Documented google integration requires domain wide privileges #2408
Labels
documentation
Improvements or additions to documentation
enhancement
New feature or request
help wanted
Extra attention is needed
Stale
triaged
Issue has been triaged
Describe the bug
The documented google integration seems too permissive, in that it guides creation of an API key with domain-wide full access.
Expected behavior
Documentation clearly outlines minimal permissions required to function, and instructs user through granting only the minimal access required for dispatch (ideally per-plugin)
Additional context
I'm in the process of integrating dispatch into my organizations google workspace, but am receiving push back as the documented permissions are understood to be root level rw across the entire account, including ability to read others emails. I'd anticipate this to be problematic at other orgs as well.
I'll be trying to find the minimal set of permissions to get the google plugins up and working through trial and error, but a clearly written guide would be very helpful. Any info about required permissions that could be provided here will be helpful as well!
The text was updated successfully, but these errors were encountered: