Delegation
This is probably the main reason I want to use GAM due to frequent access to user mailbox who left the company.
Delegates
A delegate is someone who has been given access to someone else’s email and contacts. The delegator is the one whose email and contacts are accessible by the delegate. Delegate and the delegators must be in the same domain, granting delegate access across multiple domains is currently not possible.
Creating a delegate
Syntax
gam user <username>|group <groupname>|ou <ouname>|all users delegate to <delegate email>
gam user <username>|group <groupname>|ou <ouname>|all users add delegate <delegate email>
Gives email and contact access for the given users (the delegators) to the specified delegate account. Unlike when users request delegate access via Gmail settings, no email will be sent to the delegators for approval, the approval occurs immediately. The delegate and the delegator must be in the same domain, granting delegate access across multiple domains is currently not possible.
Both the Gmail delegator and the delegate:
- Must be active. A 500 error is returned if either user is suspended and disabled.
- Must not require a change of password on the next sign in. A 500 error is returned if either user has this flag enabled in the control panel, or, using the Provisioning API, the changePasswordAtNextLogin attribute is true.
You can confirm these settings using the gam info user command. Both “Account suspended” and “Must change password” should show false for both the delegate and the delegator.
Example
This example gives jbezos access to the contacts and email of the sales account.
gam user sales delegate to [email protected]
Deleting a delegate
Syntax
gam user <username>|group <groupname>|ou <ouname>|all users delete delegate <delegate email>
Deletes the delegate for the given users.
Example
This example takes away deSecretary’s access to deBoss’s email and contacts.
gam user deBoss delete delegate deSecretary
Print delegates
Syntax
gam user <username>|group <groupname>|ou <ouname>|all users print delegates [todrive]
Display or upload to Google Drive a CSV report of users’ delegates. The optional todriveparameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file.
Prints the delegates that have access to the given user accounts.
Example
This example prints delegates across the entire domain.
gam all users print delegates
Show delegates
Syntax
gam user <username>|group <groupname>|ou <ouname>|all users show delegates [csv]
Shows the delegates that have access to the given user accounts. Optional argument csv prints out CSV style output instead of human readable.
Example
This example shows delegates for users in the technology group.
gam group technology show delegates