Admin Audit Activity Events - Delegated Admin Settings

This document lists the events and parameters for Delegated Admin Settings Admin Audit activity events. You can retrieve these events by calling Activities.list() with applicationName=admin.

Delegated Admin Settings

Events of this type are returned with type=DELEGATED_ADMIN_SETTINGS.

Role Assign

Event details
Event name ASSIGN_ROLE
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

ROLE_NAME

string

The role name for this privilege that is assigned to USER_NAME. A delegated administrator's role is granted by the super administrator. See note for restrictions. Possible values:

  • _DIRECTORY_SYNC_ADMIN_ROLE
  • _DOMAINLESS_SUPER_ADMIN_ROLE
  • _DRIVE_TEAM_ADMIN_ROLE
  • _GOOGLE_VOICE_ADMIN_ROLE
  • _GROUPS_ADMIN_ROLE
  • _HELP_DESK_ADMIN_ROLE
  • _LDAP_GROUP_MANAGEMENT_READONLY_ROLE
  • _LDAP_PASSWORD_REBIND_ROLE
  • _LDAP_USER_MANAGEMENT_READONLY_ROLE
  • _MOBILE_ADMIN_ROLE
  • _PLAY_FOR_WORK_ADMIN_ROLE
  • _RESELLER_ADMIN_ROLE
  • _SEED_ADMIN_ROLE
  • _SERVICE_ADMIN_ROLE
  • _TEAM_ADMIN_ROLE
  • _USER_MANAGEMENT_ADMIN_ROLE
USER_EMAIL

string

The primary email address of the delegated administrator assigned the role. For more information about delegated administrator roles, see the administration help center.

Sample request
GET https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ASSIGN_ROLE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Role {ROLE_NAME} assigned to user {USER_EMAIL}

Role Creation

Event details
Event name CREATE_ROLE
Parameters
ROLE_ID

string

Unique identifier for this privilege. A delegated administrator's role is granted by the super administrator. See note for restrictions.

ROLE_NAME

string

The new role name. See note for restrictions. For more information about delegated administrator roles, see the administration help center. Possible values:

  • _DIRECTORY_SYNC_ADMIN_ROLE
  • _DOMAINLESS_SUPER_ADMIN_ROLE
  • _DRIVE_TEAM_ADMIN_ROLE
  • _GOOGLE_VOICE_ADMIN_ROLE
  • _GROUPS_ADMIN_ROLE
  • _HELP_DESK_ADMIN_ROLE
  • _LDAP_GROUP_MANAGEMENT_READONLY_ROLE
  • _LDAP_PASSWORD_REBIND_ROLE
  • _LDAP_USER_MANAGEMENT_READONLY_ROLE
  • _MOBILE_ADMIN_ROLE
  • _PLAY_FOR_WORK_ADMIN_ROLE
  • _RESELLER_ADMIN_ROLE
  • _SEED_ADMIN_ROLE
  • _SERVICE_ADMIN_ROLE
  • _TEAM_ADMIN_ROLE
  • _USER_MANAGEMENT_ADMIN_ROLE
Sample request
GET https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=CREATE_ROLE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
New role {ROLE_NAME} created

Role Deletion

Event details
Event name DELETE_ROLE
Parameters
ROLE_ID

string

Unique identifier for this privilege. A delegated administrator's role is granted by the super administrator. See note for restrictions.

ROLE_NAME

string

The role was deleted for this ROLE_NAME. See note for restrictions. For more information about delegated administrator roles, see the administration help center. Possible values:

  • _DIRECTORY_SYNC_ADMIN_ROLE
  • _DOMAINLESS_SUPER_ADMIN_ROLE
  • _DRIVE_TEAM_ADMIN_ROLE
  • _GOOGLE_VOICE_ADMIN_ROLE
  • _GROUPS_ADMIN_ROLE
  • _HELP_DESK_ADMIN_ROLE
  • _LDAP_GROUP_MANAGEMENT_READONLY_ROLE
  • _LDAP_PASSWORD_REBIND_ROLE
  • _LDAP_USER_MANAGEMENT_READONLY_ROLE
  • _MOBILE_ADMIN_ROLE
  • _PLAY_FOR_WORK_ADMIN_ROLE
  • _RESELLER_ADMIN_ROLE
  • _SEED_ADMIN_ROLE
  • _SERVICE_ADMIN_ROLE
  • _TEAM_ADMIN_ROLE
  • _USER_MANAGEMENT_ADMIN_ROLE
Sample request
GET https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=DELETE_ROLE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Role {ROLE_NAME} deleted

Role Privilege Creation

Event details
Event name ADD_PRIVILEGE
Parameters
PRIVILEGE_NAME

string

The new privilege name which has been added to the ROLE_NAME. Granted to a delegated administrator by a super administrator. For more information about delegated administrator privileges, see the administration help center.

ROLE_ID

string

Unique identifier for this privilege. A delegated administrator's role is granted by the super administrator. See note for restrictions.

ROLE_NAME

string

The new PRIVILEGE_NAME added to this ROLE_NAME. See note for restrictions. Possible values:

  • _DIRECTORY_SYNC_ADMIN_ROLE
  • _DOMAINLESS_SUPER_ADMIN_ROLE
  • _DRIVE_TEAM_ADMIN_ROLE
  • _GOOGLE_VOICE_ADMIN_ROLE
  • _GROUPS_ADMIN_ROLE
  • _HELP_DESK_ADMIN_ROLE
  • _LDAP_GROUP_MANAGEMENT_READONLY_ROLE
  • _LDAP_PASSWORD_REBIND_ROLE
  • _LDAP_USER_MANAGEMENT_READONLY_ROLE
  • _MOBILE_ADMIN_ROLE
  • _PLAY_FOR_WORK_ADMIN_ROLE
  • _RESELLER_ADMIN_ROLE
  • _SEED_ADMIN_ROLE
  • _SERVICE_ADMIN_ROLE
  • _TEAM_ADMIN_ROLE
  • _USER_MANAGEMENT_ADMIN_ROLE
Sample request
GET https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=ADD_PRIVILEGE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
New privilege {PRIVILEGE_NAME} created under role {ROLE_NAME}

Role Privilege Deletion

Event details
Event name REMOVE_PRIVILEGE
Parameters
PRIVILEGE_NAME

string

Removed this privilege name from ROLE_NAME. Granted to a delegated administrator by a super administrator. For more information about delegated administrator privileges, see the administration help center.

ROLE_ID

string

Unique identifier for this privilege. A delegated administrator's role is granted by the super administrator. See note for restrictions.

ROLE_NAME

string

The role from which the privilege was removed. See note for restrictions. Possible values:

  • _DIRECTORY_SYNC_ADMIN_ROLE
  • _DOMAINLESS_SUPER_ADMIN_ROLE
  • _DRIVE_TEAM_ADMIN_ROLE
  • _GOOGLE_VOICE_ADMIN_ROLE
  • _GROUPS_ADMIN_ROLE
  • _HELP_DESK_ADMIN_ROLE
  • _LDAP_GROUP_MANAGEMENT_READONLY_ROLE
  • _LDAP_PASSWORD_REBIND_ROLE
  • _LDAP_USER_MANAGEMENT_READONLY_ROLE
  • _MOBILE_ADMIN_ROLE
  • _PLAY_FOR_WORK_ADMIN_ROLE
  • _RESELLER_ADMIN_ROLE
  • _SEED_ADMIN_ROLE
  • _SERVICE_ADMIN_ROLE
  • _TEAM_ADMIN_ROLE
  • _USER_MANAGEMENT_ADMIN_ROLE
Sample request
GET https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=REMOVE_PRIVILEGE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Privilege {PRIVILEGE_NAME} removed from role {ROLE_NAME}

Role Rename

Event details
Event name RENAME_ROLE
Parameters
NEW_VALUE

string

The new role name.

ROLE_NAME

string

The old role name that is being renamed. For more information about delegated administrator privileges, see the administration help center. Possible values:

  • _DIRECTORY_SYNC_ADMIN_ROLE
  • _DOMAINLESS_SUPER_ADMIN_ROLE
  • _DRIVE_TEAM_ADMIN_ROLE
  • _GOOGLE_VOICE_ADMIN_ROLE
  • _GROUPS_ADMIN_ROLE
  • _HELP_DESK_ADMIN_ROLE
  • _LDAP_GROUP_MANAGEMENT_READONLY_ROLE
  • _LDAP_PASSWORD_REBIND_ROLE
  • _LDAP_USER_MANAGEMENT_READONLY_ROLE
  • _MOBILE_ADMIN_ROLE
  • _PLAY_FOR_WORK_ADMIN_ROLE
  • _RESELLER_ADMIN_ROLE
  • _SEED_ADMIN_ROLE
  • _SERVICE_ADMIN_ROLE
  • _TEAM_ADMIN_ROLE
  • _USER_MANAGEMENT_ADMIN_ROLE
Sample request
GET https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=RENAME_ROLE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Role renamed from {ROLE_NAME} to {NEW_VALUE}

Role Updated

Event details
Event name UPDATE_ROLE
Parameters
ROLE_ID

string

Unique identifier for this privilege. A delegated administrator's role is granted by the super administrator. See note for restrictions.

ROLE_NAME

string

The name of the new role to apply. For more information about delegated administrator roles, see the administration help center. Possible values:

  • _DIRECTORY_SYNC_ADMIN_ROLE
  • _DOMAINLESS_SUPER_ADMIN_ROLE
  • _DRIVE_TEAM_ADMIN_ROLE
  • _GOOGLE_VOICE_ADMIN_ROLE
  • _GROUPS_ADMIN_ROLE
  • _HELP_DESK_ADMIN_ROLE
  • _LDAP_GROUP_MANAGEMENT_READONLY_ROLE
  • _LDAP_PASSWORD_REBIND_ROLE
  • _LDAP_USER_MANAGEMENT_READONLY_ROLE
  • _MOBILE_ADMIN_ROLE
  • _PLAY_FOR_WORK_ADMIN_ROLE
  • _RESELLER_ADMIN_ROLE
  • _SEED_ADMIN_ROLE
  • _SERVICE_ADMIN_ROLE
  • _TEAM_ADMIN_ROLE
  • _USER_MANAGEMENT_ADMIN_ROLE
Sample request
GET https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UPDATE_ROLE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Role {ROLE_NAME} updated

Unassign Role

Event details
Event name UNASSIGN_ROLE
Parameters
ORG_UNIT_NAME

string

The organizational unit (OU) name (path).

ROLE_NAME

string

Role name that is being unassigned from USER_EMAIL. A delegated administrator's role is granted by the super administrator. See note for restrictions. Possible values:

  • _DIRECTORY_SYNC_ADMIN_ROLE
  • _DOMAINLESS_SUPER_ADMIN_ROLE
  • _DRIVE_TEAM_ADMIN_ROLE
  • _GOOGLE_VOICE_ADMIN_ROLE
  • _GROUPS_ADMIN_ROLE
  • _HELP_DESK_ADMIN_ROLE
  • _LDAP_GROUP_MANAGEMENT_READONLY_ROLE
  • _LDAP_PASSWORD_REBIND_ROLE
  • _LDAP_USER_MANAGEMENT_READONLY_ROLE
  • _MOBILE_ADMIN_ROLE
  • _PLAY_FOR_WORK_ADMIN_ROLE
  • _RESELLER_ADMIN_ROLE
  • _SEED_ADMIN_ROLE
  • _SERVICE_ADMIN_ROLE
  • _TEAM_ADMIN_ROLE
  • _USER_MANAGEMENT_ADMIN_ROLE
USER_EMAIL

string

The delegated administrator's primary email address. The role is being unassigned from this user. For more information about delegated administrator roles, see the administration help center.

Sample request
GET https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/admin?eventName=UNASSIGN_ROLE&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
Unassigned role {ROLE_NAME} from user {USER_EMAIL}