Obsolete
Status Update
No update yet.
Comments
da...@dali-solutions.com
+1 on this request.
It would be ideal if instead of "domain wide" delegation, you could instead limit the scope of which accounts can be impersonated by a service account. If you were able to register the delegation to an org unit (for example) then only users within that org unit could be impersonated.
It would be ideal if instead of "domain wide" delegation, you could instead limit the scope of which accounts can be impersonated by a service account. If you were able to register the delegation to an org unit (for example) then only users within that org unit could be impersonated.
ga...@google.com
Hi there!
Thank you for your request.
Can you provide me please a specific use case for this feature, as well as what impact its implementation would have on your business, and why the current implementation is not suitable for your workflow?
Many thanks!
ga...@google.com
Hi there!
I am closing this issue due to inactivity, as I have not received a response. If you are still encountering this behaviour, please feel free to open a new issue.
Many thanks!
da...@dali-solutions.com
Will try to reopen this issue.
Currently we use the Google Drive API using a service account, this service account impersonates a specific user and accesses and manages this users Google Drive on behalf of a web application. This works fine.
However, the service account can impersonate ANY user, so this service account becomes very powerful, in the event there is a breach. Ideally, we could limit the scope to whom the service account can impersonate, this could ideally be a list of users, likely more easily, be an "org unit" and only users within that org until could be impersonated by this service account.
Currently we use the Google Drive API using a service account, this service account impersonates a specific user and accesses and manages this users Google Drive on behalf of a web application. This works fine.
However, the service account can impersonate ANY user, so this service account becomes very powerful, in the event there is a breach. Ideally, we could limit the scope to whom the service account can impersonate, this could ideally be a list of users, likely more easily, be an "org unit" and only users within that org until could be impersonated by this service account.
se...@tripleten.com
+1 on this request. I'm faced with the same problem.
Description
we created a service account as described in the G Suite Domain-Wide Delegation of Authority (
For security reasons we do not want this service account to have access to all users mailboxes. For example out of 500 employees, we want this service account to have access only to 100.
Can you please advise if and how we can achieve this?
thank you