API permissions for Gmail and Google Drive
Cohesity Alta SaaS Protection requires API permissions on the target Google Drive and Gmail environment to backup and restore its data:
Table:
API name | Requested scope | Used by Cohesity Alta SaaS Protection: | Description by Google |
|---|---|---|---|
Directory API | https://www.googleapis.com/auth/admin.directory.user.readonly | To enumerate the organization's users and discover users of Google Drives and Gmail mailboxes. | Scope for only retrieving users or user aliases. |
Directory API | https://www.googleapis.com/auth/admin.directory.group.member.readonly | To get the list of members/users present in the group to verify if the user is part of the group. If the Shared drive admin is in the group then using this scope you can get one of the users from the group and generate a token to backup the Shared drive. | Scope for only retrieving users/members presents in the group. |
Drive API | https://www.googleapis.com/auth/drive | To back up and restore Google Drive content. | View and manage all of your Drive files. |
Gmail API | https://www.googleapis.com/auth/gmail.readonly | To back up Gmail content. | Read all (Gmail) resources and their metadata. |
Gmail API | https://www.googleapis.com/auth/gmail.modify | To restore Gmail content. | All read/write operations except immediate, permanent deletion of threads and messages, bypassing Trash. |