User Roles and Privileges within Google Workspace Admin Console

User roles and privileges #

Within the Admin Console ( there are many roles preconfigured. Some of the most common ones are

  • Super Admins
  • Groups Admin
  • User Management

You can assign any user to have one of these roles which would give them a higher level of responsibility.

Admin console – Admin roles #

You may also create a custom role, picking and choosing which privileges the role should have. Sometimes when you have many roles, it’s hard to see these privileges in an understandable way.

The Admin can create Admin roles in the Admin console (login as Super Admin required)

Roles and Privileges in GAT+ #

That is why we have introduced a new auditing menu in GAT+ called Roles and Privileges.

Roles #

In this area, the Admin can view all the Roles created in the Domain.

View the metadata for each of the roles created.

  • Export the data into spreadsheets
  • Actions – on the right side under Actions
    • Show users – click to view the users with the selected Role
    • Details – view additional details for the Role
    • Show privileges – will show all the privileges associated with the Role

Privileges #

In this area, the Admin can view all the Privileges used by the Roles created

View the metadata for each of the privileges

These privileges will have the following details within the Spreadsheets:

  • Privilege ID – A Unique Identifier GAT+ assigns as part of its metadata processing.
  • Service ID – is the id of the service for which this particular permission was created
  • Service Name – Service name which uses this privilege
  • Privilege Name – Name of a particular privilege
  • Parent Privilege Name – if a privilege is a descendant of any other privilege
  • isOuScopable – The privilege can be restricted to an organization unit
  • Actions – on the right side under Actions
    • Show users with this role  – will lead to Users > Security where you can see users with this “privilege”
    • Show roles – view all the Roles that have the “privileges” selected 

Roles view for each user #

In the Users tab, the Admin can view each User of the domain and the User role assigned to them.

Navigate to GAT+ > Users > Security > User roles 

In summary #

Privileges are lists of permissions and each Role can be assigned different privileges.