The CData Sync App provides a straightforward way to continuously pipeline your Google Directory data to any database, data lake, or data warehouse, making it easily available for Analytics, Reporting, AI, and Machine Learning.
The Google Directory connector can be used from the CData Sync application to pull data from Google Directory and move it to any of the supported destinations.
Create a connection to Google Directory by navigating to the Connections page in the Sync App application and selecting the corresponding icon in the Add Connections panel. If the Google Directory icon is not available, click the Add More icon to download and install the Google Directory connector from the CData site.
Required properties are listed under the Settings tab. The Advanced tab lists connection properties that are not typically required.
The Sync App supports using user accounts and GCP instance accounts for authentication.
The following sections discuss the available authentication schemes for Google Directory:
AuthScheme must be set to OAuth in all user account flows.
Get an OAuth Access Token
Set the following connection properties to obtain the OAuthAccessToken:
Then call stored procedures to complete the OAuth exchange:
Once you have obtained the access and refresh tokens, you can connect to data and refresh the OAuth access token either automatically or manually.
Automatic Refresh of the OAuth Access Token
To have the driver automatically refresh the OAuth access token, set the following on the first data connection:
Manual Refresh of the OAuth Access Token
The only value needed to manually refresh the OAuth access token when connecting to data is the OAuth refresh token.
Use the RefreshOAuthAccessToken stored procedure to manually refresh the OAuthAccessToken after the ExpiresIn parameter value returned by GetOAuthAccessToken has elapsed, then set the following connection properties:
Then call RefreshOAuthAccessToken with OAuthRefreshToken set to the OAuth refresh token returned by GetOAuthAccessToken. After the new tokens have been retrieved, open a new connection by setting the OAuthAccessToken property to the value returned by RefreshOAuthAccessToken.
Finally, store the OAuth refresh token so that you can use it to manually refresh the OAuth access token after it has expired.
Option 1: Obtain and Exchange a Verifier Code
To obtain a verifier code, you must authenticate at the OAuth authorization URL.
Follow the steps below to authenticate from the machine with an Internet browser and obtain the OAuthVerifier connection property.
On the headless machine, set the following connection properties to obtain the OAuth authentication values:
After the OAuth settings file is generated, you need to re-set the following properties to connect:
Option 2: Transfer OAuth Settings
Prior to connecting on a headless machine, you need to create and install a connection with the driver on a device that supports an Internet browser. Set the connection properties as described in "Desktop Applications" above.
After completing the instructions in "Desktop Applications", the resulting authentication values are encrypted and written to the path specified by OAuthSettingsLocation. The default filename is OAuthSettings.txt.
Once you have successfully tested the connection, copy the OAuth settings file to your headless machine.
On the headless machine, set the following connection properties to connect to data:
When running on a GCP virtual machine, the Sync App can authenticate using a service account tied to the virtual machine. To use this mode, set AuthScheme to GCPInstanceAccount.
This section details a selection of advanced features of the Google Directory Sync App.
The Sync App allows you to define virtual tables, called user defined views, whose contents are decided by a pre-configured query. These views are useful when you cannot directly control queries being issued to the drivers. See User Defined Views for an overview of creating and configuring custom views.
Use SSL Configuration to adjust how Sync App handles TLS/SSL certificate negotiations. You can choose from various certificate formats; see the SSLServerCert property under "Connection String Options" for more information.
Configure the Sync App for compliance with Firewall and Proxy, including Windows proxies and HTTP proxies. You can also set up tunnel connections.
The Sync App offloads as much of the SELECT statement processing as possible to Google Directory and then processes the rest of the query in memory (client-side).
See Query Processing for more information.
See Logging for an overview of configuration settings that can be used to refine CData logging. For basic logging, you only need to set two connection properties, but there are numerous features that support more refined logging, where you can select subsets of information to be logged using the LogModules connection property.
By default, the Sync App attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store.
To specify another certificate, see the SSLServerCert property for the available formats to do so.
To connect through the Windows system proxy, you do not need to set any additional connection properties. To connect to other proxies, set ProxyAutoDetect to false.
In addition, to authenticate to an HTTP proxy, set ProxyAuthScheme, ProxyUser, and ProxyPassword, in addition to ProxyServer and ProxyPort.
Set the following properties:
The CData Sync App models Google Directory APIs as relational tables, views, and stored procedures. API limitations and requirements for the available objects are documented in this section. The Sync App offloads as much of the SELECT statement processing as possible to the Google Directory APIs and then processes the rest of the query in memory; API limitations and requirements are documented in Tables and Views.
See SupportEnhancedSQL for more information on how the Sync App circumvents API limitations with in-memory client-side processing.
The Sync App provider models the Google Directory API as relational Tables.
Views offer additional information from Google Directory.
Stored Procedures are function-like interfaces to the data source.
The Sync App models the data in Google Directory into a list of tables that can be queried using standard SQL statements.
Generally, querying Google Directory tables is the same as querying a table in a relational database. Sometimes there are special cases, for example, including a certain column in the WHERE clause might be required to get data for certain columns in the table. This is typically needed for situations where a separate request must be made for each row to get certain columns. These types of situations are clearly documented at the top of the table page linked below.
Name | Description |
ChromeOsDevices | Retrieve all Chrome devices for an account. |
DomainAliases | Create, update, and query aliases of a domain. |
Domains | Create, delete, and query the domains for a user. |
GroupAliases | Create, delete, and query aliases for a group. |
GroupMembers | Create, update, delete, and query the members for a group. |
Groups | Create, update, delete, and query groups. |
Notifications | Update, delete, and query notifications for a customer. |
OrganizationUnits | Create, update, delete, and query the organization units for a customer. |
RoleAssignments | Create, delete, and query roles assigned to users. |
Tokens | Query and delete tokens for a user. |
UserAliases | Lists aliases, which are alternative email addresses for a user. |
Users | Query user information. |
Retrieve all Chrome devices for an account.
To get a list of all Chrome devices for an account, the CustomerId column is required. It can be set in the connection string or in the WHERE clause condition. If not specified, the CustomerId of the current account will be used. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM ChromeOsDevices
Inserts are not supported for this table.
Updates a device's annotatedUser, annotatedLocation, or notes properties. To update a notification, the following columns are required: CustomerId and Id. If not specified, the CustomerId of the current account will be used.
UPDATE ChromeOsDevices SET AnnotatedUser='User_2' WHERE Id = '12345' AND CustomerId = '1234'.
Deletes are not supported for this table.
Name | Type | ReadOnly | Description |
Id [KEY] | String | True |
The unique ID of the Chrome device. |
SerialNumber | String | True |
The Chrome device serial number entered when the device was enabled. This value is the same as the Admin console's Serial Number in the Chrome OS Devices tab. |
Model | String | True |
The device's model information. If the device does not have this information, this property is not included in the response. |
MEID | String | True |
The Mobile Equipment Identifier (MEID) for the 3G mobile card in a mobile device. A MEID is typically used when adding a device to a wireless carrier's post-pay service plan. If the device does not have this information, this property is not included in the response. |
LastSync | Datetime | True |
The date and time the device was last enrolled. |
AnnotatedUser | String | False |
The user of the device as noted by the administrator. Maximum length is 100 characters. Empty values are allowed. |
AnnotatedLocation | String | False |
The address or location of the device as noted by the administrator. Maximum length is 200 characters. Empty values are allowed. |
AnnotatedAssetId | String | False |
The asset identifier as noted by an administrator or specified during enrollment. |
Notes | String | False |
Notes about this device added by the administrator. This property can be searched with the list method's query parameter. Maximum length is 500 characters. Empty values are allowed. |
OrgUnitPath | String | False |
The full parent path with the organizational unit's name associated with the device. Path names are case insensitive. If the parent organizational unit is the top-level organization, it is represented as a forward slash, /. This property can be updated using the API |
OrderNumber | String | True |
The device's order number. Only devices directly purchased from Google have an order number. |
MacAddress | String | True |
The device's wireless MAC address. If the device does not have this information, it is not included in the response. |
WillAutoRenew | Boolean | True |
Determines if the device will auto renew its support after the support end date. This is a read-only property. |
OsVersion | String | True |
The Chrome device's operating system version. |
PlatformVersion | String | True |
The Chrome device's platform version. |
FirmwareVersion | String | True |
The Chrome device's firmware version. |
BootMode | String | True |
The boot mode for the device. |
LastEnrollmentTime | String | True |
The date and time the device was last enrolled. |
TmpVersionInfoAggr | String | True |
Trusted Platform Module (TPM). |
ActiveTimeRangesAggr | String | True |
List of active time ranges. |
RecentUsersAggr | String | True |
List of recent device users, in descending order, by last login time. |
DeviceFilesAggr | String | True |
List of device files to download. |
ETag | String | True |
ETag of the resource. |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
CustomerId | String |
Id of the customer |
Create, update, and query aliases of a domain.
To get a list of all the aliases for a domain, the CustomerId column is required. It can be set in the connection string or in the WHERE clause condition. If not specified, the CustomerId of the current account will be used. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM DomainAliases
To insert an alias, the following columns are required: CustomerId, ParentDomain, and DomainAliasName.
INSERT INTO DomainAliases (CustomerId, DomainAliasName, ParentDomain) VALUES ('12345','Alias', 'parentdomain.com')
Updates are not supported for this table.
To delete an alias, the following columns are required: CustomerId and DomainAliasName.
DELETE FROM DomainAliases WHERE CustomerId='C020vaw0q' AND DomainAliasName='Alias'
Name | Type | ReadOnly | Description |
DomainAliasName [KEY] | String | False |
The domain alias name. |
ParentDomain | String | False |
The parent domain name that the domain alias is associated with. |
IsVerified | Boolean | True |
Indicates the verification state of a domain alias. |
CreationDate | Timestamp | True |
Creation date timestamp of the domain alias in milliseconds. |
ETag | String | True |
ETag of the resource |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
CustomerId | String |
Id of the customer |
Create, delete, and query the domains for a user.
To get a list of all the domains, the CustomerId column is required. It can be set in the connection string or in the WHERE clause condition. If not specified, the CustomerId of the current account will be used, as in the following query. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM Domains
To insert a domain, the following columns are required: CustomerId and DomainName.
INSERT INTO Domains (CustomerId, DomainName) VALUES ('12345', 'exampledomain.com')
Updates are not supported for this table.
To delete a domain, the DomainName column is required.
DELETE FROM Domains WHERE DomainName='exampledomain.com'
Name | Type | ReadOnly | Description |
DomainName [KEY] | String | False |
The domain name. |
IsPrimary | Boolean | True |
Indicates if the domain is a primary domain. |
IsVerified | Boolean | True |
Indicates the verification state of a domain. |
CreationDate | Datetime | True |
The creation date of the domain. |
Aliases | String | True |
The aliases of the domain. |
ETag | String | True |
ETag of the resource. |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
CustomerId | String |
Id of the customer |
Create, delete, and query aliases for a group.
To get a list of all the aliases for a group, the GroupId column is required. If not specified, the GroupId of the first group from the Groups table will be used. The Sync App processes other queries client-side in memory.
The following query shows the only filter processed server side by the Google Directory API:
SELECT * FROM GroupAliases WHERE GroupId = '12345'
To insert an alias, the following columns are required: GroupId and Alias.
INSERT INTO GroupAliases (GroupId, Alias) VALUES ('12345', 'Alias')
Updates are not supported for this table.
To delete an alias, the following columns are required: GroupId and Alias.
DELETE FROM GroupAliases WHERE GroupId = '12345' AND Alias = 'Alias'
Name | Type | ReadOnly | Description |
Alias [KEY] | String | False |
The alias email address. |
GroupId | String | True |
Id of the group. |
PrimaryEmail | String | True |
PrimaryEmail of the group. |
ETag | String | True |
ETag of the resource. |
Create, update, delete, and query the members for a group.
To get a list of all the members of a group, the GroupId column is required. If not specified, the Id of the first group from the Groups table will be used. The Sync App processes other queries client-side in memory.
The following query shows the only filter processed server side by the Google Directory API:
SELECT * FROM GroupMembers WHERE GroupId = '12345'
To insert a member, the following columns are required: Email and GroupId.
The Role column only accepts the following values: MEMBER, MANAGER, and OWNER.
INSERT INTO GroupMembers (Email, GroupId, Role) VALUES ('[email protected]', '12345', 'MEMBER')
To update a member, the following columns are required: GroupId and Id.
UPDATE GroupMembers SET Role='MEMBER' WHERE GroupId='1234' AND Id='12345'
To delete a member, the following columns are required: GroupId and Id.
DELETE FROM GroupMembers WHERE GroupId='1234' AND Id='12345'
Name | Type | ReadOnly | Description |
Id [KEY] | String | False |
The unique identifier for the member. |
GroupId | String | True |
The unique identifier for the member. |
String | False |
The email of the member. | |
Role | String | False |
The name of the member. |
Status | String | True |
The status of the member. |
Type | String | True |
The type of members. |
ETag | String | True |
ETag of the resource |
Create, update, delete, and query groups.
To get a list of all the groups, the CustomerId is required. You can either set it in the connection string or in the WHERE clause condition. If not specified, the CustomerId of the current account will be used. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory API:
SELECT * FROM Groups
To insert a group, the Email column is required.
INSERT INTO Groups (Email, Name, Description) VALUES ('[email protected]', 'Group Example Name', 'Example Description')
To update a group, the Id is required.
UPDATE Groups SET Email = '[email protected]', Name = 'Group', Description = 'Description' WHERE Id = 1231
To delete a group, the Id column is required.
DELETE FROM Groups WHERE Id='12345'
Name | Type | ReadOnly | Description |
Id [KEY] | String | True |
The unique identifier for the group. |
String | False |
The email of the group. | |
Name | String | False |
The name of the group. |
MembersCount | Long | True |
The number of members. |
Description | String | False |
Description of the group. |
Aliases | String | True |
Aliases of the group. |
AdminCreated | Boolean | True |
Indicates if the group was created by an admin. |
ETag | String | True |
ETag of the resource |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
CustomerId | String |
The customer Id of the group. |
Domain | String |
Domain name. |
Update, delete, and query notifications for a customer.
To get a list of all the notifications, the CustomerId column is required. It can be set in the connection string or in the WHERE clause condition. If not specified, the CustomerId of the current account will be used. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM Notifications
Inserts are not supported for this table.
To update a notification, the following columns are required: CustomerId and Id. If not specified, the CustomerId of the current account will be used.
UPDATE Notifications SET IsUnread = true WHERE Id = '12345' AND CustomerId = '1234'.
To delete a notification, the following columns are required: CustomerId and Id. If not specified, the CustomerId of the current account will be used.
DELETE FROM Notifications WHERE CustomerId = '1234' AND Id = '12345'
Name | Type | ReadOnly | Description |
Id [KEY] | String | True |
Id of the notification |
Subject | String | False |
Subject of the notification |
Body | String | True |
The body of the notification |
SendDate | Datetime | True |
The date when the notification was sent |
FromAddress | String | True |
The address from which the notification is recieved |
IsUnread | Boolean | False |
Indicates wether the notification is unread or not |
ETag | String | True |
ETag of the resource |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
CustomerId | String |
Id of the customer |
Create, update, delete, and query the organization units for a customer.
To get a list of all the organization units, the CustomerId column is required. It can be set in the connection string or in the WHERE clause condition. If not specified, the CustomerId of the current account will be used. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM OrganizationUnits
To insert an organization unit, the following columns are required: CustomerId, Name, and ParentOrgUnitId. If not specified, the CustomerId of the current account will be used.
INSERT INTO OrganizationUnits (CustomerId, Name, Description, OrgUnitPath, ParentOrgUnitId, ParentOrgUnitPath) VALUES ('12345', 'OrgUnit Name', 'OrgUnit Description', 'Path', '123456', 'ParentPath', '1234')
To update an organization unit, the following columns are required: CustomerId and Id. If not specified, the CustomerId of the current account will be used.
UPDATE OrganizationUnits SET Name='OrgUnit Name', 'Description = 'OrgUnit Description', OrgUnitPath = 'Path', ParentOrgUnitId = '123456', ParentOrgUnitPath = 'ParentPath' WHERE CustomerId='1234' AND Id='12345'
To delete an organization unit, the following columns are required: CustomerId and Id. If not specified, the CustomerId of the current account will be used.
DELETE FROM OrganizationUnits WHERE CustomerId = '1234' AND Id = '12345'
Name | Type | ReadOnly | Description |
Id [KEY] | String | True |
Id of the Organization Unit. |
Name | String | False |
Name of the Organization Unit. |
Description | String | False |
Description of the Organization Unit. |
OrgUnitPath | String | False |
Path of the OrgOrganization Unit.Unit |
ParentOrgUnitPath | String | False |
Path of the Organization Unit's parent. |
ParentOrgUnitId | String | False |
Id of the Organization Unit's parent |
ETag | String | True |
ETag of the resource. |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
CustomerId | String |
Id of the customer |
Create, delete, and query roles assigned to users.
To get a list of all the roles assigned to users, the CustomerId column is required. If not specified, the CustomerId of the current account will be used. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM RoleAssignments
To assign a role to a user, the following columns are required: RoleId, UserId, ScopeType, and CustomerId. If not specified, the CustomerId of the current account will be used.
ScopeType has only two acceptable values : CUSTOMER and ORG_UNIT.
INSERT INTO RoleAssignments (RoleId, UserId, ScopeType) VALUES ('12345', '123456', 'CUSTOMER')
Updates are not supported for this table.
To remove an assigned role from a user, the Id and CustomerId columns are required. If not specified, the CustomerId of the current account will be used.
DELETE FROM RoleAssignments WHERE Id = '12345'
Name | Type | ReadOnly | Description |
Id [KEY] | String | True |
The unique identifier of the role assignment. |
RoleId | String | False |
The Id of the role that is assigned. |
UserId | String | False |
The Id of the user this role is assigned to. |
OrgUnitId | String | False |
If the role is restricted to an organizational unit, this contains the ID for the organizational unit the exercise of this role is restricted to. |
ScopeType | String | False |
The scope in which this role is assigned. Acceptable values are |
Etag | String | True |
Etag of the resource. |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
CustomerId | String |
Id of the customer |
Query and delete tokens for a user.
To get a current set of tokens a specified user has issued to 3rd party applications, the UserId column is required. It can be set in the connection string or in the WHERE clause condition. If not specified, the Id of the first user from the Users table will be used. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM Tokens
Inserts are not supported for this table.
Updates are not supported for this table.
To delete a token, the UserId and Id columns are required.
DELETE FROM Tokens WHERE UserId='12345' AND Id='123456'
Name | Type | ReadOnly | Description |
Id [KEY] | String | False |
The Client ID of the application the token is issued to. |
UserId | String | False |
Aggregate of child privileges. |
DisplayText | String | False |
The displayable name of the application the token is issued to. |
IsAnonymous | Boolean | False |
Indicates if the name of the privilege. |
IsNativeApp | Boolean | False |
Indicates if the token is issued to an installed application. |
ScopesAggregate | String | False |
Aggregate of child privileges. |
Etag | String | False |
Etag of the resource. |
Lists aliases, which are alternative email addresses for a user.
To get a list of all the aliases for a user, the UserId column is required. It can be set in the connection string or in the WHERE clause condition. Otherwise, the Sync App will automatically use the Id of the first user from the Users table. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM Aliases
To insert an alias, the following columns are required: UserId and Alias.
INSERT INTO Aliases (UserId, Alias) VALUES ('12345', 'Alias')
Updates are not supported for this table.
To delete an alias, the following columns are required: UserId and Alias.
DELETE FROM Aliases WHERE Id = '12345' AND Alias = 'Alias'
Name | Type | ReadOnly | Description |
Alias [KEY] | String | False |
The alias email address. |
UserId | String | True |
Id of the user. |
PrimaryEmail | String | True |
PrimaryEmail of the user. |
ETag | String | True |
ETag of the resource. |
Query user information.
To get a list of all the users, CustomerId is required. You can either set it in the connection string or in the WHERE clause condition. If not specified, the CustomerId of the current account will be used. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM Users
To insert a user, the following columns are required: PrimaryEmail, FirstName, Surname, and Password.
INSERT INTO Users (PrimaryEmail, FirstName, Surname, Password, Suspended) VALUES ('[email protected]', 'John', 'Doe', '12345', true)
To update a user, the Id column is required.
UPDATE Users SET PrimaryEmail = '[email protected]', FirstName = 'John' , Surname = 'Doe', Suspended = true WHERE Id = 1231
To delete users, the Id column is required.
DELETE FROM Users WHERE Id = '12345'
Name | Type | ReadOnly | Description |
Id [KEY] | String | True |
The unique identifier for the user. |
CustomerId | String | True |
The customer Id of the user. |
PrimaryEmail | String | False |
The primary email of the user. |
FirstName | String | False |
The first name of the user. |
Surname | String | False |
The surname of the user. |
Aliases | String | True |
The aliases of the user. |
IsAdmin | Boolean | True |
Indicates if the user is an admin. |
IsDelegatedAdmin | Boolean | True |
Indicates if the user is a delegated admin. |
LastLoginDate | Datetime | True |
Last time the user logged on. |
CreationDate | Datetime | True |
Creation date of the user. |
DeletionDate | Datetime | True |
Deletion date of the user. |
AgreedToTerms | Boolean | True |
Indicates if the user agreed to the terms or not. |
Suspended | Boolean | False |
Indicates if the user got supsended. |
SuspensionReason | String | True |
The reason the user got supsended. |
OrgUnitPath | String | False |
The full path of the parent organization associated with the user. If the parent organization is the top-level, it is represented as a forward slash (/). |
IsMailBoxSetup | Boolean | True |
Indicates if the user's Google mailbox is created. This property is only applicable if the user has been assigned a Gmail license. |
IsEnrolledIn2Sv | Boolean | True |
Indicates if the user is enrolled in 2-step verification. |
IsEnforcedIn2Sv | Boolean | True |
Indicates if the user is enforced in 2-step verification. |
IncludeInGlobalAddressList | Boolean | True |
Indicates if the user's profile is visible in the G Suite global address list when the contact sharing feature is enabled for the domain. |
ThumbnailPhotoUrl | String | True |
Photo Url of the user |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
Password | String |
The password of the user. |
Domain | String |
Domain name |
Views are composed of columns and pseudo columns. Views are similar to tables in the way that data is represented; however, views do not support updates. Entities that are represented as views are typically read-only entities. Often, a stored procedure is available to update the data if such functionality is applicable to the data source.
Queries can be executed against a view as if it were a normal table, and the data that comes back is similar in that regard.
Dynamic views, such as queries exposed as views, and views for looking up specific combinations of project_team work items are supported.
Name | Description |
AppSpecificPasswords | Lists all Application Specific Passwords (passwords that are used with applications that do not accept verification codes) issued by a user. |
MobileDevices | Lists mobile devices for an account. |
Privileges | Lists all Privileges. |
Roles | Lists roles in a domain. |
UserAddresses | Lists the addresses for a user. |
UserEmails | Query the emails for a user. |
UserInstantMessagingAccounts | Query the IM accounts for a user. |
UserLocations | Query the locations for a user. |
UserOrganizations | Query the organizations for a user. |
UserPhones | Query the phone numbers for a user. |
UserWebsites | Retrieve a list of the websites of a user. |
VerificationCodes | Query verification codes for a user. |
Lists all Application Specific Passwords (passwords that are used with applications that do not accept verification codes) issued by a user.
To get a list of all the application specific tokens issued by a user, the UserId column is required. It can be set in the connection string or in the WHERE clause condition. If not specified, the Id of the first user from the Users table will be used. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory API:
SELECT * FROM AppSpecificPasswords
Name | Type | Description |
Id [KEY] | String | The unique identifier of the ASP. |
UserId | String | The unique identifier of the user who issued the ASP. |
Name | String | Name of the ASP. |
CreationDate | Datetime | The date when the ASP was created. |
LastTimeUsed | Datetime | The time when the ASP was last used. |
Etag | String | Etag of the resource. |
Lists mobile devices for an account.
To get a list of all mobile devices for an account, the CustomerId column is required. It can be set in the connection string or in the WHERE clause condition. If not specified, the CustomerId of the current account will be used. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM MobileDevices
Name | Type | Description |
Id [KEY] | String | The serial number for a Google Sync mobile device. For Android and iOS devices, this is a software generated unique identifier. |
ResourceId | String | The unique ID the API service uses to identify the mobile device. |
Name | String | List of the owner's usernames. |
AccountsList | String | List of accounts added on device. |
String | List of the owner's emails. | |
Model | String | The mobile device's model name. |
OS | String | The mobile device's operating system |
Type | String | The type of mobile device. |
Status | String | The device's status. |
HardwareId | String | The IMEI/MEID unique identifier for Android hardware. |
FirstSyncDate | Datetime | The date and time the device was initially synchronized with the policy settings in the Admin console. |
LastSyncDate | Datetime | The date and time the device was last synchronized with the policy settings in the Admin console. |
UserAgent | String | Gives information about the device such as os version. |
SerialNumber | String | The device's serial number. |
IMEI | String | The device's IMEI number. |
MEID | String | The device's MEID number. |
WiFiMacAddress | String | The device's MAC address on Wi-Fi networks. |
NetworkOperator | String | Mobile Device mobile or network operator. |
DefaultLanguage | String | The default langauge used on the device. |
DeviceCompromisedStatus | String | The compromised device status. |
BuildNumber | String | The device's operating system build number. |
KernelVersion | String | The device's kernel version. |
BasebandVersion | String | The device's baseband version. |
Manufacturer | String | The device's manufacturer. |
ReleaseVersion | String | Mobile Device release version version. |
SecurityPatchLevel | String | The device's security patch level. |
Brand | String | The device's brand. |
BootloaderVersion | String | The device's bootloader version. |
Hardware | String | The device's hardware. |
EncryptionStatus | String | The device's encryption status. |
DevicePasswordStatus | String | The device's password status |
Privilege | String | DMAgentPermission. |
UnknownSourcesStatus | Boolean | Indicates if unknown sources are enabled or disabled on device |
AdbStatus | Boolean | Indicates if adb(USB debugging) is enabled or disabled on device |
IsOnOwnerProfile | Boolean | Indicates if this account is on owner/primary profile or not. |
SupportsWorkProfile | Boolean | Indicates if work profile is supported on device. |
Etag | String | Etag of the resource |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
CustomerId | String | The Id of the customer |
Lists all Privileges.
To get a list of all privileges for an account, the CustomerId column is required. It can be set in the connection string or in the WHERE clause condition. If not specified, the CustomerId of the current account will be used. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM Privileges
Name | Type | Description |
ServiceId [KEY] | String | The obfuscated ID of the service this privilege is for. |
ServiceName [KEY] | String | The name of the service this privilege is for. |
PrivilegeName | String | The name of the privilege. |
ParentServiceId | String | The service Id of the parent privilege. |
ParentPrivilegeName | String | The privilege name of the parent privilege. |
IsOrganizationUnitRestrictable | Boolean | Indicates if the privilege can be restricted to an organization unit. |
Etag | String | Etag of the resource. |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
CustomerId | String | Id of the customer |
Lists roles in a domain.
To get a list of all the roles, the CustomerId column is required. It can be set in the connection string or in the WHERE clause condition. If not specified, the CustomerId of the current account will be used. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM Roles
Name | Type | Description |
Id [KEY] | String | The unique identifier for the role. |
Name | String | Name of the role. |
Description | String | A short description of the role. |
PrivilegeName | String | The name of the privilege. |
ServiceId | String | The ID of the service the privilege is for. |
IsSystemRole | Boolean | Indicates if it is a pre-defined system role. |
IsSuperAdminRole | Boolean | Indicates if the role is a super admin role. |
Etag | String | Etag of the resource. |
Pseudo column fields are used in the WHERE clause of SELECT statements and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
CustomerId | String | Id of the customer |
Lists the addresses for a user.
To get a list of addresses for a user, the UserId column is required. It can be set in the connection string or in the WHERE clause condition. Otherwise, the Sync App will automatically use the UserId of the first user from the Users table. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM UserAddresses
Name | Type | Description |
UserId | String | The unique identifier for the user. |
Type | String | The address type. |
CustomType | String | The custom type of the address. |
FormattedAddress | String | The full unstructured postal address. |
PoBox | String | Post office box of the address. |
ExtendedAddress | String | The extended address |
StreetAddress | String | The street address |
Locality | String | The town or city of the address. |
Region | String | The abbreviated province or state. |
PostalCode | String | The ZIP or postal code, if applicable. |
Country | String | Country in the address. |
CountryCode | String | The country code. Uses the ISO 3166-1 standard. |
IsPrimary | Boolean | Indicates if this is the primary address of the user |
Query the emails for a user.
To get a list of email addresses for a user, the UserId column is required. It can be set in the connection string or in the WHERE clause condition. Otherwise, the Sync App will automatically use the Id of the first user from the Users table. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM UserEmails
Name | Type | Description |
Address | String | The user's email address |
UserId | String | The unique identifier for the user. |
IsPrimary | String | Indicates if this is the user's primary email. |
CustomType | String | The custom type of the email. |
Type | String | The type of the email account. |
Query the IM accounts for a user.
To get a list of IM accounts for a user, the UserId column is required. It can be set in the connection string or in the WHERE clause condition. Otherwise, the Sync App will automatically use the Id of the first user from the Users table. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM UserInstantMessagingAccounts
Name | Type | Description |
IM | String | The user's IM network ID. |
UserId | String | The unique identifier for the user. |
Protocol | String | The IM protocol identifies the IM network. |
CustomProtocol | String | The custom type of the IM protcol. |
IsPrimary | String | Indicates if this is the user's primary IM. |
CustomType | String | The custom type of the IM account. |
Type | String | The type of the IM account. |
Query the locations for a user.
To get a list of locations for a user, the UserId column is required. It can be set in the connection string or in the WHERE clause condition. Otherwise, the Sync App will automatically use the Id of the first user from the Users table. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM UserLocations
Name | Type | Description |
Area | String | Textual location of the user. |
UserId | String | The unique identifier for the user. |
BuildingId | String | The building identifier. |
DeskCode | String | The desk location. |
FloorName | String | The floor name/number |
FloorSection | String | The floor section. |
CustomType | String | The custom type of the location. |
Type | String | The type of the location. |
Query the organizations for a user.
To get a list of organizations for a user, the UserId column is required. It can be set in the connection string or in the WHERE clause condition. Otherwise, the Sync App will automatically use the Id of the first user from the Users table. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM UserOrganizations
Name | Type | Description |
Name | String | The name of the organization. |
UserId | String | The unique identifier for the user. |
OrganizationDomain | String | The domain the organization belongs to. |
Department | String | Specifies the department within the organization. |
Description | String | The description of the organization. |
Title | String | The user's title within the organization. |
CostCenter | String | The cost center of the user's organization. |
Location | String | The physical location of the organization. |
IsPrimary | Boolean | Indicates if this is the user's primary organization. |
Symbol | String | Text string symbol of the organization. |
Type | String | Country in the address. |
CustomType | String | If the value of type is custom, this property contains the custom type. |
Query the phone numbers for a user.
To get a list of phones for a user, the UserId column is required. It can be set in the connection string or in the WHERE clause condition. Otherwise, the Sync App will automatically use the Id of the first user from the Users table. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM UserPhones
Name | Type | Description |
PhoneNumber | String | The user's phone number. |
UserId | String | The unique identifier for the user. |
IsPrimary | String | Indicates if this is the user's primary IM. |
CustomType | String | The custom type of the phone number. |
Type | String | The type of the phone number. |
Retrieve a list of the websites of a user.
To get a list of websites for a user, the UserId column is required. It can be set in the connection string or in the WHERE clause condition. Otherwise, the Sync App will automatically use the Id of the first user from the Users table. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM UserWebsites
Name | Type | Description |
URL | String | The URL of the website. |
UserId | String | The unique identifier for the user. |
CustomType | String | The custom type of the website. |
Type | String | The type of the website. |
IsPrimary | Boolean | Indicates if this is the user's primary website or not |
Query verification codes for a user.
To get a current set of valid backup verification codes for a specified user, the UserId column is required. It can be set in the connection string or in the WHERE clause condition. If not specified, the Id of the first user from the Users table will be used. The Sync App processes other queries client-side in memory.
For example, the following query is processed server side by the Google Directory APIs:
SELECT * FROM VerificationCodes
Name | Type | Description |
UserId | String | The unique ID of the user. |
VerificationCode | String | A current verification code for the user. |
Etag | String | Etag of the resource. |
The connection string properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure in the connection string for this provider. Click the links for further details.
For more information on establishing a connection, see Establishing a Connection.
Property | Description |
AuthScheme | The type of authentication to use when connecting to Google Directory. |
Property | Description |
OAuthClientId | The client Id assigned when you register your application with an OAuth authorization server. |
OAuthClientSecret | The client secret assigned when you register your application with an OAuth authorization server. |
Scope | Specify scope to obtain the initial access and refresh token. |
Property | Description |
OAuthJWTCert | The JWT Certificate store. |
OAuthJWTCertType | The type of key store containing the JWT Certificate. |
OAuthJWTCertPassword | The password for the OAuth JWT certificate. |
OAuthJWTCertSubject | The subject of the OAuth JWT certificate. |
OAuthJWTIssuer | The issuer of the Java Web Token. |
OAuthJWTSubject | The user subject for which the application is requesting delegated access. |
Property | Description |
SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. |
Property | Description |
FirewallType | The protocol used by a proxy-based firewall. |
FirewallServer | The name or IP address of a proxy-based firewall. |
FirewallPort | The TCP port for a proxy-based firewall. |
FirewallUser | The user name to use to authenticate with a proxy-based firewall. |
FirewallPassword | A password used to authenticate to a proxy-based firewall. |
Property | Description |
ProxyAutoDetect | This indicates whether to use the system proxy settings or not. This takes precedence over other proxy settings, so you'll need to set ProxyAutoDetect to FALSE in order use custom proxy settings. |
ProxyServer | The hostname or IP address of a proxy to route HTTP traffic through. |
ProxyPort | The TCP port the ProxyServer proxy is running on. |
ProxyAuthScheme | The authentication type to use to authenticate to the ProxyServer proxy. |
ProxyUser | A user name to be used to authenticate to the ProxyServer proxy. |
ProxyPassword | A password to be used to authenticate to the ProxyServer proxy. |
ProxySSLType | The SSL type to use when connecting to the ProxyServer proxy. |
ProxyExceptions | A semicolon separated list of destination hostnames or IPs that are exempt from connecting through the ProxyServer . |
Property | Description |
LogModules | Core modules to be included in the log file. |
Property | Description |
Location | A path to the directory that contains the schema files defining tables, views, and stored procedures. |
BrowsableSchemas | This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC. |
Tables | This property restricts the tables reported to a subset of the available tables. For example, Tables=TableA,TableB,TableC. |
Views | Restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC. |
Property | Description |
CustomerId | Restrict query results to this customer. |
Domain | Restrict queries to this domain. |
GroupId | Restrict query results to this group. |
MaxRows | Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time. |
Other | These hidden properties are used only in specific use cases. |
Pagesize | The maximum number of results to return per page from Google Directory. |
PseudoColumns | This property indicates whether or not to include pseudo columns as columns to the table. |
Timeout | The value in seconds until the timeout error is thrown, canceling the operation. |
UserDefinedViews | A filepath pointing to the JSON configuration file containing your custom views. |
UserId | Restrict query results to this user. |
This section provides a complete list of the Authentication properties you can configure in the connection string for this provider.
Property | Description |
AuthScheme | The type of authentication to use when connecting to Google Directory. |
The type of authentication to use when connecting to Google Directory.
This section provides a complete list of the OAuth properties you can configure in the connection string for this provider.
Property | Description |
OAuthClientId | The client Id assigned when you register your application with an OAuth authorization server. |
OAuthClientSecret | The client secret assigned when you register your application with an OAuth authorization server. |
Scope | Specify scope to obtain the initial access and refresh token. |
The client Id assigned when you register your application with an OAuth authorization server.
As part of registering an OAuth application, you will receive the OAuthClientId value, sometimes also called a consumer key, and a client secret, the OAuthClientSecret.
The client secret assigned when you register your application with an OAuth authorization server.
As part of registering an OAuth application, you will receive the OAuthClientId, also called a consumer key. You will also receive a client secret, also called a consumer secret. Set the client secret in the OAuthClientSecret property.
Specify scope to obtain the initial access and refresh token.
Specify scope to obtain the initial access and refresh token.
This section provides a complete list of the JWT OAuth properties you can configure in the connection string for this provider.
Property | Description |
OAuthJWTCert | The JWT Certificate store. |
OAuthJWTCertType | The type of key store containing the JWT Certificate. |
OAuthJWTCertPassword | The password for the OAuth JWT certificate. |
OAuthJWTCertSubject | The subject of the OAuth JWT certificate. |
OAuthJWTIssuer | The issuer of the Java Web Token. |
OAuthJWTSubject | The user subject for which the application is requesting delegated access. |
The JWT Certificate store.
The name of the certificate store for the client certificate.
The OAuthJWTCertType field specifies the type of the certificate store specified by OAuthJWTCert. If the store is password protected, specify the password in OAuthJWTCertPassword.
OAuthJWTCert is used in conjunction with the OAuthJWTCertSubject field in order to specify client certificates. If OAuthJWTCert has a value, and OAuthJWTCertSubject is set, a search for a certificate is initiated. Please refer to the OAuthJWTCertSubject field for details.
Designations of certificate stores are platform-dependent.
The following are designations of the most common User and Machine certificate stores in Windows:
MY | A certificate store holding personal certificates with their associated private keys. |
CA | Certifying authority certificates. |
ROOT | Root certificates. |
SPC | Software publisher certificates. |
In Java, the certificate store normally is a file containing certificates and optional private keys.
When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).
The type of key store containing the JWT Certificate.
This property can take one of the following values:
USER | For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: This store type is not available in Java. |
MACHINE | For Windows, this specifies that the certificate store is a machine store. Note: this store type is not available in Java. |
PFXFILE | The certificate store is the name of a PFX (PKCS12) file containing certificates. |
PFXBLOB | The certificate store is a string (base-64-encoded) representing a certificate store in PFX (PKCS12) format. |
JKSFILE | The certificate store is the name of a Java key store (JKS) file containing certificates. Note: this store type is only available in Java. |
JKSBLOB | The certificate store is a string (base-64-encoded) representing a certificate store in Java key store (JKS) format. Note: this store type is only available in Java. |
PEMKEY_FILE | The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate. |
PEMKEY_BLOB | The certificate store is a string (base64-encoded) that contains a private key and an optional certificate. |
PUBLIC_KEY_FILE | The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate. |
PUBLIC_KEY_BLOB | The certificate store is a string (base-64-encoded) that contains a PEM- or DER-encoded public key certificate. |
SSHPUBLIC_KEY_FILE | The certificate store is the name of a file that contains an SSH-style public key. |
SSHPUBLIC_KEY_BLOB | The certificate store is a string (base-64-encoded) that contains an SSH-style public key. |
P7BFILE | The certificate store is the name of a PKCS7 file containing certificates. |
PPKFILE | The certificate store is the name of a file that contains a PPK (PuTTY Private Key). |
XMLFILE | The certificate store is the name of a file that contains a certificate in XML format. |
XMLBLOB | The certificate store is a string that contains a certificate in XML format. |
GOOGLEJSON | The certificate store is the name of a JSON file containing the service account information. Only valid when connecting to a Google service. |
GOOGLEJSONBLOB | The certificate store is a string that contains the service account JSON. Only valid when connecting to a Google service. |
The password for the OAuth JWT certificate.
If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
This is not required when using the GOOGLEJSON OAuthJWTCertType. Google JSON keys are not encrypted.
The subject of the OAuth JWT certificate.
When loading a certificate the subject is used to locate the certificate in the store.
If an exact match is not found, the store is searched for subjects containing the value of the property.
If a match is still not found, the property is set to an empty string, and no certificate is selected.
The special value "*" picks the first certificate in the certificate store.
The certificate subject is a comma separated list of distinguished name fields and values. For instance "CN=www.server.com, OU=test, C=US, [email protected]". Common fields and their meanings are displayed below.
Field | Meaning |
CN | Common Name. This is commonly a host name like www.server.com. |
O | Organization |
OU | Organizational Unit |
L | Locality |
S | State |
C | Country |
E | Email Address |
If a field value contains a comma it must be quoted.
The issuer of the Java Web Token.
The issuer of the Java Web Token. This is typically either the Client Id or Email Address of the OAuth Application.
This is not required when using the GOOGLEJSON OAuthJWTCertType. Google JSON keys contain a copy of the issuer account.
The user subject for which the application is requesting delegated access.
The user subject for which the application is requesting delegated access. Typically, the user account name or email address.
This section provides a complete list of the SSL properties you can configure in the connection string for this provider.
Property | Description |
SSLServerCert | The certificate to be accepted from the server when connecting using TLS/SSL. |
The certificate to be accepted from the server when connecting using TLS/SSL.
If using a TLS/SSL connection, this property can be used to specify the TLS/SSL certificate to be accepted from the server. Any other certificate that is not trusted by the machine is rejected.
This property can take the following forms:
Description | Example |
A full PEM Certificate (example shortened for brevity) | -----BEGIN CERTIFICATE----- MIIChTCCAe4CAQAwDQYJKoZIhv......Qw== -----END CERTIFICATE----- |
A path to a local file containing the certificate | C:\cert.cer |
The public key (example shortened for brevity) | -----BEGIN RSA PUBLIC KEY----- MIGfMA0GCSq......AQAB -----END RSA PUBLIC KEY----- |
The MD5 Thumbprint (hex values can also be either space or colon separated) | ecadbdda5a1529c58a1e9e09828d70e4 |
The SHA1 Thumbprint (hex values can also be either space or colon separated) | 34a929226ae0819f2ec14b4a3d904f801cbb150d |
If not specified, any certificate trusted by the machine is accepted.
Use '*' to signify to accept all certificates. Note that this is not recommended due to security concerns.
This section provides a complete list of the Firewall properties you can configure in the connection string for this provider.
Property | Description |
FirewallType | The protocol used by a proxy-based firewall. |
FirewallServer | The name or IP address of a proxy-based firewall. |
FirewallPort | The TCP port for a proxy-based firewall. |
FirewallUser | The user name to use to authenticate with a proxy-based firewall. |
FirewallPassword | A password used to authenticate to a proxy-based firewall. |
The protocol used by a proxy-based firewall.
This property specifies the protocol that the Sync App will use to tunnel traffic through the FirewallServer proxy. Note that by default, the Sync App connects to the system proxy; to disable this behavior and connect to one of the following proxy types, set ProxyAutoDetect to false.
Type | Default Port | Description |
TUNNEL | 80 | When this is set, the Sync App opens a connection to Google Directory and traffic flows back and forth through the proxy. |
SOCKS4 | 1080 | When this is set, the Sync App sends data through the SOCKS 4 proxy specified by FirewallServer and FirewallPort and passes the FirewallUser value to the proxy, which determines if the connection request should be granted. |
SOCKS5 | 1080 | When this is set, the Sync App sends data through the SOCKS 5 proxy specified by FirewallServer and FirewallPort. If your proxy requires authentication, set FirewallUser and FirewallPassword to credentials the proxy recognizes. |
To connect to HTTP proxies, use ProxyServer and ProxyPort. To authenticate to HTTP proxies, use ProxyAuthScheme, ProxyUser, and ProxyPassword.
The name or IP address of a proxy-based firewall.
This property specifies the IP address, DNS name, or host name of a proxy allowing traversal of a firewall. The protocol is specified by FirewallType: Use FirewallServer with this property to connect through SOCKS or do tunneling. Use ProxyServer to connect to an HTTP proxy.
Note that the Sync App uses the system proxy by default. To use a different proxy, set ProxyAutoDetect to false.
The TCP port for a proxy-based firewall.
This specifies the TCP port for a proxy allowing traversal of a firewall. Use FirewallServer to specify the name or IP address. Specify the protocol with FirewallType.
The user name to use to authenticate with a proxy-based firewall.
The FirewallUser and FirewallPassword properties are used to authenticate against the proxy specified in FirewallServer and FirewallPort, following the authentication method specified in FirewallType.
A password used to authenticate to a proxy-based firewall.
This property is passed to the proxy specified by FirewallServer and FirewallPort, following the authentication method specified by FirewallType.
This section provides a complete list of the Proxy properties you can configure in the connection string for this provider.
Property | Description |
ProxyAutoDetect | This indicates whether to use the system proxy settings or not. This takes precedence over other proxy settings, so you'll need to set ProxyAutoDetect to FALSE in order use custom proxy settings. |
ProxyServer | The hostname or IP address of a proxy to route HTTP traffic through. |
ProxyPort | The TCP port the ProxyServer proxy is running on. |
ProxyAuthScheme | The authentication type to use to authenticate to the ProxyServer proxy. |
ProxyUser | A user name to be used to authenticate to the ProxyServer proxy. |
ProxyPassword | A password to be used to authenticate to the ProxyServer proxy. |
ProxySSLType | The SSL type to use when connecting to the ProxyServer proxy. |
ProxyExceptions | A semicolon separated list of destination hostnames or IPs that are exempt from connecting through the ProxyServer . |
This indicates whether to use the system proxy settings or not. This takes precedence over other proxy settings, so you'll need to set ProxyAutoDetect to FALSE in order use custom proxy settings.
This takes precedence over other proxy settings, so you'll need to set ProxyAutoDetect to FALSE in order use custom proxy settings.
To connect to an HTTP proxy, see ProxyServer. For other proxies, such as SOCKS or tunneling, see FirewallType.
The hostname or IP address of a proxy to route HTTP traffic through.
The hostname or IP address of a proxy to route HTTP traffic through. The Sync App can use the HTTP, Windows (NTLM), or Kerberos authentication types to authenticate to an HTTP proxy.
If you need to connect through a SOCKS proxy or tunnel the connection, see FirewallType.
By default, the Sync App uses the system proxy. If you need to use another proxy, set ProxyAutoDetect to false.
The TCP port the ProxyServer proxy is running on.
The port the HTTP proxy is running on that you want to redirect HTTP traffic through. Specify the HTTP proxy in ProxyServer. For other proxy types, see FirewallType.
The authentication type to use to authenticate to the ProxyServer proxy.
This value specifies the authentication type to use to authenticate to the HTTP proxy specified by ProxyServer and ProxyPort.
Note that the Sync App will use the system proxy settings by default, without further configuration needed; if you want to connect to another proxy, you will need to set ProxyAutoDetect to false, in addition to ProxyServer and ProxyPort. To authenticate, set ProxyAuthScheme and set ProxyUser and ProxyPassword, if needed.
The authentication type can be one of the following:
If you need to use another authentication type, such as SOCKS 5 authentication, see FirewallType.
A user name to be used to authenticate to the ProxyServer proxy.
The ProxyUser and ProxyPassword options are used to connect and authenticate against the HTTP proxy specified in ProxyServer.
You can select one of the available authentication types in ProxyAuthScheme. If you are using HTTP authentication, set this to the user name of a user recognized by the HTTP proxy. If you are using Windows or Kerberos authentication, set this property to a user name in one of the following formats:
user@domain domain\user
A password to be used to authenticate to the ProxyServer proxy.
This property is used to authenticate to an HTTP proxy server that supports NTLM (Windows), Kerberos, or HTTP authentication. To specify the HTTP proxy, you can set ProxyServer and ProxyPort. To specify the authentication type, set ProxyAuthScheme.
If you are using HTTP authentication, additionally set ProxyUser and ProxyPassword to HTTP proxy.
If you are using NTLM authentication, set ProxyUser and ProxyPassword to your Windows password. You may also need these to complete Kerberos authentication.
For SOCKS 5 authentication or tunneling, see FirewallType.
By default, the Sync App uses the system proxy. If you want to connect to another proxy, set ProxyAutoDetect to false.
The SSL type to use when connecting to the ProxyServer proxy.
This property determines when to use SSL for the connection to an HTTP proxy specified by ProxyServer. This value can be AUTO, ALWAYS, NEVER, or TUNNEL. The applicable values are the following:
AUTO | Default setting. If the URL is an HTTPS URL, the Sync App will use the TUNNEL option. If the URL is an HTTP URL, the component will use the NEVER option. |
ALWAYS | The connection is always SSL enabled. |
NEVER | The connection is not SSL enabled. |
TUNNEL | The connection is through a tunneling proxy. The proxy server opens a connection to the remote host and traffic flows back and forth through the proxy. |
A semicolon separated list of destination hostnames or IPs that are exempt from connecting through the ProxyServer .
The ProxyServer is used for all addresses, except for addresses defined in this property. Use semicolons to separate entries.
Note that the Sync App uses the system proxy settings by default, without further configuration needed; if you want to explicitly configure proxy exceptions for this connection, you need to set ProxyAutoDetect = false, and configure ProxyServer and ProxyPort. To authenticate, set ProxyAuthScheme and set ProxyUser and ProxyPassword, if needed.
This section provides a complete list of the Logging properties you can configure in the connection string for this provider.
Property | Description |
LogModules | Core modules to be included in the log file. |
Core modules to be included in the log file.
Only the modules specified (separated by ';') will be included in the log file. By default all modules are included.
See the Logging page for an overview.
This section provides a complete list of the Schema properties you can configure in the connection string for this provider.
Property | Description |
Location | A path to the directory that contains the schema files defining tables, views, and stored procedures. |
BrowsableSchemas | This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC. |
Tables | This property restricts the tables reported to a subset of the available tables. For example, Tables=TableA,TableB,TableC. |
Views | Restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC. |
A path to the directory that contains the schema files defining tables, views, and stored procedures.
The path to a directory which contains the schema files for the Sync App (.rsd files for tables and views, .rsb files for stored procedures). The folder location can be a relative path from the location of the executable. The Location property is only needed if you want to customize definitions (for example, change a column name, ignore a column, and so on) or extend the data model with new tables, views, or stored procedures.
If left unspecified, the default location is "%APPDATA%\\CData\\GoogleDirectory Data Provider\\Schema" with %APPDATA% being set to the user's configuration directory:
This property restricts the schemas reported to a subset of the available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC.
Listing the schemas from databases can be expensive. Providing a list of schemas in the connection string improves the performance.
This property restricts the tables reported to a subset of the available tables. For example, Tables=TableA,TableB,TableC.
Listing the tables from some databases can be expensive. Providing a list of tables in the connection string improves the performance of the Sync App.
This property can also be used as an alternative to automatically listing views if you already know which ones you want to work with and there would otherwise be too many to work with.
Specify the tables you want in a comma-separated list. Each table should be a valid SQL identifier with any special characters escaped using square brackets, double-quotes or backticks. For example, Tables=TableA,[TableB/WithSlash],WithCatalog.WithSchema.`TableC With Space`.
Note that when connecting to a data source with multiple schemas or catalogs, you will need to provide the fully qualified name of the table in this property, as in the last example here, to avoid ambiguity between tables that exist in multiple catalogs or schemas.
Restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC.
Listing the views from some databases can be expensive. Providing a list of views in the connection string improves the performance of the Sync App.
This property can also be used as an alternative to automatically listing views if you already know which ones you want to work with and there would otherwise be too many to work with.
Specify the views you want in a comma-separated list. Each view should be a valid SQL identifier with any special characters escaped using square brackets, double-quotes or backticks. For example, Views=ViewA,[ViewB/WithSlash],WithCatalog.WithSchema.`ViewC With Space`.
Note that when connecting to a data source with multiple schemas or catalogs, you will need to provide the fully qualified name of the table in this property, as in the last example here, to avoid ambiguity between tables that exist in multiple catalogs or schemas.
This section provides a complete list of the Miscellaneous properties you can configure in the connection string for this provider.
Property | Description |
CustomerId | Restrict query results to this customer. |
Domain | Restrict queries to this domain. |
GroupId | Restrict query results to this group. |
MaxRows | Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time. |
Other | These hidden properties are used only in specific use cases. |
Pagesize | The maximum number of results to return per page from Google Directory. |
PseudoColumns | This property indicates whether or not to include pseudo columns as columns to the table. |
Timeout | The value in seconds until the timeout error is thrown, canceling the operation. |
UserDefinedViews | A filepath pointing to the JSON configuration file containing your custom views. |
UserId | Restrict query results to this user. |
Restrict query results to this customer.
This property can be set in the connection string or query. Otherwise, the Sync App will use the Customer Id of the authenticated user. You can also get this value from the Users table.
Restrict queries to this domain.
The domain name (e.g., cdata.com). Use this connection property to get results from only one domain.
Restrict query results to this group.
This property must be set in the connection string or query. Otherwise, the Sync App will use the first found Group Id. You can get this value from the Groups table.
Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time.
Limits the number of rows returned rows when no aggregation or group by is used in the query. This helps avoid performance issues at design time.
These hidden properties are used only in specific use cases.
The properties listed below are available for specific use cases. Normal driver use cases and functionality should not require these properties.
Specify multiple properties in a semicolon-separated list.
DefaultColumnSize | Sets the default length of string fields when the data source does not provide column length in the metadata. The default value is 2000. |
ConvertDateTimeToGMT | Determines whether to convert date-time values to GMT, instead of the local time of the machine. |
RecordToFile=filename | Records the underlying socket data transfer to the specified file. |
The maximum number of results to return per page from Google Directory.
The Pagesize property affects the maximum number of results to return per page from Google Directory. Setting a higher value may result in better performance at the cost of additional memory allocated per page consumed.
This property indicates whether or not to include pseudo columns as columns to the table.
This setting is particularly helpful in Entity Framework, which does not allow you to set a value for a pseudo column unless it is a table column. The value of this connection setting is of the format "Table1=Column1, Table1=Column2, Table2=Column3". You can use the "*" character to include all tables and all columns; for example, "*=*".
The value in seconds until the timeout error is thrown, canceling the operation.
If Timeout = 0, operations do not time out. The operations run until they complete successfully or until they encounter an error condition.
If Timeout expires and the operation is not yet complete, the Sync App throws an exception.
A filepath pointing to the JSON configuration file containing your custom views.
User Defined Views are defined in a JSON-formatted configuration file called UserDefinedViews.json. The Sync App automatically detects the views specified in this file.
You can also have multiple view definitions and control them using the UserDefinedViews connection property. When you use this property, only the specified views are seen by the Sync App.
This User Defined View configuration file is formatted as follows:
For example:
{ "MyView": { "query": "SELECT * FROM Group WHERE MyColumn = 'value'" }, "MyView2": { "query": "SELECT * FROM MyTable WHERE Id IN (1,2,3)" } }Use the UserDefinedViews connection property to specify the location of your JSON configuration file. For example:
"UserDefinedViews", "C:\\Users\\yourusername\\Desktop\\tmp\\UserDefinedViews.json"
Restrict query results to this user.
The Id of the user. If not specified, the first user from the Users table will be used.