Set user admin privileges for Gopher for Chrome

Note: Gopher for Chrome cannot be used by users. To access Gopher for Chrome, you must be logged in as a Google Workspace user.

For a Google Workspace user to access Gopher for Chrome, they must either be a super administrator or a delegated administrator with the following privileges:

  • Users > Read for ALL organizations
  • Organization Units > Read for SELECTED organizations
  • Chrome OS > Manage devices for SELECTED organizations

Note: When running as a delegated admin, the device cache, used for search and reporting within Gopher for Chrome, is limited to the subset of devices to which the user has access.


This video shows how to set up OU-delegated permissions so that users are limited to the subset of devices to which the user has access. If you prefer to read, see the steps below.

To accomplish this OU-scoped access, we recommend defining two roles for Gopher for Chrome: 

  • Gopher for Chrome - Device & OU Access
  • Gopher for Chrome - User Access

Role name:

Gopher for Chrome - Device & OU Access

Assigned to the user for only the appropriate org units

Role name:

Gopher for Chrome -  User Access

Assigned to the user at the root (ALL organizations)

Setting 1 of 2) Under Admin API Privileges > Organizational Units > Read


Setting 1 of 1) Under Admin API Privileges > Users > Read 


Purpose:  Used to scope available OU lists and view/edit rights on devices within Gopher for Chrome to only those OUs you want the user to manage.

Purpose:  Used to look up user information when running device reports.  Device users may reside in any OU on the domain, so setting this to root will avoid errors being thrown in the tool.

Setting 2 of 2) Under Admin Console Privileges > Chrome Management > Manage Chrome OS Devices



Purpose:  Used to scope device management rights to only those OUs you want the user able to control.


Articles in this section