Posted by Rishi Dhand, Product Manager, Google Apps Admin SDK and Wesley Chun, Developer Advocate, Google Apps
In a Google Apps domain, Admin role management (i.e. create, assign, and update admin roles) is a critical function for super admins that helps them distribute admin responsibilities in a more secure manner. Until now, this functionality was only available via the Admin console UI.
Today’s launch of the Roles API (one of the Admin SDK Directory APIs) enables developers to build admin tools that can perform role management programmatically.
This new API will be useful to admins who have either built internal admin tools using the Admin SDK, or developers of third-party admin tools. Both can now use the Roles API to provide selective access to Delegated Admins (DAs) to specific admin capabilities within third-party applications.
Here are some examples of use cases where the Roles API can be leveraged:
- A third-party user management app that relies on the Admin SDK to perform various user related operations can now use the Roles API to selectively show the capabilities of User management DAs, such as creating/deleting users or resetting passwords.
- A mobile device management (MDM) app developer looking to build a tool for access by Mobile Management DAs can use the Roles API to determine the privileges of the logged-in DA and selectively display MDM related admin functionality.
- Admins (or admin tools) can now programmatically create reports on admin role assignments which can help super admins better manage access to DAs.