

根据文档,Google Apps域管理员可以授予服务帐户整个域的权限,以代表该域中的用户访问用户数据.我的说法是,这使服务帐户有权访问域内所有用户的数据.有没有一种方法可以限制哪个用户服务帐户可以访问?

According to the docs, Google Apps domain administrators can grant service accounts domain-wide authority to access user data on behalf of users in the domain. My understating is this gives service account authority to access data for all users inside the domain. Is there a way to restrict which users service account has access to?

例如,一个使用Google Calendar API来查看Google Apps域中特定用户列表的日历中的事件的应用程序.

For example, an application that uses Google Calendar API to view events from the calendars of specific list of users in a Google Apps domain.

Google Apps管理员可以授权应用程序访问某些但不是全部用户吗?

Can google apps administrator authorize application for access to some but not all users?



答案是在 Google Apps Marketplace .可以为所有人或特定组织单位打开应用.请参见为用户打开或关闭Marketplace应用 .组织单位是您可以控制组织中谁可以访问您的应用程序的方式.

The answer was to publish an app in Google Apps Marketplace. An app can be turned ON for everyone or some specific organization unit. See Turn a Marketplace app on or off for users. Organization Unit is how you can control who in organization has access to your app.


07-20 20:36