Setting user admin privileges for Gopher for Chrome

NOTE: Gopher for Chrome cannot be used by gmail.com users.  In order to access Gopher for Chrome, you must be used be logged in as a G Suite user.

For a G-Suite user to access Gopher for Chrome, they must either be a super administrator or a delegated administrator with the following privileges:

  • Users > Read for ALL organizations
  • Organization Units > Read for SELECTED organizations
  • Chrome OS > Manage devices for SELECTED organizations

Note: When running as a delegated admin, the device cache, used for search and reporting within Gopher for Chrome, will be limited to the subset of devices for which the user has access.

ou-scoped.png

This video shows how to set up OU-delegated permissions so that users are limited to the subset of devices for which the user has access.  If you prefer to read, see the guide below.

To accomplish this OU-scoped access, we recommend defining two roles for Chrome Gopher:

Role name: 

Gopher for Chrome - Device & OU Access

Assigned to the user for only the appropriate org units

Role name:

Gopher for Chrome -  User Access

Assigned to the user at root (ALL organizations)

Setting 1 of 2) Under Admin API Privileges -> Organizational Units -> Read

Screen_Shot_2020-04-20_at_2.22.30_PM.png

Setting 1 of 1) Under Admin API Privileges -> Users -> Read 

Screen_Shot_2020-04-20_at_2.31.01_PM.png

 

 

 

 

.

Purpose:  Used to scope available OU lists and view / edit rights on devices within Gopher for Chrome to only those OUs you want the user to manage.

Purpose:  Used to look up user information when running device reports.  Device users may reside in any OU on the domain, so setting this to root will avoid errors being thrown in the tool.

Setting 2 of 2) Under Admin Console Privileges ->Chrome Management -> Manage Devices

Screen_Shot_2020-04-20_at_2.27.22_PM.png

 

Purpose:  Used to scope device management rights to only those OUs you want the user able to control.