Below is a comprehensive list of the permissions which may be assigned in CloudM Settings > Roles, along with detailed descriptions of the access or actions each permission allows a user to perform.
Permissions reference
| Permission | Description |
|---|---|
| 2-Step Verification | Allows users to configure 2-Step Verification on profiles. Edit Profiles permission must also be assigned. |
| Assign Licenses | Allows users to assign licenses. |
| Backup Shared Drive Restoration & View Status | Allows users to trigger Shared Drive restorations. Shared Drive backup and restoration status can also be viewed. |
| Backup Users Restoration & View Status | Allows users to trigger user restorations to the original source user only. User backup and restoration status can also be viewed. |
| Backup Users Restoration & View Status for OU | Limits visibility to backup data from users in the Organisational Units the user has access to. Allows triggering of restorations to the original source user and viewing of backup and restoration status for permitted users. |
| Delete Users | Allows users to delete users. This implies the Offboard Users permission. |
| Edit Addresses | Allows users to edit addresses within items. Edit permission on the item must also be assigned. |
| Edit Aliases | Allows users to edit aliases within profiles. Edit Profiles permission must also be assigned. |
| Edit Archive Config | Allows users to edit the configuration of the Archive module. |
| Edit Archive Retention | Allows users to configure Archive retention policies. |
| Edit Assistant | Allows users to edit assistants within profiles and contacts. |
| Edit Backup Config & Policies | Allows users to edit the configuration of the Backup module and its policies. |
| Edit Birthdays | Allows users to edit birthday details within profiles and contacts. Edit permission on profiles or contacts must also be assigned. |
| Edit Company | Allows users to edit company within profiles and contacts. |
| Edit Cost Center | Allows users to edit cost centre within profiles and contacts. |
| Edit Department | Allows users to edit department within profiles and contacts. |
| Edit Emails | Allows users to edit email addresses within profiles and contacts. Edit permission on the item must also be assigned. |
| Edit Employee ID | Allows users to edit employee ID. |
| Edit Employment | Allows users to edit employment details within profiles and contacts. |
| Edit Extra Information | Allows users to edit custom fields within items. Edit permission on the item must also be assigned. |
| Edit Global Settings | Allows users to edit the global configuration, including roles and permissions. This is typically an administrative permission. |
| Edit IM Addresses | Allows users to edit IM addresses within profiles and contacts. Edit permission on profiles or contacts must also be assigned. |
| Edit Job Title | Allows users to edit job title within profiles and contacts. |
| Edit Locations | Allows users to edit locations within profiles. Edit Profiles permission must also be assigned. |
| Edit Manager | Allows users to edit managers within profiles and contacts. |
| Edit Max Dynamic Group Count | Allows users to set the maximum group count for Google Dynamic Groups. |
| Edit Names | Allows users to edit name details on profiles and the display name of OUs. Edit permission on the item must also be assigned. |
| Edit Notes | Allows users to edit notes within profiles and contacts. Edit permission on profiles or contacts must also be assigned. |
| Edit Organisation Description | Allows users to edit organisation description within profiles and contacts. |
| Edit OU Config | Allows users to edit organisational configuration such as property visibility, property inheritance, and password settings. |
| Edit OU Information | Allows users to edit OU information. Further permissions control which parts of OUs can be edited. |
| Edit Passwords | Allows users to set passwords on profiles. Edit permission on profiles or contacts must also be assigned. |
| Edit Photo | Allows users to edit photos within profiles and contacts. Edit permission on profiles or contacts must also be assigned. |
| Edit Predefined Extra Information | Allows users to edit predefined extra information within items. Edit permission on the item must also be assigned. |
| Edit Predefined Hidden Extra Information | Allows users to edit predefined hidden extra information within items. Edit permission on the item must also be assigned. |
| Edit Predefined Tags | Allows users to edit predefined tags within profiles and contacts. Edit permission on profiles or contacts must also be assigned. |
| Edit Profiles | Allows users to edit profiles. Further permissions control which parts of profiles can be edited. |
| Edit Tags | Allows users to edit custom tags within profiles and contacts. Edit permission on profiles or contacts must also be assigned. |
| Edit Telephone Numbers | Allows users to edit telephone numbers within items. Edit permission on the item must also be assigned. |
| Edit Websites | Allows users to edit websites within items. Edit permission on the item must also be assigned. |
| Export Groups | Allows users to export groups and Smart Teams to CSV files or Google Drive. |
| Force Password Change | Allows users to specify that a user must change their password on next login. |
| Inspect OU and Smart Teams Config | Allows users to inspect OU and Smart Teams configuration. View OU Hierarchy (Global) permission must also be assigned. |
| Manage Archive Restoration | Allows users to run and observe Archive restorations. |
| Manage Archive Restoration for OU | Allows users to run and observe Archive restorations within a given OU. |
| Manage Email Signatures | Allows users to manage email signatures. |
| Manage Groups | Allows users to create groups. This is typically an administrative permission. |
| Manage Log Notification Configurations | Allows users to create, remove, and view log-related notification configurations. |
| Manage OUs | Allows users to create, rename, and delete OUs. This is typically an administrative permission. |
| Manage Shared Drives | Allows users to manage Shared Drives. This is typically an administrative permission. |
| Manage Smart Teams | Allows users to create Smart Teams. This is typically an administrative permission. |
| Manage Smart Teams Priority | Allows users to manage the priority order of Smart Teams. This is typically an administrative permission. |
| Manage Users | Allows users to create, rename, and move users. Changes are reflected in your Google Workspace directory. This is typically an administrative permission. |
| Offboard Users | Allows users to offboard users according to the OU policy. Note: this can result in deleting users — consider enabling the Request Approval step in all OU offboarding policies to add an extra layer of authorisation. |
| Purge Archive Data | Allows manual purging of user archive data. This is typically an administrative permission. |
| Purge Backups | Allows manual purging of user and Shared Drive backups. This is typically an administrative permission. |
| Synchronise Domain | Allows users to perform domain synchronisation. Edit Global Settings permission must also be assigned. |
| View Aliases | Allows users to view aliases within profiles. |
| View and Edit Email Signatures Library | Allows users to view and edit the email signatures library. |
| View and Edit Workflow Email Templates | Allows users to view and edit the workflow email templates library. |
| View Backup Status of User | Allows users to see on a user's profile whether they are backed up and which Backup policy they are part of. |
| View Hidden | Allows users to view hidden profiles and OUs. |
| View Last Login | Allows users to view a user's last login time. |
| View Logs | Allows users to view application logs. This is typically an administrative permission. |
| View Managed Domains | Allows users to view all users and groups invited to manage external domains. |
| View Offboarding Statistics | Allows users to view the offboarding dashboard and export records. |
| View OU Hierarchy | Allows users to view the OU hierarchy. |
| View Own Logs | Allows users to view their own application logs. |
| View Suspended Profiles | Allows users to view suspended profiles. |
Need help? Contact CloudM Support