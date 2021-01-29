Google has announced the general availability of membership visibility and membership hierarchy APIs, making it easier for Workspace customers to identify, audit, and understand indirect group membership. Up until now, the APIs were available as an open beta.

"Using nested groups to manage access to content and resources can help decrease duplication, simplify administration, and centralize access management. However, nested groups can create a complex hierarchy that can make it hard to understand who ultimately has access and why," Google wrote in a blog post.

The indirect membership visibility and membership hierarchy APIs are part of the Cloud Identity Groups API, an API for provisioning and managing identity resources, and help provide all of the information users need to create visualization of complex group structures and hierarchies as well as to make decisions about who to add to or remove from groups.

Indirect memberships, also known as transitive memberships, come from nested groups wherein groups are members of other groups. As a result, users in the sub-group are members of both groups.

The features are rolling out to both Rapid Release and Scheduled release domains and will be available to Google Workspace Enterprise Standard and Enterprise Plus, as well as G Suite Enterprise for Education and Cloud Identity Premium customers. Notably, the APIs will not be available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, and Enterprise Essentials, as well as G Suite Basic, Business, Education, and Nonprofits customers.