Feel free to share out:
- Any challenges you are experiencing
- Any process improvements/ “work smarter” tips to share
- Any goals you are aiming to achieve over this week
Feel free to share out:
Already have an account? Login
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
I am facing a challenge while making a Google App Script to add/remove/list Gmail delegators for the given account. I have tried using a python script which did work but can't get it through GAS.
Not sure if someone has an example to get/add/remove a Gmail delegate account that can help to resolve my problem. I was thinking to make a script that I can embed with Google Form so that after choosing the email addresses and submitting the Form, the script should automatically add/remove delegates. For the listing, an email can work after the form submission.
Thanks for posting
@PrashantB! @Krishanr @andy.yates might be able to answer your scripting questions here.
I’ve performed scripted delegation processes using GAM or the API’s directly I have not used Google App scripts to do it. I run my automation from a platform I have full control over, unfortunately with GAS if something goes wrong you are limited to submit to the issue tracker and “wait” . You wont be able to get support though Google or a Partner. That being said, it might not be a problem for your org.
The challenge with Delegation is you need to “impersonate” the target account to perform the actions. Thus you need a service account with Domain Wide Delegation. You will need to authorize the scopes for the service account against your workspace instance. Also , on the topic of service accounts, I recommend you understand the implications of using them. They are powerful and grant full access to your users data for the scopes that are authorized. This means 1) If the service account is compromised your data is at risk, 2) if your script process does not have the proper logic built in you can accidently expose actions to users you don’t intend to. e.g. if you want this process to only allow delegation to shared accounts, but not “user accounts” . Without the proper logic in place a user might be able to use the form to grant access to the “CEO’s” mailbox.
The scope required for delegation is listed below and pay attention to the notes.
Note:Operations guarded by this scope are restricted to administrative use only. They are only available to Google Workspace customers using a service account with domain-wide delegation.
Now that’s out of the way, You mentioned you used Python and it worked, so I assume you went though the process of setting up a service account and domain wide delegation etc. It should be possible to use GAS and service accounts . With either method to support your Form’s idea, you could run Python or GAS on a time schedule and check the sheet that the form writes too, perform the action you want and update the sheet record accordingly.