Skip to main content

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, yes.

Incydr Basic, Advanced, and Gov F1, yes.

Code42 Support

Permissions required for the Gmail connector


When you connect Code42 to Gmail, you grant certain permissions to Code42 in your Gmail environment. This article lists the permissions Code42 requires as well as what those permissions allow Code42 to do in your Gmail environment.

Gmail permissions

Permissions your Google Workspace administrator needs

Code42 uses API client access to connect to and monitor file activity in your Google environment. In order to grant third-party services or applications domain-wide delegation or manage API client access in the Google Admin console, you must be a Google Workspace administrator that has the Super Admin role. Code42 cannot collect data from your Google environment when the connection is authorized by a Google Workspace administrator without this role.

Permissions the Code42 service account needs

When a user emails an attachment, we collect information about the attached file and the sender and recipients for the email. To see this file activity, Code42 requires access to your Gmail environment. 

In the configuration steps when you connect Code42 to Gmail, Code42 provides the client ID and scopes for you to enter in your Google Admin console. Code42 uses the following scopes


This set of permissions means Code42 has read-only access to metadata for emails, attached files, and users within that email service. In other words, Code42 cannot make changes to the emails, data, or users in your email environment. In addition, Code42 does not monitor the contents of those files, and does not back up files in the email service.

External resources

Google documentation

Related topics


  • Was this article helpful?