Additional considerations

Stay organized with collections Save and categorize content based on your preferences.

This page lists additional considerations you must be aware of when using organization restrictions.

Multi-resource access

Google Cloud API requests might involve operations on multiple resources. Organization restrictions header service checks whether all resources that are part of the request are in the list of authorized organizations. If any resource is not part of the list of authorized organizations, the request is denied.

Allow download for Vault users

Google Vault is an information governance and eDiscovery tool for Google Workspace. Vault admininstrators access Google Workspace user data stored in Google-owned Cloud Storage buckets.

By default, the organization restrictions feature restricts Vault admininstrators from downloading an exported Google Workspace user data from a Google-owned Cloud Storage bucket. To allow requests that orginate from the Vault admininstrators, ensure that the following organization ID is added to the organization restrictions header along with the other required organization IDs:


We recommend to add this ID of the organization, which stores Vault data, only in headers for requests from Vault admininstrators.

What's next