Below is a comprehensive list of assignable permissions in CloudM Automate, along with detailed descriptions of the access or actions each permission allows a user to perform.
Permission | Definition |
2-Step Verification | Allows users to configure 2-Step Verification on profiles. Edit permission on profiles must also have been given |
Apps Integration | Allows users to copy profiles and external contacts to their personal address book, create appointments in their calendar and send emails from links within action menus |
Assign Licenses | Allows users to assign licenses |
Backup Shared Drive Restoration & View Status | Allows users to trigger Shared Drive restorations. Shared Drive backup and restoration status can also be viewed. |
Backup Users Restoration & View Status | Allows users to trigger users restorations but only to the original source user. Users backup and restoration status can also be viewed. |
Backup Users Restoration & View Status for OU | Users can only view backup data from users in the Organization Units they have access to. This allows the triggering of restorations to the original source user and the viewing of allowed users Backup and Restoration status. |
Delete Users | Allows users to delete users. This implies the offboarding users permission. |
Edit Addresses | Allows users to edit addresses within items. Edit permission on the item must also have been given |
Edit Aliases | Allows users to edit aliases within profiles. Edit permission on profiles must also have been given |
Edit Archive Config | Edit configuration of Archive module |
Edit Archive Retention | Configure Archive retention policies |
Edit Assistant | Allows users to edit assistants within profiles and contacts. |
Edit Backup Config & Policies | Edit configuration of Backup module and policies. |
Edit Birthdays | Allows users to edit birthday details within profiles and contacts. Edit permission on profiles or contacts must also have been given |
Edit Company | Allows users to edit company within profiles and contacts. |
Edit Cost Center | Allows users to edit cost center within profiles and contacts. |
Edit Department | Allows users to edit department within profiles and contacts. |
Edit Emails | Allows users to edit items within profiles and contacts. Edit permission on items must also have been given |
Edit Employee ID | Allows users to edit employee ID |
Edit Employment | Allows users to edit employment within profiles and contacts. |
Edit External Contacts | Allows users to edit external contacts. Further permissions control which parts of contacts can be edited |
Edit Extra Information | Allows users to edit custom fields within items. Edit permission on items must also have been given |
Edit Global Settings | Allows users to edit the global configuration, including roles and permissions. This is typically an administrative permission |
Edit IM Addresses | Allows users to edit IM addresses within profiles and contacts. Edit permission on profiles or contacts must also have been given |
Edit Job Title | Allows users to edit job title within profiles and contacts. |
Edit Locations | Allows users to edit locations within profiles. Edit permission on profiles must also have been given |
Edit Manager | Allows users to edit managers within profiles and contacts. |
Edit Max Dynamic Group Count | Allows users to set the max group count of the google dynamic groups. |
Edit Names | Allows users to edit some name details of profiles and the display name of OUs. Edit permission on the item must also have been given |
Edit Notes | Allows users to edit notes within profiles and contacts. Edit permission on profiles or contacts must also have been given |
Edit Organisation Description | Allows users to edit organisation description within profiles and contacts. |
Edit OU Config | Allows users to edit organisation configuration information such as property visibility, property inheritance and password settings |
Edit OU Information | Allows users to edit OU information. Further permissions control which parts of OUs can be edited |
Edit Passwords | Allows users to set passwords on profiles. Edit permission on profiles or contacts must also have been given |
Edit Photo | Allows users to edit photos within profiles and contacts. Edit permission on profiles or contacts must also have been given |
Edit Predefined Extra Information | Allows users to edit predefined extra information within items. Edit permission on items must also have been given |
Edit Predefined Hidden Extra Information | Allows users to edit predefined hidden extra information within items. Edit permission on items must also have been given |
Edit Predefined Tags | Allows users to edit predefined tags within profiles and contacts. Edit permission on profiles or contacts must also have been given |
Edit Profiles | Allows users to edit profiles. Further permissions control which parts of profiles can be edited |
Edit Tags | Allows users to edit custom tags within profiles and contacts. Edit permission on profiles or contacts must also have been given |
Edit Telephone Numbers | Allows users to edit telephone numbers within items. Edit permission on items must also have been given |
Edit Websites | Allows users to edit websites within items. Edit permission on items must also have been given |
Export Contacts | Allows users to export profile and contact details to CSV files or Google Drive, or to view and download VCARD information |
Export Groups | Allows users to export groups and smart groups to CSV files or Google Drive |
Force Password Change | Allows users to specify that a user must change their password on next login |
Force Share Contacts | Allows users to share and synchronise contact groups with others immediately without sending a share offer to gain their consent |
Inspect OU and Smart Teams Config | Allows users to inspect OU and SmartTeams config. View OU Hierarchy global permission must also have been given |
Manage Archive Restoration | Run and observe restorations |
Manage Archive Restoration for OU | Run and observe restorations in given OU |
Manage Connected Apps | Allows users to list and revoke application specific passwords and tokens |
Manage Contacts | Allows users to create and delete external contacts. External contacts are contacts that are not part of your own organisation |
Manage Email Signatures | Allow users to manage email signatures |
Manage Groups | Allows users to create groups. This is typically an administrative permission |
Manage Log Notification configurations | Allows users to create, remove and view log-related notification configurations. |
Manage OUs | Allows users to create, rename and delete OUs. This is typically an administrative permission |
Manage Shared Drives | Allows users to manage Shared Drives. This is typically an administrative permission |
Manage Smart Contacts | Allows users to create smart contacts groups. This is typically an administrative permission |
Manage Smart Teams | Allows users to create Smart Teams. This is typically an administrative permission |
Manage Smart Teams Priority | Allows users to manage the priority of Smart Team. This is typically an administrative permission |
Manage Users | Allows users to create, rename and move users. The changes are reflected in your Google Workspace directory. This is typically an administrative permission. |
Offboard Users | Allows users to offboard users according to the OU policy. Note that this can result in deleting users so you may wish to enable the request approval step in all OU offboarding policies to add an extra layer of authorisation. |
Purge Archive Data | Allows manual purging of user archive data. This is typically an administrative permission. |
Purge Backups | Allows manual purging of user and Shared Drives backups. This is typically an administrative permission. |
Synchronise Domain | Allows users to perform domain synchronisation. The permission to edit global settings is also required to perform domain synchronisation |
View Aliases | Allows users to view aliases within profiles |
View and Edit Email Signatures Library | Allow users to view and edit email signatures library |
View and Edit Workflow Email Templates | Allow users to view and edit email templates library |
View Backup Status of User | Allows users to see on a user's profile if they are Backed Up and what Backup policy they are part of |
View Collaboration Statistics | Allows users to view collaboration statistics from GAT |
View Hidden | Allows users to view hidden profiles and OUs |
View Last Login | Allows users to view users last login time. |
View Logs | Allows users to view application logs. This is typically an administrative permission |
View Managed Domains | View all users and groups invited to manage external domains |
View Migration Statistics | View statistics for migrations in your domain |
View Offboarding Statistics | Allows users to view offboarding dashboard and to export records |
View OU Hierarchy | Allows users to view the OU hierarchy |
View Own Logs | Allows users to view their own application logs. |
View Suspended Profiles | Allows users to view suspended profiles |