-
Notifications
You must be signed in to change notification settings - Fork 88
Users Classification Labels
- API documentation
- Query documentation
- Notes
- Definitions
- Introduction
- Display Classification Labels
- Manage Classification Label Permissions
- Display Classification Label Permissions
- Process Drive File Classification Labels
- https://support.google.com/a/answer/9292382
- https://developers.google.com/drive/labels/guides/overview
- https://developers.google.com/drive/labels/guides/authorize
- https://developers.google.com/drive/labels/reference/rest/v2/labels
- https://developers.google.com/drive/labels/reference/rest/v2/labels.permissions
- https://developers.google.com/drive/api/guides/about-labels
- https://developers.google.com/drive/api/v3/reference/files
To use these commands you must add the 'Drive Labels API' to your project and update your service account authorization.
gam update project
gam user [email protected] update serviceaccount
Supported editions for this feature:
Frontline Starter and Frontline Standard
Business Standard and Business Plus
Enterprise Standard and Enterprise Plus
Education Standard and Education Plus
Essentials, Enterprise Essentials, and Enterprise Essentials Plus
G Suite Business
<DriveFileEntity><UserTypeEntity><ClassificationLabelNameEntity>,<ClassificationLabelPermissionNameEntity<UserTypeEntity>
<ClassificationLabelID> ::= <String>
<ClassificationLabelIDList> ::= "<ClassificationLabelID>(,<ClassificationLabelID)*"
<ClassificationLabelName> ::= labels/<ClassificationLabelID>[@latest|@published|@<Number>]
<ClassificationLabelNameList> ::= "<ClassificationLabelName>(,<ClassificationLabelName)*"
<ClassificationLabelNameEntity> ::=
<ClassificationLabelNameList> | <FileSelector> | <CSVFileSelector> | <CSVDataSelector>
<ClassificationLabelPermissionName> ::= labels/<ClassificationLabelID>[@latest|@published|@<Number>]/permissions/(audiences|groups|people)/<String>
<ClassificationLabelPermissionNameList> ::= "<ClassificationLabelPermissionName>(,<ClassificationLabelPermissionName>)*"
<ClassificationLabelPermissionNameEntity> ::=
<ClassificationLabelPermissionNameList> | <FileSelector> | <CSVFileSelector> | <CSVDataSelector>
<ClassificationLabelFieldID> ::= <String>
<ClassificationLabelSelectionID> ::= <String>
<ClassificationLabelSelectionIDList> ::= "<ClassificationLabelSelectionID>(,<ClassificationLabelSelectionID)*"
<BCP47LanguageCode> ::=
ar-sa| # Arabic Saudi Arabia
cs-cz| # Czech Czech Republic
da-dk| # Danish Denmark
de-de| # German Germany
el-gr| # Modern Greek Greece
en-au| # English Australia
en-gb| # English United Kingdom
en-ie| # English Ireland
en-us| # English United States
en-za| # English South Africa
es-es| # Spanish Spain
es-mx| # Spanish Mexico
fi-fi| # Finnish Finland
fr-ca| # French Canada
fr-fr| # French France
he-il| # Hebrew Israel
hi-in| # Hindi India
hu-hu| # Hungarian Hungary
id-id| # Indonesian Indonesia
it-it| # Italian Italy
ja-jp| # Japanese Japan
ko-kr| # Korean Republic of Korea
nl-be| # Dutch Belgium
nl-nl| # Dutch Netherlands
no-no| # Norwegian Norway
pl-pl| # Polish Poland
pt-br| # Portuguese Brazil
pt-pt| # Portuguese Portugal
ro-ro| # Romanian Romania
ru-ru| # Russian Russian Federation
sk-sk| # Slovak Slovakia
sv-se| # Swedish Sweden
th-th| # Thai Thailand
tr-tr| # Turkish Turkey
zh-cn| # Chinese China
zh-hk| # Chinese Hong Kong
zh-tw # Chinese Taiwan
A domain administrator with the Drive and Docs administrator privilege can search for Shared Drives or update permissions for Shared Drives owned by their organization, regardless of the admin's membership in any given Shared Drive.
Three forms of the commands are available:
-
gam action ...- The administrator named in oauth2.txt is used, domain administrator access implied and labels of typeSHAREDandADMINcan be processed -
gam <UserTypeEntity> action ... adminaccess- The user named in<UserTypeEntty>is used, adminaccess indicates that labels of typeSHAREDandADMINcan be processed -
gam <UserTypeEntity> action ...- The user named in<UserTypeEntty>is used, access is limited, onlylabels of typeSHAREDcan be processed
gam [<UserTypeEntity>] info classificationlabels <ClassificationLabelNameEntity>
[[basic|full] [languagecode <BCP47LanguageCode>]
[formatjson] [adminaccess|asadmin]
-
basic- Display fields: name,id,revisionId,labelType,properties.*; this is the default -
full- Display all possible fields -
languagecode <BCP47LanguageCode>- The BCP-47 language code to use for evaluating localized Field labels. When not specified, values in the default configured language will be used. -
adminaccess|asadmin- Use the user's admin credentials. This will return all Labels within the customer.
By default, Gam displays the information as an indented list of keys and values.
-
formatjson- Display the fields in JSON format.
gam [<UserTypeEntity>] show classificationlabels
[basic|full] [languagecode <BCP47LanguageCode>]
[publishedonly [<Boolean>]] [minimumrole applier|editor|organizer|reader]
[formatjson] [adminaccess|asadmin]
-
basic- Display fields: name,id,revisionId,labelType,properties.*; this is the default -
full- Display all possible fields -
languagecode <BCP47LanguageCode>- The BCP-47 language code to use for evaluating localized Field labels. When not specified, values in the default configured language will be used. -
minimumrole applier|editor|organizer|reader- Specifies the level of access the user must have on the returned Labels. Defaults to READER. -
adminaccess|asadmin- Use the user's admin credentials. This will return all Labels within the customer.
By default, Gam displays the information as an indented list of keys and values.
-
formatjson- Display the fields in JSON format.
gam [<UserTypeEntity>] print classificationlabels [todrive <ToDriveAttribute>*]
[basic|full] [languagecode <BCP47LanguageCode>]
[publishedonly [<Boolean>]] [minimumrole applier|editor|organizer|reader]
[formatjson [quotechar <Character>]] [adminaccess|asadmin]
-
basic- Display fields: name,id,revisionId,labelType,properties.*; this is the default -
full- Display all possible fields -
languagecode <BCP47LanguageCode>- The BCP-47 language code to use for evaluating localized Field labels. When not specified, values in the default configured language will be used. -
minimumrole applier|editor|organizer|reader- Specifies the level of access the user must have on the returned Labels. Defaults to READER. -
adminaccess|asadmin- Use the user's admin credentials. This will return all Labels within the customer.
By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
-
formatjson- Display the fields in JSON format.
By default, when writing CSV files, Gam uses a quote character of double quote ". The quote character is used to enclose columns that contain
the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
When using the formatjson option, double quotes are used extensively in the data resulting in hard to read/process output.
The quotechar <Character> option allows you to choose an alternate quote character, single quote for instance, that makes for readable/processable output.
quotechar defaults to gam.cfg/csv_output_quote_char. When uploading CSV files to Google, double quote " should be used.
Create a permission for a Classification Label by specifying the label name and the principal.
gam [<UserTypeEntity>] create classificationlabelpermission <ClassificationLabelNameEntity>
(user <UserItem>) | (group <GroupItem) | (audience <String>)
role applier|editor|organizer|reader
[nodetails|formatjson] [adminaccess|asadmin]
By default, when a permission is created, GAM outputs details of the permission as indented keywords and values.
-
nodetails- Suppress the details output. -
formatjson- Output the details in JSON format.
Delete a Classification Label permission by specifying the label name and the principal.
gam [<UserTypeEntity>] delete classificationlabelpermission <ClassificationLabelNameEntity>
(user <UserItem>) | (group <GroupItem) | (audience <String>)
[adminaccess|asadmin]
Delete a Classification Label permission by specifying the label permission name.
gam [<UserTypeEntity>] remove classificationlabelpermission <ClassificationLabelPermissionNameEntity>
[adminaccess|asadmin]
Display permissions for a collection of Classification Label permission names.
gam [<UserTypeEntity>] show classificationlabelpermissions <ClassificationLabelNameEntity>
[formatjson] [adminaccess|asadmin]
By default, Gam displays the information as an indented list of keys and values.
-
formatjson- Display the fields in JSON format.
gam [<UserTypeEntity>] print classificationlabelpermissions <ClassificationLabelNameEntity> [todrive <ToDriveAttribute>*]
[formatjson [quotechar <Character>]] [adminaccess|asadmin]
By default, Gam displays the information as columns of fields; the following option causes the output to be in JSON format,
-
formatjson- Display the fields in JSON format.
By default, when writing CSV files, Gam uses a quote character of double quote ". The quote character is used to enclose columns that contain
the quote character itself, the column delimiter (comma by default) and new-line characters. Any quote characters within the column are doubled.
When using the formatjson option, double quotes are used extensively in the data resulting in hard to read/process output.
The quotechar <Character> option allows you to choose an alternate quote character, single quote for instance, that makes for readable/processable output.
quotechar defaults to gam.cfg/csv_output_quote_char. When uploading CSV files to Google, double quote " should be used.
<ClassificationLabelID>, <ClassificationLabelFieldID> and <ClassificationLabelSelectionID> values are obtained from the commands above.
gam <UserTypeEntity> process filedrivelabels <DriveFileEntity>
(addlabel <ClassificationLabelIDList>)*
(deletelabel <ClassificationLabelIDList>)*
(addlabelfield <ClassificationLabelID> <ClassificationLabelFieldID>
(text <String>)|selection <ClassificationLabelSelectionIDList>)|
(integer <Number>)|(date <Date>)|(user <EmailAddressList>))*
(deletelabelfield <ClassificationLabelID> <ClassificationLabelFieldID>)*
[nodetails]
By default, details of the process labels are displayed, use nodetails to suppress this display.
Need more help? Ask on the GAM Discussion Group
Update History
Installation
- How to Install GAM7
- How to Update Advanced GAM to GAM7
- How to Update GAM7
- How to Upgrade from Legacy GAM
- Install GAM as Python Library
- GAM7 on Chrome OS Devices
- GAM7 on Android Devices
- Google Network Addresses
- HTTPS Proxy
- SSL Root CA Certificates
- How to Uninstall GAM7
Configuration
- Authorization
- GAM Configuration
- Running GAM7 securely on a Google Compute Engine
- Using GAM7 with a delegated admin service account
- Using GAM7 with a YubiKey
Notes and Information
- Upgrade Benefits
- Questions? Visit the GAM Discussion Forum
- Scripts
- Other Resources
- Drive REST API v3
- BNF Syntax
- GAM Return Codes
- Python Regular Expressions
- Rclone
Definitions
Command Processing
- Bulk Processing
- Command Line Parsing
- Command Logging and Progress
- Command data from Google Docs/Sheets/Storage
- CSV Special Characters
- CSV Input Filtering
- CSV Output Filtering
- Meta Commands and File Redirection
- Permission matches
- Tag Replace
- Todrive
Collections
Client Access
- Addresses
- Administrators
- Alert Center
- Aliases
- Calendars
- Calendars - Access
- Calendars - Events
- Chrome Auto Update Expiration Counts
- Chrome Browser Cloud Management
- Chrome Device Needs Attention Counts
- Chrome Installed Apps
- Chrome Policies
- Chrome Printers
- Chrome Version Counts
- Chrome Version History
- ChromeOS Devices
- Classroom - Courses
- Classroom - Guardians
- Classroom - Invitations
- Classroom - Membership
- Cloud Channel
- Cloud Identity Devices
- Cloud Identity Groups
- Cloud Identity Groups - Membership
- Cloud Identity Policies
- Cloud Storage
- Context Aware Access Levels
- Customer
- Domains
- Domains - Verification
- Domain People - Contacts & Profiles
- Domain Shared Contacts - Global Address List
- Email Audit Monitor
- Find File Owner
- Google Data Transfers
- Groups
- Groups - Membership
- Inbound SSO
- Licenses
- Mobile Devices
- Organizational Units
- Reports
- Reseller
- Resources
- Send Email
- Schemas
- Shared Drives
- Sites
- Users
- Unmanaged Accounts
- Users - Signout and Turn off 2-Step Verification
- Vault - Takeout
- Version and Help
Special Service Account Access
Service Account Access
- Users - Analytics Admin
- Users - Application Specific Passwords
- Users - Backup Verification Codes
- Users - Calendars
- Users - Calendars - Access
- Users - Calendars - Events
- Users - Chat
- Users - Classification Labels
- Users - Classroom - Profile
- Users - Deprovision
- Users - Contacts
- Users - Contacts - Delegates
- Users - Drive - File Selection
- Users - Drive - Activity/Settings
- Users - Drive - Cleanup
- Users - Drive - Comments
- Users - Drive - Copy/Move
- Users - Drive - Files-Display
- Users - Drive - Files-Manage
- Users - Drive - Orphans
- Users - Drive - Ownership
- Users - Drive - Permissions
- Users - Drive - Query
- Users - Drive - Revisions
- Users - Drive - Shortcuts
- Users - Drive - Transfer
- Users - Forms
- Users - Gmail - Client Side Encryption
- Users - Gmail - Delegates
- Users - Gmail - Filters
- Users - Gmail - Forwarding
- Users - Gmail - Labels
- Users - Gmail - Messages/Threads
- Users - Gmail - Profile
- Users - Gmail - S/MIME
- Users - Gmail - SendAs/Signature/Vacation
- Users - Gmail - Settings
- Users - Group Membership
- Users - Keep
- Users - Looker Studio
- Users - Meet
- Users - Classroom - Profile
- Users - People - Contacts & Profiles
- Users - Photo
- Users - Profile Sharing
- Users - Shared Drives
- Users - Spreadsheets
- Users - Tasks
- Users - Tokens
- Users - YouTube