This document lists the events and parameters for
Delegated Admin Settings
Admin Audit activity events. You can retrieve these events by
calling Activities.list()
with applicationName=admin
.
Delegated Admin Settings
Events of this type are returned with type=DELEGATED_ADMIN_SETTINGS
.
Role Assign
ASSIGN_ROLE
ORG_
string
The organizational unit (OU) name (path).
ROLE_
string
The role name for this privilege that is assigned to USER_NAME
. A delegated administrator's role is granted by the super administrator. See note
for restrictions.
Possible values:
-
_AFFILIATE_ADMIN_ROLE
Affiliate admin role value. -
_DAR_NETWORK_MANAGEMENT_ROLE
Indirect Reseller Network Admin role value. -
_DAR_RESOLD_CUSTOMER_MANAGEMENT_ROLE
Indirect Reseller Resold Customer Admin role value. -
_DEGRADED_AFFILIATE_ADMIN_ROLE
Degraded Affiliate admin role value. -
_DIRECTORY_SYNC_ADMIN_ROLE -
_DOMAINLESS_SUPER_ADMIN_ROLE -
_DRIVE_TEAM_ADMIN_ROLE -
_GOOGLE_VOICE_ADMIN_ROLE -
_GROUPS_ADMIN_ROLE -
_GROUPS_EDITOR_ROLE
Display Name for Groups Editor Role in Admin Console. -
_GROUPS_READER_ROLE
Display Name for Groups Reader Role in Admin Console. -
_HELP_DESK_ADMIN_ROLE -
_INVENTORY_REPORTING_ADMIN_ROLE -
_LDAP_GROUP_MANAGEMENT_READONLY_ROLE -
_LDAP_PASSWORD_REBIND_ROLE -
_LDAP_USER_MANAGEMENT_READONLY_ROLE -
_LEGACY_ENTERPRISE_SUPPORT_ROLE
Legacy Enterprise Support Role value. -
_LEGACY_RESOLD_ENTERPRISE_SUPPORT_ROLE
Legacy Resold Enterprise Support Role value. -
_MOBILE_ADMIN_ROLE -
_PLAY_FOR_WORK_ADMIN_ROLE -
_RESELLER_ADMIN_ROLE -
_SEED_ADMIN_ROLE -
_SERVICE_ADMIN_ROLE -
_STORAGE_ADMIN_ROLE -
_TEAM_ADMIN_ROLE -
_USER_MANAGEMENT_ADMIN_ROLE
USER_
string
The primary email address of the delegated administrator assigned the role. For more information about delegated administrator roles, see the administration help center .
GET https://admin.googleapis.com
Role {ROLE_NAME}
assigned to user {USER_EMAIL}
Role Creation
CREATE_ROLE
ROLE_
string
Unique identifier for this privilege. A delegated administrator's role is granted by the super administrator. See note for restrictions.
ROLE_
string
The new role name. See note for restrictions. For more information about delegated administrator roles, see the administration help center . Possible values:
-
_AFFILIATE_ADMIN_ROLE
Affiliate admin role value. -
_DAR_NETWORK_MANAGEMENT_ROLE
Indirect Reseller Network Admin role value. -
_DAR_RESOLD_CUSTOMER_MANAGEMENT_ROLE
Indirect Reseller Resold Customer Admin role value. -
_DEGRADED_AFFILIATE_ADMIN_ROLE
Degraded Affiliate admin role value. -
_DIRECTORY_SYNC_ADMIN_ROLE -
_DOMAINLESS_SUPER_ADMIN_ROLE -
_DRIVE_TEAM_ADMIN_ROLE -
_GOOGLE_VOICE_ADMIN_ROLE -
_GROUPS_ADMIN_ROLE -
_GROUPS_EDITOR_ROLE
Display Name for Groups Editor Role in Admin Console. -
_GROUPS_READER_ROLE
Display Name for Groups Reader Role in Admin Console. -
_HELP_DESK_ADMIN_ROLE -
_INVENTORY_REPORTING_ADMIN_ROLE -
_LDAP_GROUP_MANAGEMENT_READONLY_ROLE -
_LDAP_PASSWORD_REBIND_ROLE -
_LDAP_USER_MANAGEMENT_READONLY_ROLE -
_LEGACY_ENTERPRISE_SUPPORT_ROLE
Legacy Enterprise Support Role value. -
_LEGACY_RESOLD_ENTERPRISE_SUPPORT_ROLE
Legacy Resold Enterprise Support Role value. -
_MOBILE_ADMIN_ROLE -
_PLAY_FOR_WORK_ADMIN_ROLE -
_RESELLER_ADMIN_ROLE -
_SEED_ADMIN_ROLE -
_SERVICE_ADMIN_ROLE -
_STORAGE_ADMIN_ROLE -
_TEAM_ADMIN_ROLE -
_USER_MANAGEMENT_ADMIN_ROLE
GET https://admin.googleapis.com
New role {ROLE_NAME}
created
Role Deletion
DELETE_ROLE
ROLE_
string
Unique identifier for this privilege. A delegated administrator's role is granted by the super administrator. See note for restrictions.
ROLE_
string
The role was deleted for this ROLE_NAME
. See note
for restrictions. For more information about delegated administrator roles, see the administration help center
.
Possible values:
-
_AFFILIATE_ADMIN_ROLE
Affiliate admin role value. -
_DAR_NETWORK_MANAGEMENT_ROLE
Indirect Reseller Network Admin role value. -
_DAR_RESOLD_CUSTOMER_MANAGEMENT_ROLE
Indirect Reseller Resold Customer Admin role value. -
_DEGRADED_AFFILIATE_ADMIN_ROLE
Degraded Affiliate admin role value. -
_DIRECTORY_SYNC_ADMIN_ROLE -
_DOMAINLESS_SUPER_ADMIN_ROLE -
_DRIVE_TEAM_ADMIN_ROLE -
_GOOGLE_VOICE_ADMIN_ROLE -
_GROUPS_ADMIN_ROLE -
_GROUPS_EDITOR_ROLE
Display Name for Groups Editor Role in Admin Console. -
_GROUPS_READER_ROLE
Display Name for Groups Reader Role in Admin Console. -
_HELP_DESK_ADMIN_ROLE -
_INVENTORY_REPORTING_ADMIN_ROLE -
_LDAP_GROUP_MANAGEMENT_READONLY_ROLE -
_LDAP_PASSWORD_REBIND_ROLE -
_LDAP_USER_MANAGEMENT_READONLY_ROLE -
_LEGACY_ENTERPRISE_SUPPORT_ROLE
Legacy Enterprise Support Role value. -
_LEGACY_RESOLD_ENTERPRISE_SUPPORT_ROLE
Legacy Resold Enterprise Support Role value. -
_MOBILE_ADMIN_ROLE -
_PLAY_FOR_WORK_ADMIN_ROLE -
_RESELLER_ADMIN_ROLE -
_SEED_ADMIN_ROLE -
_SERVICE_ADMIN_ROLE -
_STORAGE_ADMIN_ROLE -
_TEAM_ADMIN_ROLE -
_USER_MANAGEMENT_ADMIN_ROLE
GET https://admin.googleapis.com
Role {ROLE_NAME}
deleted
Role Privilege Creation
ADD_PRIVILEGE
PRIVILEGE_
string
The new privilege name which has been added to the ROLE_NAME
. Granted to a delegated administrator by a super administrator. For more information about delegated administrator privileges, see the administration help center
.
ROLE_
string
Unique identifier for this privilege. A delegated administrator's role is granted by the super administrator. See note for restrictions.
ROLE_
string
The new PRIVILEGE_NAME
added to this ROLE_NAME
. See note
for restrictions.
Possible values:
-
_AFFILIATE_ADMIN_ROLE
Affiliate admin role value. -
_DAR_NETWORK_MANAGEMENT_ROLE
Indirect Reseller Network Admin role value. -
_DAR_RESOLD_CUSTOMER_MANAGEMENT_ROLE
Indirect Reseller Resold Customer Admin role value. -
_DEGRADED_AFFILIATE_ADMIN_ROLE
Degraded Affiliate admin role value. -
_DIRECTORY_SYNC_ADMIN_ROLE -
_DOMAINLESS_SUPER_ADMIN_ROLE -
_DRIVE_TEAM_ADMIN_ROLE -
_GOOGLE_VOICE_ADMIN_ROLE -
_GROUPS_ADMIN_ROLE -
_GROUPS_EDITOR_ROLE
Display Name for Groups Editor Role in Admin Console. -
_GROUPS_READER_ROLE
Display Name for Groups Reader Role in Admin Console. -
_HELP_DESK_ADMIN_ROLE -
_INVENTORY_REPORTING_ADMIN_ROLE -
_LDAP_GROUP_MANAGEMENT_READONLY_ROLE -
_LDAP_PASSWORD_REBIND_ROLE -
_LDAP_USER_MANAGEMENT_READONLY_ROLE -
_LEGACY_ENTERPRISE_SUPPORT_ROLE
Legacy Enterprise Support Role value. -
_LEGACY_RESOLD_ENTERPRISE_SUPPORT_ROLE
Legacy Resold Enterprise Support Role value. -
_MOBILE_ADMIN_ROLE -
_PLAY_FOR_WORK_ADMIN_ROLE -
_RESELLER_ADMIN_ROLE -
_SEED_ADMIN_ROLE -
_SERVICE_ADMIN_ROLE -
_STORAGE_ADMIN_ROLE -
_TEAM_ADMIN_ROLE -
_USER_MANAGEMENT_ADMIN_ROLE
GET https://admin.googleapis.com
New privilege {PRIVILEGE_NAME}
created under role {ROLE_NAME}
Role Privilege Deletion
REMOVE_PRIVILEGE
PRIVILEGE_
string
Removed this privilege name from ROLE_NAME
. Granted to a delegated administrator by a super administrator. For more information about delegated administrator privileges, see the administration help center
.
ROLE_
string
Unique identifier for this privilege. A delegated administrator's role is granted by the super administrator. See note for restrictions.
ROLE_
string
The role from which the privilege was removed. See note for restrictions. Possible values:
-
_AFFILIATE_ADMIN_ROLE
Affiliate admin role value. -
_DAR_NETWORK_MANAGEMENT_ROLE
Indirect Reseller Network Admin role value. -
_DAR_RESOLD_CUSTOMER_MANAGEMENT_ROLE
Indirect Reseller Resold Customer Admin role value. -
_DEGRADED_AFFILIATE_ADMIN_ROLE
Degraded Affiliate admin role value. -
_DIRECTORY_SYNC_ADMIN_ROLE -
_DOMAINLESS_SUPER_ADMIN_ROLE -
_DRIVE_TEAM_ADMIN_ROLE -
_GOOGLE_VOICE_ADMIN_ROLE -
_GROUPS_ADMIN_ROLE -
_GROUPS_EDITOR_ROLE
Display Name for Groups Editor Role in Admin Console. -
_GROUPS_READER_ROLE
Display Name for Groups Reader Role in Admin Console. -
_HELP_DESK_ADMIN_ROLE -
_INVENTORY_REPORTING_ADMIN_ROLE -
_LDAP_GROUP_MANAGEMENT_READONLY_ROLE -
_LDAP_PASSWORD_REBIND_ROLE -
_LDAP_USER_MANAGEMENT_READONLY_ROLE -
_LEGACY_ENTERPRISE_SUPPORT_ROLE
Legacy Enterprise Support Role value. -
_LEGACY_RESOLD_ENTERPRISE_SUPPORT_ROLE
Legacy Resold Enterprise Support Role value. -
_MOBILE_ADMIN_ROLE -
_PLAY_FOR_WORK_ADMIN_ROLE -
_RESELLER_ADMIN_ROLE -
_SEED_ADMIN_ROLE -
_SERVICE_ADMIN_ROLE -
_STORAGE_ADMIN_ROLE -
_TEAM_ADMIN_ROLE -
_USER_MANAGEMENT_ADMIN_ROLE
GET https://admin.googleapis.com
Privilege {PRIVILEGE_NAME}
removed from role {ROLE_NAME}
Role Rename
RENAME_ROLE
NEW_
string
The new role name.
ROLE_
string
The old role name that is being renamed. For more information about delegated administrator privileges, see the administration help center . Possible values:
-
_AFFILIATE_ADMIN_ROLE
Affiliate admin role value. -
_DAR_NETWORK_MANAGEMENT_ROLE
Indirect Reseller Network Admin role value. -
_DAR_RESOLD_CUSTOMER_MANAGEMENT_ROLE
Indirect Reseller Resold Customer Admin role value. -
_DEGRADED_AFFILIATE_ADMIN_ROLE
Degraded Affiliate admin role value. -
_DIRECTORY_SYNC_ADMIN_ROLE -
_DOMAINLESS_SUPER_ADMIN_ROLE -
_DRIVE_TEAM_ADMIN_ROLE -
_GOOGLE_VOICE_ADMIN_ROLE -
_GROUPS_ADMIN_ROLE -
_GROUPS_EDITOR_ROLE
Display Name for Groups Editor Role in Admin Console. -
_GROUPS_READER_ROLE
Display Name for Groups Reader Role in Admin Console. -
_HELP_DESK_ADMIN_ROLE -
_INVENTORY_REPORTING_ADMIN_ROLE -
_LDAP_GROUP_MANAGEMENT_READONLY_ROLE -
_LDAP_PASSWORD_REBIND_ROLE -
_LDAP_USER_MANAGEMENT_READONLY_ROLE -
_LEGACY_ENTERPRISE_SUPPORT_ROLE
Legacy Enterprise Support Role value. -
_LEGACY_RESOLD_ENTERPRISE_SUPPORT_ROLE
Legacy Resold Enterprise Support Role value. -
_MOBILE_ADMIN_ROLE -
_PLAY_FOR_WORK_ADMIN_ROLE -
_RESELLER_ADMIN_ROLE -
_SEED_ADMIN_ROLE -
_SERVICE_ADMIN_ROLE -
_STORAGE_ADMIN_ROLE -
_TEAM_ADMIN_ROLE -
_USER_MANAGEMENT_ADMIN_ROLE
GET https://admin.googleapis.com
Role renamed from {ROLE_NAME}
to {NEW_VALUE}
Role Updated
UPDATE_ROLE
ROLE_
string
Unique identifier for this privilege. A delegated administrator's role is granted by the super administrator. See note for restrictions.
ROLE_
string
The name of the new role to apply. For more information about delegated administrator roles, see the administration help center . Possible values:
-
_AFFILIATE_ADMIN_ROLE
Affiliate admin role value. -
_DAR_NETWORK_MANAGEMENT_ROLE
Indirect Reseller Network Admin role value. -
_DAR_RESOLD_CUSTOMER_MANAGEMENT_ROLE
Indirect Reseller Resold Customer Admin role value. -
_DEGRADED_AFFILIATE_ADMIN_ROLE
Degraded Affiliate admin role value. -
_DIRECTORY_SYNC_ADMIN_ROLE -
_DOMAINLESS_SUPER_ADMIN_ROLE -
_DRIVE_TEAM_ADMIN_ROLE -
_GOOGLE_VOICE_ADMIN_ROLE -
_GROUPS_ADMIN_ROLE -
_GROUPS_EDITOR_ROLE
Display Name for Groups Editor Role in Admin Console. -
_GROUPS_READER_ROLE
Display Name for Groups Reader Role in Admin Console. -
_HELP_DESK_ADMIN_ROLE -
_INVENTORY_REPORTING_ADMIN_ROLE -
_LDAP_GROUP_MANAGEMENT_READONLY_ROLE -
_LDAP_PASSWORD_REBIND_ROLE -
_LDAP_USER_MANAGEMENT_READONLY_ROLE -
_LEGACY_ENTERPRISE_SUPPORT_ROLE
Legacy Enterprise Support Role value. -
_LEGACY_RESOLD_ENTERPRISE_SUPPORT_ROLE
Legacy Resold Enterprise Support Role value. -
_MOBILE_ADMIN_ROLE -
_PLAY_FOR_WORK_ADMIN_ROLE -
_RESELLER_ADMIN_ROLE -
_SEED_ADMIN_ROLE -
_SERVICE_ADMIN_ROLE -
_STORAGE_ADMIN_ROLE -
_TEAM_ADMIN_ROLE -
_USER_MANAGEMENT_ADMIN_ROLE
GET https://admin.googleapis.com
Role {ROLE_NAME}
updated
Unassign Role
UNASSIGN_ROLE
ORG_
string
The organizational unit (OU) name (path).
ROLE_
string
Role name that is being unassigned from USER_EMAIL
. A delegated administrator's role is granted by the super administrator. See note
for restrictions.
Possible values:
-
_AFFILIATE_ADMIN_ROLE
Affiliate admin role value. -
_DAR_NETWORK_MANAGEMENT_ROLE
Indirect Reseller Network Admin role value. -
_DAR_RESOLD_CUSTOMER_MANAGEMENT_ROLE
Indirect Reseller Resold Customer Admin role value. -
_DEGRADED_AFFILIATE_ADMIN_ROLE
Degraded Affiliate admin role value. -
_DIRECTORY_SYNC_ADMIN_ROLE -
_DOMAINLESS_SUPER_ADMIN_ROLE -
_DRIVE_TEAM_ADMIN_ROLE -
_GOOGLE_VOICE_ADMIN_ROLE -
_GROUPS_ADMIN_ROLE -
_GROUPS_EDITOR_ROLE
Display Name for Groups Editor Role in Admin Console. -
_GROUPS_READER_ROLE
Display Name for Groups Reader Role in Admin Console. -
_HELP_DESK_ADMIN_ROLE -
_INVENTORY_REPORTING_ADMIN_ROLE -
_LDAP_GROUP_MANAGEMENT_READONLY_ROLE -
_LDAP_PASSWORD_REBIND_ROLE -
_LDAP_USER_MANAGEMENT_READONLY_ROLE -
_LEGACY_ENTERPRISE_SUPPORT_ROLE
Legacy Enterprise Support Role value. -
_LEGACY_RESOLD_ENTERPRISE_SUPPORT_ROLE
Legacy Resold Enterprise Support Role value. -
_MOBILE_ADMIN_ROLE -
_PLAY_FOR_WORK_ADMIN_ROLE -
_RESELLER_ADMIN_ROLE -
_SEED_ADMIN_ROLE -
_SERVICE_ADMIN_ROLE -
_STORAGE_ADMIN_ROLE -
_TEAM_ADMIN_ROLE -
_USER_MANAGEMENT_ADMIN_ROLE
USER_
string
The delegated administrator's primary email address. The role is being unassigned from this user. For more information about delegated administrator roles, see the administration help center .
GET https://admin.googleapis.com
Unassigned role {ROLE_NAME}
from user {USER_EMAIL}
