This document contains API-specific authorization information. Before reading this document, be sure to read the general authentication and authorization information at Develop on Google Workspace.
OAuth scopes
Requests that interact with labels and their Google Drive item metadata require the correct OAuth scopes.
Scopes for label metadata on Drive items
The following OAuth scopes can be used to read, search, and modify label metadata applied Drive items:
| Scope | Meaning |
|---|---|
|
Read, search, and modify label metadata applied to Drive items. |
|
Read and search label metadata applied to Drive items authorized for the application. |
For more information, see Drive API OAuth 2.0 Scopes and Drive API-specific authorization.
Scopes for labels
The following OAuth scopes can be used to view and manage labels:
| Scope | Meaning |
|---|---|
https://www.googleapis.com/auth/drive.labels
|
View, use, and manage Drive labels.
|
https://www.googleapis.com/auth/drive.labels.readonly
|
View and use Drive labels.
|
https://www.googleapis.com/auth/drive.admin.labels
|
View, edit, create, and delete all Drive labels in your organization, and view your organization's label-related administration policies.
|
https://www.googleapis.com/auth/drive.admin.labels.readonly
|
View all Drive labels and label-related administration policies in your organization.
|
Administrator access
To manage ADMIN labels, you must specify:
useAdminAccessistrueto use the user's administrator credentials.- Account administrators with the Manage Labels privilege.
useAdminAccess
Administrators must set the useAdminAccess parameter to invoke their admin
privileges. Setting useAdminAccess allows viewing and editing of any label
owned by a customer. This includes both ADMIN and SHARED Labels.
When useAdminAccess is not set, write requests are allowed only for labels
with both a SHARED label type
and for users with the appropriate EDITOR role for this label.
For more information, see Create access credentials.