[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-18。"],[[["\u003cp\u003eThis document lists the supported user fields from the Admin SDK's \u003ccode\u003eUser\u003c/code\u003e resource that can be used in dynamic group membership queries, which are available to certain Google Workspace and Cloud Identity accounts.\u003c/p\u003e\n"],["\u003cp\u003eCustom user fields are supported in queries, provided that the schema already exists within \u003ccode\u003euser.custom_schemas\u003c/code\u003e, as detailed in the linked documentation.\u003c/p\u003e\n"],["\u003cp\u003eThe document specifies which fields can be used and the sub-fields each one has, with the inclusion of \u003ccode\u003eboolean\u003c/code\u003e types and when a field has a \u003ccode\u003eprimary\u003c/code\u003e value that can only be evaluated as true.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003etype\u003c/code\u003e attributes used in the user fields table are matched to enum values rather than string representations, and a table is provided mapping the string values to their corresponding enum values.\u003c/p\u003e\n"],["\u003cp\u003eMembership queries can also be performed using the \u003ccode\u003eorgUnitId\u003c/code\u003e field to include users directly or indirectly within a specified organizational unit, and the document also includes sample queries on how to retrieve users by their org unit, or managers.\u003c/p\u003e\n"]]],[],null,["# Valid user fields for dynamic group queries\n===========================================\n\nThis page outlines supported fields and features of CEL that can be\nused in a membership query.\n| **Note:** Dynamic groups are only available to Google Workspace Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud Identity premium accounts.\n\nUser fields\n-----------\n\nThe following fields from the Admin SDK's\n[`User`](https://developers.google.com/admin-sdk/directory/reference/rest/v1/users)\nresource can be used in membership queries.\n| **Note:** Custom user fields are also supported as long as the schema already exists in `user.custom_schemas`. See [Manage custom user fields](https://developers.google.com/admin-sdk/directory/v1/guides/manage-schemas) for more information about creating a custom schema.\n\n| **Note:** When a field has a `primary` value, that value can only be evaluated as a true expression. For example: \n| `user.addresses.exists(addr, addr.primary == true)\"`\n\n### Type attributes\n\nThe `type` attributes from the previous table are matched using enum values\ninstead of their string representations. The following list documents each\ntype's string representation to the corresponding enum value.\n\nOrganizational unit fields\n--------------------------\n\nYou can also query memberships using the `orgUnitId` field to include all\nusers who are part of that organizational unit, directly or indirectly. For more\ninformation about retrieving the `orgUnitId` value, see the\n[Admin SDK reference documentation](https://developers.google.com/admin-sdk/directory/reference/rest/v1/orgunits).\n\n### Sample queries\n\n- All direct users under a given organizational unit:\n\n user.org_unit_id==orgUnitId('03ph8a2z1enx4lx')\n\n- All direct and indirect users under a given organizational unit:\n\n user.org_units.exists(org_unit, org_unit.org_unit_id==orgUnitId('03ph8a2z1khexns'))\n\nOther query types\n-----------------\n\n- All users managed by a specific individual:\n\n user.managers.exists(manager, manager.user_id == userId('\u003cvar translate=\"no\"\u003eMANAGER_ID\u003c/var\u003e'))\n\n Replace \u003cvar translate=\"no\"\u003eMANAGER_ID\u003c/var\u003e with the manager's unique\n user ID. You can retrieve this ID with the\n [AdminSDK Directory API](https://developers.google.com/admin-sdk/directory/reference/rest/v1/users/get)\n using the manager's email address as `userKey`."]]
