不允许从全局管理员内置角色中删除自己

问题描述 投票:0回答:1

问题:如何删除“安全管理员”角色?

我正在使用 Java API 来分配“安全管理员”。

java代码如下所示。

  final DirectoryObject dirObjectCreated = Objects.requireNonNull(graphClient
                            .directoryRoles(ROLE_TEMPLATE_ID + "=" + SECURITY_ADMIN_TEMPLATE_ID)
                            .members()
                            .references())
                    .buildRequest()
                    .post(directoryObject);

这个效果很好。

当我尝试删除此“安全管理员”时,我收到错误

Removing self from Global Administrator built-in role is not allowed.

我尝试以下网址

方法:删除

URL:https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments/y-RKG-FULL-ID

好像不允许删除角色。我在此链接中查看了示例 11 https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-assign-graph

示例 11 中的链接表示

We prevent users from deleting their own Global Administrator role to avoid a scenario where a tenant has zero Global Administrators. Removing other roles assigned to self is allowed.

我的代币有以下作用

"roles": [
    "Mail.ReadWrite",
    "Domain.ReadWrite.All",
    "Group.Read.All",
    "Directory.Read.All",
    "User.Read.All",
    "Domain.Read.All",
    "RoleManagement.ReadWrite.Directory",
    "Application.Read.All"
  ]
microsoft-graph-api office365
1个回答
0
投票

我相信你所做的一切都是正确的,但在我看来这就像一个错误。我可以重现这个问题。如果您很紧急,我建议您开一张支持票。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.