The API Access section covers OAuth apps. Essentially you:
1. Mark Google services you consider critical as "restricted" (ex: Drive, gmail)
2. On Gmail and Drive, you can then allow apps that use lower levels of permissions, but not those who need "dangerous access"
3. Then on a per app basis you can mark apps as "trusted" which lets them access "restricted" Google services.
It is not super granular in the sense that you can't easily say - Calendar2000 can be used by my sales team, and should have access only to the invites date and time but not attendees, body or attachment, but it is better than nothing!
1. Mark Google services you consider critical as "restricted" (ex: Drive, gmail) 2. On Gmail and Drive, you can then allow apps that use lower levels of permissions, but not those who need "dangerous access" 3. Then on a per app basis you can mark apps as "trusted" which lets them access "restricted" Google services.
It is not super granular in the sense that you can't easily say - Calendar2000 can be used by my sales team, and should have access only to the invites date and time but not attendees, body or attachment, but it is better than nothing!