
Gripes with Google Groups - wglb
http://latacora.singles/2018/05/29/gripes-with-google.html
======
tptacek
This is an LVH post, but the basic idea is: if you're using GSuite as a source
of truth for identity in your company (lots of people do this, and it's not a
bad idea), you have to be aware of the dual duty Google Groups does. People
set up Groups to manage communications, like Slack channels, but also to
manage authorizations ("can run this application").

It is a little bit crazy that the authorization construct in Google Groups has
an "allow the Internet to join" option. I don't think you'll find that
particular button anywhere in Okta or OneLogin.

~~~
jmathai
This stems from the origin of Google Groups as the OP mentioned. It’s
definitely not ideal but we are actively working on making groups more
suitable for the various enterprise/business scenarios they are being used
for.

(I’m a PM @ Google working on some of these efforts)

~~~
tracker1
I'd be happy if I could just setup an email distro list in google domains, or
in the G Suite admin, instead of having to setup groups... I swear it took me
half an hour to figure out why my dev@ list wasn't getting email from outside
the domain.

~~~
jmathai
Sounds like the issue might have been confusion with the UI. groups.google.com
has a lot of settings and it can be really confusing to know how to set up a
group that functions in a particular way (i.e. receive email from outside the
domain). G Suite admin has less settings but from what I've heard from
customers it doesn't expose enough of them so they end up having to go to
groups.google.com anyway.

I think some of the updates we're working on will help.

~~~
tracker1
That would be nice... I mean, no offense, but for my needs, I'd just assume
not use groups at all, and just have the option for a distribution list.

------
jmathai
I'm a PM at Google working on groups functionality for enterprise customers.
We're working on ways to make groups easier to manage and more secure.

Happy to answer questions related to this post or other gripes you may have
with Google Groups.

~~~
ocdtrekkie
I'm not sure how much this stumbles into the woes of Google accounts in
general, but it's really hard to deal with Groups if Gmail isn't your mail
address. When I left Gmail, I had to invent a new alias to get subscribed to a
group because it affiliated my main address with my Google account and so
wouldn't let me subscribe with it. But if I go to Groups and interact with it
there, it uses my Gmail address, which I don't think is changeable.

So I have inbox@mydomain which Google knows is affiliated with my Google
account, google@mydomain which had to be subscribed to the list for me to get
mail at my actual email address, and my Gmail address, which Groups uses when
I post from the web UI.

Help.

Sidebar: I don't say a ton of nice things about Google, but absolute kudos for
you just dropping in here and asking for feedback. Gold star, I'd really like
to see more of this.

~~~
jmathai
So you had a google account @yourdomain.com as a Google (and GMail?) account
but later left GMail? Did you delete your Google account or just disassociate
it with GMail?

I haven’t heard of this but I can see how it could happen depending on the
exact state of your @yourdomain.com Google account. Sounds messy though and
maybe we can sort it out.

~~~
ocdtrekkie
My email address at my own domain (now my primary address) is listed as a
secondary address on my Google/Gmail account, I believe. Last I checked
though, I wasn't able to have Groups send list emails to or from that address
though.

Using another alias at my domain was a method to bypass that, as it isn't
connected to the Google account at all. (But of course, it also means my real
email and my Gmail each get a copy of list emails.)

------
awakeasleep
Google's APIs make it easy to audit your groups, and if you don't want to
write your own program to do it you can use the GAM command line tool.
[https://github.com/jay0lee/GAM/wiki](https://github.com/jay0lee/GAM/wiki)

~~~
lvh
GAM is awesome for this. We've also had good luck with Google Apps Scripts.
The advantage is that it makes it marginally easier to set up credentials: it
does so behind the scenes so you never have creds with admin permissions hit
disk. The disadvantage is you're now editing an old-ish version of JavaScript
in a janky browser editor that saves to some weird bespoke JSON format. You
can also use clasp
([https://github.com/google/clasp](https://github.com/google/clasp)) to edit
these files from your favorite editor but now you own a Software Engineering
Project.

Here's roughly what that looks like to get all the mentioned info out:

    
    
        function getGroups(domain) {
           var groups = [], pageToken, page;
           do {
               page = AdminDirectory.Groups.list({
                   domain: domain,
                   maxResults: 100,
                   pageToken: pageToken
               });
        
               if (page.groups && page.groups.length > 0) {
                   groups = groups.concat(page.groups);
               }
               pageToken = page.nextPageToken;
        
           } while (pageToken);
           return groups;
        }
        
        function getGroupPerms(groups) {
         var perms = [];
         for (var i = 0; i < groups.length; i++) {
           perms.push(AdminGroupsSettings.Groups.get(groups[i].email));
         }
         return perms;
        }
    

Disclaimer: I'm the author of the linked blog post.

~~~
jmathai
Apps Script has a lot of potential when it comes to Groups (and other
resources a company has to manage). As you said, clasp is an alternative to
the web UI. What’s an ideal platform you’d like to see for easily executing
code on to work with groups (Apps Script, Cloud Functions, or other)?

~~~
lvh
I mean, I'm me, so I want to write Clojure. I haven't tried ClojureScript ->
clasp to see if I can use ClojureScript. Does Google Apps Script document
exactly what the runtime is? It looks like Rhino from some of the failure
modes, but I don't know the exact modern JS features it supports.

The huge benefit to GAS IMO is that creds never hit my disk.

------
lvh
I wrote this, underlying work is collaboration with the other Latacora folks,
happy to answer questions :)

~~~
defen
Out of curiosity, are the "example scenarios" things you've actually seen in
the wild?

~~~
lvh
I can't provide details re: where/when/who of course, but all of these are
functionally equivalent to things that have happened. Reality tends to be a
bit messier than these scenarios but not in a way that fundamentally changes
anything.

------
egggo
It requires JavaScript enabled to read text...

------
jakeogh
Google has an excellent track record closing services, but this one is an
outlier. No JS fallback, difficult to scrape, par google, par.

