Maintaining People’s Roles in the Directory Account

 In Integrations, Security & Privacy

RolesAn important adjustment has been made to the access rights that the Directory Administrator role provides. In the past, this role made it possible to grant and revoke all roles of the directory account and all of its support domain accounts for all person records stored in the directory account. Now the Directory Administrator role can also do this for roles that have been made available to any of the directory account’s support domains by 4me accounts of external organizations by means of 4me’s unique Account Trust functionality.

The big advantage is that a directory administrator can now revoke all roles that were given to a person who is registered in the directory account. That makes things a little easier when someone leaves the organization.

And to make it possible to automate this, 4me’s REST API for people’s permissions has been extended with the ability to revoke all roles of all accounts from a specific person record. The API call below is an example that removes all roles from a person record with the ID 521:

curl -u “howard.tanner@widget.com:4me” -X DELETE “https://api.4me.com/people/521/permissions”

Azure Active Directory ConnectAPI