.domain View and manage the provisioning of groups on your domain https://www.googleapis.com/auth/admin.directory.group View and manage group subscriptions on your domain https://www.googleapis.com/auth/admin.directory.group.member https://www.googleapis.com/auth/admin.directory.resource.calendar https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly View and manage the provisioning of users on your domain  https://www.googleapis.com/auth/admin.directory.user View and manage the provisioning of user schemas on your domain  https://www.googleapis.com/auth/admin.directory.userschema Groups Settings  https://www.googleapis.com/auth/apps.groups.settings

Here is what we get in DebugView. It is the last error you mentioned. [3112] Refilling bucket admin with 1500 tokens [3112] 1 tokens taken from bucket admin leaving 1499 [3112] Permission related TokenResponseException while reading the user custom schema [3112] 1 tokens taken from bucket admin leaving 1498

What does that tell us?

[leoerlandsson]

Hi Steven,

The error tells us that there's a permission error trying to read the schema.

V2 specifically requires the https://www.googleapis.com/auth/admin.directory.userschema.readonly scope

Could you please try adding this scope, it should solve the problem.

I'll update the Required permissions and scopes page to clarify this.

Br, Leo

[IAmStevenJohnson]

Thank you Leo. That solved this issue.