Gmail and Google Drive - Required Permissions
Avanan requires the following permissions from Gmail and Google Drive.
| Type | Permissions required | OAuth Scope | Purpose |
|---|---|---|---|
| Google Drive | View, edit, create, and delete all Google Drive files. | https://www.googleapis.com/auth/drive |
Used to read files across protected drives and remediate found threats (for example, malware and DLP). |
| Google Drive | View your Google Drive applications. | https://www.googleapis.com/auth/drive.apps.readonly |
Used during the application installation to track application entities. |
| Google Drive | View information about your Google Drive files. | https://www.googleapis.com/auth/drive.metadata.readonly |
Used to scan files and enforce policy rules. |
| Google Drive | View and download all your Google Drive files. | https://www.googleapis.com/auth/drive.readonly |
Used to scan the files for malware. |
| Gmail | Read, compose, send, and permanently delete all your Gmail emails. | https://mail.google.com/ |
Used to enforce policy rules and modify the email content. |
| Gmail | Add emails to your Gmail mailbox. | https://www.googleapis.com/auth/gmail.insert |
Used for user notifications, password-protected attachments, and threat extraction by inserting emails in the user's mailbox. |
| Gmail | View and edit your email labels. | https://www.googleapis.com/auth/gmail.labels |
Supports moving emails to Spam as part of the Threat Detection policy. |
| Gmail | Read, compose, and send emails from your Gmail account. | https://www.googleapis.com/auth/gmail.modify |
Required for future feature enhancements. |
| Gmail | View your email messages and settings. | https://www.googleapis.com/auth/gmail.readonly |
Used to scan email messages for threats. |
| Gmail | View, edit, create, or change your email settings and filters in Gmail. | https://www.googleapis.com/auth/gmail.settings.basic |
Used to check mailbox settings and detect compromised accounts. |
| Admin Console | View your Google Chrome OS devices' metadata. | https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly |
Used to identify abnormalities that may indicate Business Email Compromise (BEC). |
| Admin Console | View your mobile devices' metadata. | https://www.googleapis.com/auth/admin.directory.device.mobile.readonly |
Used to identify abnormalities that may indicate Business Email Compromise (BEC). |
| Admin Console | View and manage the provisioning of domains for your customers. | https://www.googleapis.com/auth/admin.directory.domain |
Used to determine the protected domains associated with the Google account. |
| Admin Console | View and manage the provisioning of groups on your domain. | https://www.googleapis.com/auth/admin.directory.group |
Used to map groups for proper policy assignment. |
| Admin Console | View and manage the provisioning of users on your domain. | https://www.googleapis.com/auth/admin.directory.user |
Used to create the service user required for policy configuration. |
| Admin Console | View information about users on your domain. | https://www.googleapis.com/auth/admin.directory.user.readonly |
Used to map users for proper policy assignment and to build the social graph. |
| Admin Console | Manage data access permissions for users on your domain. | https://www.googleapis.com/auth/admin.directory.user.security |
Used during onboarding to configure Google parameters and create the service user. |
| Admin Console | View audit reports for your G Suite domain. | https://www.googleapis.com/auth/admin.reports.audit.readonly |
Used to identify compromised accounts (BEC activity). |
| Admin Console | Upload messages to any Google group in your domain info. | https://www.googleapis.com/auth/apps.groups.migration |
Required for future feature enhancements. |
| Admin Console | View usage reports for your G Suite domain. | https://www.googleapis.com/auth/admin.reports.usage.readonly |
Used to:
|
| Admin Console | View and manage the settings of a G Suite group. | https://www.googleapis.com/auth/apps.groups.settings | Used to create and maintain groups that determine how emails are handled (for example, Inline vs. Monitoring modes). |
| Admin Console | View and manage G Suite licenses for your domain. |
https://www.googleapis.com/auth/apps.licensing | Used to determine which license should be assigned to each user. |
| Payments and Subscriptions | View and manage Pub/Sub topics and subscriptions. |
https://www.googleapis.com/auth/pubsub | Required for future feature enhancements. |
| Google Account | View your primary Google Account email address |
https://www.googleapis.com/auth/userinfo.email | Used to support end user authentication through Google (for example, End User Portal). |
| Google Account | View your personal information, including any personal information you've made publicly available. |
https://www.googleapis.com/auth/userinfo.profile | Used to support end user authentication through Google (for example, End User Portal). |
| Google Activity API | View and add to the activity record of your Google applications. |
https://www.googleapis.com/auth/activity | Required for future feature enhancements. |
| Google Calendar | View and edit events on all your calendars. |
https://www.googleapis.com/auth/calendar.events | Used to identify and remove malicious calendar events and meeting invitations. |