Setting user admin privileges for Gopher for Chrome

NOTE: Gopher for Chrome cannot be used by gmail.com users.  In order to access Gopher for Chrome, you must be used be logged in as a G Suite user.

For a G-Suite user to access Gopher for Chrome, they must either be a super administrator or a delegated administrator with the following privileges:

  • Users -> Read for ALL organizations
  • Organization Units -> Read for SELECTED organizations
  • Chrome OS -> Manage devices for SELECTED organizations

Note: When running as a delegated admin, the device cache, used for search and reporting within Gopher for Chrome, will be limited to the subset of devices for which the user has access.

ou-scoped.png

This video shows how to set up OU-delegated permissions so that users are limited to the subset of devices for which the user has access.  If you prefer to read, see the guide below.

To accomplish this OU-scoped access, we recommend defining two roles for Chrome Gopher:

Role name: 

Gopher for Chrome - Device & OU Access

Role name:

Gopher for Chrome -  User Access

Required scope:  SELECTED organizations

Screen_Shot_2018-01-12_at_11.02.32_AM.png

Required scope: ALL organizations

Screen_Shot_2018-01-12_at_11.03.28_AM.png

 

 

 

 

 

.

Purpose:  Used to scope available OU lists and view / edit rights on devices within Gopher for Chrome.

Purpose:  Used to look up user information when running device reports.  Device users may reside in any OU on the domain, so setting this to root will avoid errors being thrown in the tool.

 Screen_Shot_2018-01-12_at_10.59.01_AM.png Screen_Shot_2018-01-12_at_11.00.12_AM.png