device_users
Creates, updates, deletes, gets or lists a device_users resource.
Overview
| Name | device_users |
| Type | Resource |
| Id | google.cloudidentity.device_users |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. Resource name of the DeviceUser in format: devices/{device}/deviceUsers/{device_user}, where device_user uniquely identifies a user's use of a device. |
compromisedState | string | Compromised State of the DeviceUser object |
createTime | string (google-datetime) | When the user first signed in to the device |
firstSyncTime | string (google-datetime) | Output only. Most recent time when user registered with this service. |
languageCode | string | Output only. Default locale used on device, in IETF BCP-47 format. |
lastSyncTime | string (google-datetime) | Output only. Last time when user synced with policies. |
managementState | string | Output only. Management state of the user on the device. |
passwordState | string | Password state of the DeviceUser object |
userAgent | string | Output only. User agent on the device for this specific user |
userEmail | string | Email address of the user registered on the device. |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. Resource name of the DeviceUser in format: devices/{device}/deviceUsers/{device_user}, where device_user uniquely identifies a user's use of a device. |
compromisedState | string | Compromised State of the DeviceUser object |
createTime | string (google-datetime) | When the user first signed in to the device |
firstSyncTime | string (google-datetime) | Output only. Most recent time when user registered with this service. |
languageCode | string | Output only. Default locale used on device, in IETF BCP-47 format. |
lastSyncTime | string (google-datetime) | Output only. Last time when user synced with policies. |
managementState | string | Output only. Management state of the user on the device. |
passwordState | string | Password state of the DeviceUser object |
userAgent | string | Output only. User agent on the device for this specific user |
userEmail | string | Email address of the user registered on the device. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | devicesId, deviceUsersId | customer | Retrieves the specified DeviceUser |
list | select | devicesId | customer, filter, pageSize, pageToken, orderBy | Lists/Searches DeviceUsers. |
delete | delete | devicesId, deviceUsersId | customer | Deletes the specified DeviceUser. This also revokes the user's access to device data. |
lookup | exec | devicesId | pageSize, pageToken, androidId, rawResourceId, userId | Looks up resource names of the DeviceUsers associated with the caller's credentials, as well as the properties provided in the request. This method must be called with end-user credentials with the scope: https://www.googleapis.com/auth/cloud-identity.devices.lookup If multiple properties are provided, only DeviceUsers having all of these properties are considered as matches - i.e. the query behaves like an AND. Different platforms require different amounts of information from the caller to ensure that the DeviceUser is uniquely identified. - iOS: No properties need to be passed, the caller's credentials are sufficient to identify the corresponding DeviceUser. - Android: Specifying the 'android_id' field is required. - Desktop: Specifying the 'raw_resource_id' field is required. |
approve | exec | devicesId, deviceUsersId | Approves device to access user data. | |
block | exec | devicesId, deviceUsersId | Blocks device from accessing user data | |
wipe | exec | devicesId, deviceUsersId | Wipes the user's account on a device. Other data on the device that is not associated with the user's work account is not affected. For example, if a Gmail app is installed on a device that is used for personal and work purposes, and the user is logged in to the Gmail app with their personal account as well as their work account, wiping the "deviceUser" by their work administrator will not affect their personal account within Gmail or other apps such as Photos. | |
cancel_wipe | exec | devicesId, deviceUsersId | Cancels an unfinished user account wipe. This operation can be used to cancel device wipe in the gap between the wipe operation returning success and the device being wiped. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
deviceUsersId | string | |
devicesId | string | |
androidId | string | |
customer | string | |
filter | string | |
orderBy | string | |
pageSize | integer (int32) | |
pageToken | string | |
rawResourceId | string | |
userId | string |
SELECT examples
- get
- list
Retrieves the specified DeviceUser
SELECT
name,
compromisedState,
createTime,
firstSyncTime,
languageCode,
lastSyncTime,
managementState,
passwordState,
userAgent,
userEmail
FROM google.cloudidentity.device_users
WHERE devicesId = '{{ devicesId }}' -- required
AND deviceUsersId = '{{ deviceUsersId }}' -- required
AND customer = '{{ customer }}';
Lists/Searches DeviceUsers.
SELECT
name,
compromisedState,
createTime,
firstSyncTime,
languageCode,
lastSyncTime,
managementState,
passwordState,
userAgent,
userEmail
FROM google.cloudidentity.device_users
WHERE devicesId = '{{ devicesId }}' -- required
AND customer = '{{ customer }}'
AND filter = '{{ filter }}'
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND orderBy = '{{ orderBy }}';
DELETE examples
- delete
Deletes the specified DeviceUser. This also revokes the user's access to device data.
DELETE FROM google.cloudidentity.device_users
WHERE devicesId = '{{ devicesId }}' --required
AND deviceUsersId = '{{ deviceUsersId }}' --required
AND customer = '{{ customer }}';
Lifecycle Methods
- lookup
- approve
- block
- wipe
- cancel_wipe
Looks up resource names of the DeviceUsers associated with the caller's credentials, as well as the properties provided in the request. This method must be called with end-user credentials with the scope: https://www.googleapis.com/auth/cloud-identity.devices.lookup If multiple properties are provided, only DeviceUsers having all of these properties are considered as matches - i.e. the query behaves like an AND. Different platforms require different amounts of information from the caller to ensure that the DeviceUser is uniquely identified. - iOS: No properties need to be passed, the caller's credentials are sufficient to identify the corresponding DeviceUser. - Android: Specifying the 'android_id' field is required. - Desktop: Specifying the 'raw_resource_id' field is required.
EXEC google.cloudidentity.device_users.lookup
@devicesId='{{ devicesId }}' --required,
@pageSize='{{ pageSize }}',
@pageToken='{{ pageToken }}',
@androidId='{{ androidId }}',
@rawResourceId='{{ rawResourceId }}',
@userId='{{ userId }}';
Approves device to access user data.
EXEC google.cloudidentity.device_users.approve
@devicesId='{{ devicesId }}' --required,
@deviceUsersId='{{ deviceUsersId }}' --required
@@json=
'{
"customer": "{{ customer }}"
}';
Blocks device from accessing user data
EXEC google.cloudidentity.device_users.block
@devicesId='{{ devicesId }}' --required,
@deviceUsersId='{{ deviceUsersId }}' --required
@@json=
'{
"customer": "{{ customer }}"
}';
Wipes the user's account on a device. Other data on the device that is not associated with the user's work account is not affected. For example, if a Gmail app is installed on a device that is used for personal and work purposes, and the user is logged in to the Gmail app with their personal account as well as their work account, wiping the "deviceUser" by their work administrator will not affect their personal account within Gmail or other apps such as Photos.
EXEC google.cloudidentity.device_users.wipe
@devicesId='{{ devicesId }}' --required,
@deviceUsersId='{{ deviceUsersId }}' --required
@@json=
'{
"customer": "{{ customer }}"
}';
Cancels an unfinished user account wipe. This operation can be used to cancel device wipe in the gap between the wipe operation returning success and the device being wiped.
EXEC google.cloudidentity.device_users.cancel_wipe
@devicesId='{{ devicesId }}' --required,
@deviceUsersId='{{ deviceUsersId }}' --required
@@json=
'{
"customer": "{{ customer }}"
}';