We have an interface to Google Classroom and Google Admin from our application using the respective API's. Our application manages users, classes, rosters and importing assignments and scores from Google Classroom. Everything works great for our customers that have 1 Google Tenant that contains Staff and Students.
We have a customer that has 2 Google Tenants. One for Staff and one for Students. Each tenant has a different domain. We have Allowlisted each domain from the other in both tenants.
Our app works fine with the multiple tenants for Users and Courses.
Our app can create course.students (roster enrollments) or create invitations for students. It appears that neither of these are allowed with 2 tenants.
We get CannotDirectAddUser erros when trying to create course.students, and we get Permission Denied 403 error when trying to create Student Invitations.
Both of these API methods work fine for our clients using 1 tenant.
It would really be nice if we could get either of these to work so students didn't have to enter the enroll codes to join a class.
Has anyone figured out a way to make the create course.student or create invitations work with two tenants?
Having the customer combine the 2 tenants into 1 tenant is not an option.
Thanks for any help you can offer!!
Related
I'm developing integration with Google Ads API using their Ruby gem library.
I have an approved oAuth2 account for the Ads scope with an approved developer token that allows any external user to connect with our API.
I have a Google Ads account that manages our own Ads account and two other accounts.
When I authenticate with the API and approve it, I then grab the account with
graph = get_accounts_graph()
Apps::GoogleAds::Account.get_accounts_map(graph)
This surprisingly returns just ONE Ads account, and one that belongs to a client that we manage. Our own two Ads accounts are missing.
So I tried to compare between our client's account and our own.
Under https://ads.google.com/aw/accountaccess I can clearly see we have admin rights to our two ad accounts, just like we do to the client account.
Am I missing some setting somewhere? Has anyone experienced this before?
I ran into this issue at the beginning. The sample in the API client libraries (which I'm going to assume you are using here), calls the customer service
customer_service.list_accessible_customers()
There's actually two different services for retrieving customer account IDs. The customer service only allows access to accounts that are added as direct admins on each account. This is an important distinction as manager accounts don't fall into this category.
What you need to call is the regular GoogleAdsService (not the customer service!) and put your request in the query itself..
query = "SELECT customer_client_link.client_customer FROM customer_client_link"
This will give you a list of account IDs as resource names, not accessible accounts. And you can iterate over them as usual.
Hope that helps.
I’m new to google classroom api. I want to create a process that will query all classes, students, assignments etc. It will run unattended.
So, my questions are:
will offline scope allow the process to query the api unattended?
can only an admin user see all classes, students, assignments?
or, can a g-suite user be created with limited read-only permissions to certain resources?
Thanks
Since this is an unattended batch process and Google OAuth access tokens expire after 1 hour, you will likely need offline access. You can do this by adding the parameter access_type=offline in the authorization URL.
In terms of actually acquiring all classes, students, assignments, etc., here are a few things to note:
If you're a domain administrator, you can retrieve courses, students, assignments, invitations, etc. in their domain and will not need each teacher to authorize these requests.
If you don't have domain administrator access and want to retrieve all these items, you will have to have each teacher authorize your request(s).
As for your last question, I'm not entirely sure what you mean -- could you clarify? Are you asking is if one workaround would be to create a G Suite user that has read access to all these resources and then use that account to make all the requests?
You can create a service account and use it to query all data on behalf of users-
https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
As I understand, we can access records created by Portal users and their respective Entity Permissions apply for them. However, I wanted those users to be able to even access records which were created by CRM users within Dynamics 365 (and not records created from Portal by a Portal user which is assigned to System)
Is this possible? If yes, how can I achieve that?
Thanks in advance!
It does not matter who created the record, what matters is if that user has access to it. It would not make much sense to show only records that were created by the portal users - how would you then handle something like Customer Service (on one end users use portal, but on the other they are using CRM, bot are creating records).
So basically I'm not sure how aware are you of the configuration of permissions, but let's say that you configured that a Contact (which is a portal user) has access to all records "Cases" that are referencing this contact (this is simply configuration in Entity Permission record). If yes then contact will see records created by him and all other cases that are referencing him as a contact, so if you as a CRM user will create a Case for a Contact, this Contact will see the case.
I'm really new to this but I need to get a list of Classrooms with teachers for an organisation. I have run the quickstart script provided by Google but this only shows the classrooms I am attached to.
Does anyone have the code to run this for the whole organisation?
If you run the Courses.list() request as a domain administrator then you'll have access to all the courses within the domain.
The People API with 'me' is supposed to give organizations. But found that the organizations comes from user entered Google plus.
I want to find current logged in users Organization Unit under which the admin added them. I am building a Marketplace app, where based on if the user is teacher or a student, the functionality is allowed or restricted.
What is the best way to get this info?