Clever Geek Handbook

Google Admin API: adding a group as a member with role "OWNER" gets an error

Trying to use the new Google Admin SDK to create a group and add / remove members of those groups. This is actually just an update to the code I had that was previously used by the old API.

I am trying to add a group as a member of a group with the OWNER role. I am getting a message from Google. If I try to add the group as a member with the role as MEMBER only, that's ok. Only with the OWNER role does it return an error. Here's an example:

POST https://www.googleapis.com/admin/directory/v1/groups/mygroup/members

{
 "email": "myGroupToAddAsMember@mydomain.com",
 "role": "OWNER"
}

I get the following response from Google:

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "invalid",
    "message": "Invalid Input: memberKey"
   }
  ],
  "code": 400,
  "message": "Invalid Input: memberKey"
 }
}

I also tried to add the group as a MEMBER and then updated the membership and changed the role in OWNER. This results in the same error.

I can log into the admin web interface and change the membership for the owner, so the system seems to be fine with it. What am I doing wrong? Thanks for your help.

EDIT: This seems to be a known issue ( Issue 3791: Unable to insert group owner using directory API if owner is group ) in Google bug tracking, although there is no permission yet. I have not been able to identify any programmable workarounds. Anyone?

+3


source to share


2 answers


I filed a case with google support a while ago regarding this. This behavior has indeed become a problem that we noticed with the latest version of GADS - as it now uses the Directory API.

This is essentially expected behavior. Google doesn't want to group groups. The Provisioning API used to override this and there was another bug that also allowed you to manually add a group as a group owner via the UI (not sure if this has been fixed yet).



tl; dr This is expected behavior and Google has no plans to change it the last time I heard.

0


source


I also registered a ticket with support. This is a major issue for us as we use Groups as owners to provide dynamic security for groups (block members from posting, but allowing all employees to post to the group, for example).

However, I suspect this is the case where the Google product groups are not talking to each other. The admin console still supports it, for example, and there is an example of this event response in the API documentation: https://developers.google.com/admin-sdk/directory/v1/guides/manage-group-members#json-response_2

At the moment, our work is as follows:



  • Add a member to each group with your desired group as the owner name (e.g. all_staff_temp)
  • Set member as group owner
  • Create a group with the same name in the console. The group is now the owner of the group.

We do this in a party every night by first deleting our temporary group, which removes all of its memberships, then adds it back, and then creates the group again. It's really hacked, but it works - and it suggests that the back really supports the groups as owners.

0


source






More articles:


All Articles