Gmail and Google Drive - Required Permissions

Avanan requires the following permissions from Gmail and Google Drive.

Type Permissions required OAuth Scope Purpose
Google Drive View, edit, create, and delete all Google Drive files. https://www.googleapis.com/auth/drive

Used to read files across protected drives and remediate found threats (for example, malware and DLP).

Google Drive View your Google Drive applications. https://www.googleapis.com/auth/drive.apps.readonly

Used during the application installation to track application entities.

Google Drive View information about your Google Drive files. https://www.googleapis.com/auth/drive.metadata.readonly

Used to scan files and enforce policy rules.

Google Drive View and download all your Google Drive files. https://www.googleapis.com/auth/drive.readonly

Used to scan the files for malware.

Gmail Read, compose, send, and permanently delete all your Gmail emails. https://mail.google.com/

Used to enforce policy rules and modify the email content.

Gmail Add emails to your Gmail mailbox. https://www.googleapis.com/auth/gmail.insert

Used for user notifications, password-protected attachments, and threat extraction by inserting emails in the user's mailbox.

Gmail View and edit your email labels. https://www.googleapis.com/auth/gmail.labels

Supports moving emails to Spam as part of the Threat Detection policy.

Gmail Read, compose, and send emails from your Gmail account. https://www.googleapis.com/auth/gmail.modify

Required for future feature enhancements.

Gmail View your email messages and settings. https://www.googleapis.com/auth/gmail.readonly

Used to scan email messages for threats.

Gmail View, edit, create, or change your email settings and filters in Gmail. https://www.googleapis.com/auth/gmail.settings.basic

Used to check mailbox settings and detect compromised accounts.

Admin Console View your Google Chrome OS devices' metadata. https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly

Used to identify abnormalities that may indicate Business Email Compromise (BEC).

Admin Console View your mobile devices' metadata. https://www.googleapis.com/auth/admin.directory.device.mobile.readonly

Used to identify abnormalities that may indicate Business Email Compromise (BEC).

Admin Console View and manage the provisioning of domains for your customers. https://www.googleapis.com/auth/admin.directory.domain

Used to determine the protected domains associated with the Google account.

Admin Console View and manage the provisioning of groups on your domain. https://www.googleapis.com/auth/admin.directory.group

Used to map groups for proper policy assignment.

Admin Console View and manage the provisioning of users on your domain. https://www.googleapis.com/auth/admin.directory.user

Used to create the service user required for policy configuration.

Admin Console View information about users on your domain. https://www.googleapis.com/auth/admin.directory.user.readonly

Used to map users for proper policy assignment and to build the social graph.

Admin Console Manage data access permissions for users on your domain. https://www.googleapis.com/auth/admin.directory.user.security

Used during onboarding to configure Google parameters and create the service user.

Admin Console View audit reports for your G Suite domain. https://www.googleapis.com/auth/admin.reports.audit.readonly

Used to identify compromised accounts (BEC activity).

Admin Console Upload messages to any Google group in your domain info. https://www.googleapis.com/auth/apps.groups.migration

Required for future feature enhancements.

Admin Console View usage reports for your G Suite domain. https://www.googleapis.com/auth/admin.reports.usage.readonly

Used to:

  1. Detect compromised accounts.

  2. Detect Google Drive file changes that require rescanning.

Admin Console View and manage the settings of a G Suite group. https://www.googleapis.com/auth/apps.groups.settings

Used to create and maintain groups that determine how emails are handled (for example, Inline vs. Monitoring modes).

Admin Console

View and manage G Suite licenses for your domain.

https://www.googleapis.com/auth/apps.licensing

Used to determine which license should be assigned to each user.

Payments and Subscriptions

View and manage Pub/Sub topics and subscriptions.

https://www.googleapis.com/auth/pubsub

Required for future feature enhancements.

Google Account

View your primary Google Account email address

https://www.googleapis.com/auth/userinfo.email

Used to support end user authentication through Google (for example, End User Portal).

Google Account

View your personal information, including any personal information you've made publicly available.

https://www.googleapis.com/auth/userinfo.profile

Used to support end user authentication through Google (for example, End User Portal).

Google Activity API

View and add to the activity record of your Google applications.

https://www.googleapis.com/auth/activity

Required for future feature enhancements.

Google Calendar

View and edit events on all your calendars.

https://www.googleapis.com/auth/calendar.events

Used to identify and remove malicious calendar events and meeting invitations.