Note: Gopher for Chrome cannot be used by gmail.com users. To access Gopher for Chrome, you must be logged in as a Google Workspace user.
For a Google Workspace user to access Gopher for Chrome, they must either be a super administrator or a delegated administrator with the following privileges:
- Users > Read for ALL organizations
- Organization Units > Read for SELECTED organizations
- Chrome OS > Manage devices for SELECTED organizations
Note: When running as a delegated admin, the device cache, used for search and reporting within Gopher for Chrome, is limited to the subset of devices to which the user has access.
This video shows how to set up OU-delegated permissions so that users are limited to the subset of devices to which the user has access. If you prefer to read, see the steps below.
To accomplish this OU-scoped access, we recommend defining two roles for Gopher for Chrome:
- Gopher for Chrome - Device & OU Access
- Gopher for Chrome - User Access
|
Role name: Gopher for Chrome - Device & OU Access Assigned to the user for only the appropriate org units |
Role name: Gopher for Chrome - User Access Assigned to the user at the root (ALL organizations) |
|
Setting 1 of 2) Under Admin API Privileges > Organizational Units > Read
|
Setting 1 of 1) Under Admin API Privileges > Users > Read
|
|
Purpose: Used to scope available OU lists and view/edit rights on devices within Gopher for Chrome to only those OUs you want the user to manage. |
Purpose: Used to look up user information when running device reports. Device users may reside in any OU on the domain, so setting this to root will avoid errors being thrown in the tool. |
|
Setting 2 of 2) Under Admin Console Privileges > Chrome Management > Manage Chrome OS Devices
|
|
|
Purpose: Used to scope device management rights to only those OUs you want the user able to control. |
