1

I'm building a simple Java application where I need to retrieve the list of groups the user is subscribed to in my G Suite domain. I have gone through a bunch of answers on Stackoverflow, but am still a bit confused for the usage.

There is https://developers.google.com/admin-sdk/directory/v1/guides/manage-groups#get_all_member_groups but I can't seem to get it to work without a service account and impersonating an admin/

There is https://developers.google.com/admin-sdk/directory/v1/guides/manage-users#retrieve_users_non_admin, but it doesn't give me groups.

I have everything working with a service account, but it looks like once I do that, I can impersonate pretty much any admin under my account. That seems a little scary to me. Although I can limit the capabilities of the service account to just read the list of users and groups, I would like to go further and restrict the impersonation capabilities to only a user that has a custom role I created with just readonly privileges.

Is this the right way (service account with admin impersonation) or is there an easier way to do this ?

Rubén
  • 34,714
  • 9
  • 70
  • 166
Abhijit Dixit
  • 41
  • 6
  • possible duplicate of possible duplicate of https://stackoverflow.com/a/26469289/6577242 – ReyAnthonyRenacia Feb 22 '18 at 09:53
  • It's not a duplicate. My question is whether or not this is the only way and whether it's secure enough (impersonating an admin). It's already working for me, similar to the answer in the other question. – Abhijit Dixit Feb 22 '18 at 13:45

0 Answers0