Closed slapdashengineering closed 1 year ago
jay-eleven
commented
2 years ago I'd say group permissions are only manipulated via Client Access and not service accounts, but Ross can confirm.
Out of curiosity, when oAuth2 fails... have you changed the password of that user's token recently?
slapdashengineering
commented
2 years ago Hey jay! We've got a user account that exists solely to be a catspaw for tools and services that need to exploit a user account to do things, such as this. At least once it's needed an oauth token refresh due to a credential rotation but iirc we've had a few unknown-cause failures.
It's not end of the world, just one of those things I figure I should at least check into other avenues for.
taers232c
commented
2 years ago Stephen,
Send me a Meet/Zoom invitation.
Ross
Hey Ross (et al),
I use xtd3 pretty heavily and one use case I can't quite seem to dial in is maintaining default group permissions from an unattended install with a cron job.
Since Google doesn't apparently have a way to define the default permissions for a group and we want all groups to have their members viewable by the whole organization (who_can_view_membership ALL_IN_DOMAIN_CAN_VIEW), we use gam to loop across groups and set those permissions regularly.
However, occasionally the oauth2 client token barfs and we then need to deal with reauthorizing and such. Is there a way to specifically force group permissions changes to be done via the service account credentials and domain-wide delegation?
I'm not sure if this is a limitation on the Google end or the gam end, and figured I'd ask the experts…
--SG