From https://developers.google.com/admin-sdk/directory/v1/guides/authorizing:
Scopes for devices
- https://www.googleapis.com/auth/admin.directory.device.chromeos For all Chrome device operations, use this global scope
- https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly Use to limit the administrator's scope for only retrieving Chrome devices
- https://www.googleapis.com/auth/admin.directory.device.mobile For all mobile device operations, use this global scope
- https://www.googleapis.com/auth/admin.directory.device.mobile.readonly Use to limit the administrator's scope for only retrieving mobile device
- https://www.googleapis.com/auth/admin.directory.device.mobile.action Use to limit the administrator's scope for tasks that take an action on a mobile device.
Scopes for groups, group aliases, and group members
- https://www.googleapis.com/auth/admin.directory.group For all group operations, use this global group, group alias, and member scope.
- https://www.googleapis.com/auth/admin.directory.group.readonly Use to limit the administrator's scope for retrieving group, group alias, and member information.
Scopes for organization units
- https://www.googleapis.com/auth/admin.directory.orgunit For all organization unit operations use this global organization unit scope
- https://www.googleapis.com/auth/admin.directory.orgunit.readonly Use to limit an administrator's scope for retrieving organization units
Scopes for users and user aliases
- https://www.googleapis.com/auth/admin.directory.user For all user and user alias operations, use this global user scope
- https://www.googleapis.com/auth/admin.directory.user.readonly Use to limit the administrator's scope for retrieving users or user aliases