Hello, There is one additional special case: if your application is installed as a Marketplace App then your application can get read-only access to the Provisioning API. The user in this case does not need to log in as an administrator, and your app does not need to store administrator credentials.
So your application can read the list of Groups for everyone or for a particular user. Please see http://code.google.com/googleapps/marketplace/manifest.html#supported_scopes for the specific scope to request in your Application Manifest. When you've configured your app manifest for Provisioning API access, then as the administrator installs your app, the installation process requests the admin to grant read-only access. If they accept, then your app can read all of the domain's provisioning information through user, group, and/or nickname feeds. You can't write back or make provisioning changes with this kind of access, but you could make decisions based on the user's groups. The customer never gets prompted for access because that was granted by their system administrator during installation. This may be the kind of carefully-scoped access you were looking for. /Rufus -- You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
