Skip to main content

device_users

Creates, updates, deletes, gets or lists a device_users resource.

Overview

Namedevice_users
TypeResource
Idgoogle.cloudidentity.device_users

Fields

NameDatatypeDescription
namestringOutput only. Resource name of the DeviceUser in format: devices/{device}/deviceUsers/{device_user}, where device_user uniquely identifies a user's use of a device.
compromisedStatestringCompromised State of the DeviceUser object
createTimestringWhen the user first signed in to the device
firstSyncTimestringOutput only. Most recent time when user registered with this service.
languageCodestringOutput only. Default locale used on device, in IETF BCP-47 format.
lastSyncTimestringOutput only. Last time when user synced with policies.
managementStatestringOutput only. Management state of the user on the device.
passwordStatestringPassword state of the DeviceUser object
userAgentstringOutput only. User agent on the device for this specific user
userEmailstringEmail address of the user registered on the device.

Methods

NameAccessible byRequired ParamsDescription
getSELECTdeviceUsersId, devicesIdRetrieves the specified DeviceUser
listSELECTdevicesIdLists/Searches DeviceUsers.
deleteDELETEdeviceUsersId, devicesIdDeletes the specified DeviceUser. This also revokes the user's access to device data.
approveEXECdeviceUsersId, devicesIdApproves device to access user data.
blockEXECdeviceUsersId, devicesIdBlocks device from accessing user data
cancel_wipeEXECdeviceUsersId, devicesIdCancels an unfinished user account wipe. This operation can be used to cancel device wipe in the gap between the wipe operation returning success and the device being wiped.
lookupEXECdevicesIdLooks up resource names of the DeviceUsers associated with the caller's credentials, as well as the properties provided in the request. This method must be called with end-user credentials with the scope: https://www.googleapis.com/auth/cloud-identity.devices.lookup If multiple properties are provided, only DeviceUsers having all of these properties are considered as matches - i.e. the query behaves like an AND. Different platforms require different amounts of information from the caller to ensure that the DeviceUser is uniquely identified. - iOS: No properties need to be passed, the caller's credentials are sufficient to identify the corresponding DeviceUser. - Android: Specifying the 'android_id' field is required. - Desktop: Specifying the 'raw_resource_id' field is required.
wipeEXECdeviceUsersId, devicesIdWipes the user's account on a device. Other data on the device that is not associated with the user's work account is not affected. For example, if a Gmail app is installed on a device that is used for personal and work purposes, and the user is logged in to the Gmail app with their personal account as well as their work account, wiping the "deviceUser" by their work administrator will not affect their personal account within Gmail or other apps such as Photos.

SELECT examples

Lists/Searches DeviceUsers.

SELECT
name,
compromisedState,
createTime,
firstSyncTime,
languageCode,
lastSyncTime,
managementState,
passwordState,
userAgent,
userEmail
FROM google.cloudidentity.device_users
WHERE devicesId = '{{ devicesId }}';

DELETE example

Deletes the specified device_users resource.

/*+ delete */
DELETE FROM google.cloudidentity.device_users
WHERE deviceUsersId = '{{ deviceUsersId }}'
AND devicesId = '{{ devicesId }}';