Complete list of permissions and their function in CloudM Automate

Below is a comprehensive list of assignable permissions in CloudM Automate, along with detailed descriptions of the access or actions each permission allows a user to perform.

 

Permission Definition
2-Step Verification Allows users to configure 2-Step Verification on profiles. Edit permission on profiles must also have been given
Apps Integration Allows users to copy profiles and external contacts to their personal address book, create appointments in their calendar and send emails from links within action menus
Assign Licenses Allows users to assign licenses
Backup Shared Drive Restoration & View Status Allows users to trigger Shared Drive restorations. Shared Drive backup and restoration status can also be viewed.
Backup Users Restoration & View Status Allows users to trigger users restorations but only to the original source user. Users backup and restoration status can also be viewed.
Backup Users Restoration & View Status for OU Users can only view backup data from users in the Organization Units they have access to. This allows the triggering of restorations to the original source user and the viewing of allowed users Backup and Restoration status.
Delete Users Allows users to delete users. This implies the offboarding users permission.
Edit Addresses Allows users to edit addresses within items. Edit permission on the item must also have been given
Edit Aliases Allows users to edit aliases within profiles. Edit permission on profiles must also have been given
Edit Archive Config Edit configuration of Archive module
Edit Archive Retention Configure Archive retention policies
Edit Assistant Allows users to edit assistants within profiles and contacts.
Edit Backup Config & Policies Edit configuration of Backup module and policies.
Edit Birthdays Allows users to edit birthday details within profiles and contacts. Edit permission on profiles or contacts must also have been given
Edit Company Allows users to edit company within profiles and contacts.
Edit Cost Center Allows users to edit cost center within profiles and contacts.
Edit Department Allows users to edit department within profiles and contacts.
Edit Emails Allows users to edit items within profiles and contacts. Edit permission on items must also have been given
Edit Employee ID Allows users to edit employee ID
Edit Employment Allows users to edit employment within profiles and contacts.
Edit External Contacts Allows users to edit external contacts. Further permissions control which parts of contacts can be edited
Edit Extra Information Allows users to edit custom fields within items. Edit permission on items must also have been given
Edit Global Settings Allows users to edit the global configuration, including roles and permissions. This is typically an administrative permission
Edit IM Addresses Allows users to edit IM addresses within profiles and contacts. Edit permission on profiles or contacts must also have been given
Edit Job Title Allows users to edit job title within profiles and contacts.
Edit Locations Allows users to edit locations within profiles. Edit permission on profiles must also have been given
Edit Manager Allows users to edit managers within profiles and contacts.
Edit Max Dynamic Group Count Allows users to set the max group count of the google dynamic groups.
Edit Names Allows users to edit some name details of profiles and the display name of OUs. Edit permission on the item must also have been given
Edit Notes Allows users to edit notes within profiles and contacts. Edit permission on profiles or contacts must also have been given
Edit Organisation Description Allows users to edit organisation description within profiles and contacts.
Edit OU Config Allows users to edit organisation configuration information such as property visibility, property inheritance and password settings
Edit OU Information Allows users to edit OU information. Further permissions control which parts of OUs can be edited
Edit Passwords Allows users to set passwords on profiles. Edit permission on profiles or contacts must also have been given
Edit Photo Allows users to edit photos within profiles and contacts. Edit permission on profiles or contacts must also have been given
Edit Predefined Extra Information Allows users to edit predefined extra information within items. Edit permission on items must also have been given
Edit Predefined Hidden Extra Information Allows users to edit predefined hidden extra information within items. Edit permission on items must also have been given
Edit Predefined Tags Allows users to edit predefined tags within profiles and contacts. Edit permission on profiles or contacts must also have been given
Edit Profiles Allows users to edit profiles. Further permissions control which parts of profiles can be edited
Edit Tags Allows users to edit custom tags within profiles and contacts. Edit permission on profiles or contacts must also have been given
Edit Telephone Numbers Allows users to edit telephone numbers within items. Edit permission on items must also have been given
Edit Websites Allows users to edit websites within items. Edit permission on items must also have been given
Export Contacts Allows users to export profile and contact details to CSV files or Google Drive, or to view and download VCARD information
Export Groups Allows users to export groups and smart groups to CSV files or Google Drive
Force Password Change Allows users to specify that a user must change their password on next login
Force Share Contacts Allows users to share and synchronise contact groups with others immediately without sending a share offer to gain their consent
Inspect OU and Smart Teams Config Allows users to inspect OU and SmartTeams config. View OU Hierarchy global permission must also have been given
Manage Archive Restoration Run and observe restorations
Manage Archive Restoration for OU Run and observe restorations in given OU
Manage Connected Apps Allows users to list and revoke application specific passwords and tokens
Manage Contacts Allows users to create and delete external contacts. External contacts are contacts that are not part of your own organisation
Manage Email Signatures Allow users to manage email signatures
Manage Groups Allows users to create groups. This is typically an administrative permission
Manage Log Notification configurations Allows users to create, remove and view log-related notification configurations.
Manage OUs Allows users to create, rename and delete OUs. This is typically an administrative permission
Manage Shared Drives Allows users to manage Shared Drives. This is typically an administrative permission
Manage Smart Contacts Allows users to create smart contacts groups. This is typically an administrative permission
Manage Smart Teams Allows users to create Smart Teams. This is typically an administrative permission
Manage Smart Teams Priority Allows users to manage the priority of Smart Team. This is typically an administrative permission
Manage Users Allows users to create, rename and move users. The changes are reflected in your Google Workspace directory. This is typically an administrative permission.
Offboard Users Allows users to offboard users according to the OU policy. Note that this can result in deleting users so you may wish to enable the request approval step in all OU offboarding policies to add an extra layer of authorisation.
Purge Archive Data Allows manual purging of user archive data. This is typically an administrative permission.
Purge Backups Allows manual purging of user and Shared Drives backups. This is typically an administrative permission.
Synchronise Domain Allows users to perform domain synchronisation. The permission to edit global settings is also required to perform domain synchronisation
View Aliases Allows users to view aliases within profiles
View and Edit Email Signatures Library Allow users to view and edit email signatures library
View and Edit Workflow Email Templates Allow users to view and edit email templates library
View Backup Status of User Allows users to see on a user's profile if they are Backed Up and what Backup policy they are part of
View Collaboration Statistics Allows users to view collaboration statistics from GAT
View Hidden Allows users to view hidden profiles and OUs
View Last Login Allows users to view users last login time.
View Logs Allows users to view application logs. This is typically an administrative permission
View Managed Domains View all users and groups invited to manage external domains
View Migration Statistics View statistics for migrations in your domain
View Offboarding Statistics Allows users to view offboarding dashboard and to export records
View OU Hierarchy Allows users to view the OU hierarchy
View Own Logs Allows users to view their own application logs.
View Suspended Profiles Allows users to view suspended profiles
Was this article helpful?
0 out of 0 found this helpful