My initial version uses the built-in GAE Users Service for application login/registration.
However, I was not able to revoke the app's permissions from my Google account settings.
https://security.google.com/settings/security/permissions
Google has updated the dashboard.
I think they missed a feature to allow users to revoke GAE apps permissions.
Can someone help me verify this?
If you are talking about this [1] built-in service, your app have access to the user's email address as well as a unique user ID only while the user is signed into your app. So there is no permanent permissions to be revoked.
[1] https://cloud.google.com/appengine/docs/python/users/
Related
I'm trying to manage multiple outlook calendars using a single account as a proxy, so all other accounts share their personal calendar with this "master" account and within this one i can add, edit or delete events "for everyone".
The problem is that i can't get the account grant the Calendar.ReadWrite.Shared to the app, even though that in my app this permissions are configured as recommended.
Azure portal - app permissions:
permissions of the app in azure portal
msalconfig:
msal configuration used
The "funny" thing is, with the account used to create the app in the first place everything works, but with any other account not.
I even created another app with the intended final account and nothing. This is the, incompplete permissions, resul:
actual result
This is the desired result:
desired result
If you just want to make a proxy to modify calendars for all users, have you tried application-only Auth and grant Calendars.ReadWrite permission with application type to it? Based on this permission official comment: Read and write calendars in all mailboxes which seems to meet your requirement.
I've got a Google App Engine project account and want to give access to a new developer who's going to help out, but I don't want him to have the account access details. How do I add him as a user so he can deploy and test code on my account (locally on his machine using the SDK and live), but not do anything I don't want him to do with the account?
I know I need to use IAM roles somehow, but does the developer already need a Google account (don't think he has one) or can I just send an invite to his existing email etc?
Many thanks,
Alex
Your developer will require a Google account, which can be a gmail account or a Google Apps account.
Check out the description of the App Engine IAM roles and then grant the appropriate access to your developer's Google account.
In your case that might be either "Editor" or "App Engine Service Admin".
We are using Google AppEngine for my site. Unfortunately I can't seem to get full owner admin access even though I am supposed to be a Super Admin according to my Google account.
When I go to Google Appengine (https://appengine.google.com/permissions....) using my Google account, it indicates I am a "developer". I believe I need full owner access in order to upload ssl certificate for the domain plus add or edit the permission. I've called Google support and they wash their hands saying the above is outside their core knowledge. Any suggestions would be most welcome.
Google Apps admin status does not give you "owner" status on AppEngine. Owner of the AppEngine app has to go to the "Permissions" tab in GAE console and grant you this status.
i am developing an app.i am using google provisioning api in this app.in documentation it is mentioned that admin account can acces provisioning app.there are various types of admin accounts in google apps for example
1.Super Admin
2.Groups Admin
3.User Management admin
4.Help Desk Admin
5.Services Admin
in these all profiles in which accounts we can enable provisioning api .please reply
You need to create a custom role and assign it permissions from the Provisioning API section (at the very bottom of the list of possible permissions. Delegated users who are granted rights to perform actions in the Control Panel will not be able to perform the same actions via the API unless explicitly assign Provisioning API permissions for their role.
See this help article for more details.
Jay
I have an appengine application that allows users to register themselves. These users must be able to send e-mail from a google apps domain. To do this, I want the appengine application to use the provisioning API to create new users in the apps domain.
I could of course create a custom administrative account for the apps domain. Then I could use a normal gdata.apps.client.ClientLogin. However, that would also mean that the userid and password are stored in source code or in the application.
Is it possible to tell the apps domain that the appengine's service account (its app_identity account) is an administrator for the apps domain?
If that's not possible, any tips on how I can secure the userid and password in the appengine application?
Hans Then
As far as I can tell what I want is not possible. I'll have to setup a userid and password in my apps account and login using that.
You'll need to use 3 legged oauth for authentication with provisioning api. Here's some docs https://developers.google.com/gdata/docs/auth/oauth#Examples