Documentation
Start typing to search…

Delete Role Assignment

Definition

The Delete Role Assignment action allows administrators to remove a specific role assignment from a user or service account within a Google Directory. By providing the Role Assignment ID, this action deletes the association of a role to a particular user, group, or service account. This is useful for managing role assignments, ensuring that users no longer retain permissions or access they no longer need. The key capabilities of this action include:

  • Deleting specific role assignments: Removes a role from a user or service account.
  • Efficient role management: Helps administrators maintain the integrity of role-based access control (RBAC) by removing outdated or incorrect role assignments.
  • Customizable input: You can target role assignments for specific customers by providing the Customer ID and the Role Assignment ID.

Example Use Cases

1. Revoking User Permissions

When a user leaves the company or no longer requires certain access, the administrator can remove their assigned roles, effectively revoking any permissions that were granted by the role.

2. Role Cleanup After Reorganization

After an organizational restructure or employee role change, administrators can use this action to delete previous role assignments from users who no longer belong to certain organizational units or groups.

3. Security and Compliance

To maintain security and compliance, administrators can remove roles that grant access to sensitive data, ensuring that only authorized users have access to specific resources.

4. Deleting Temporary Role Assignments

In cases where roles are temporarily assigned to users (e.g., during a project), administrators can delete these assignments once the project is completed to reduce unnecessary access rights.

5. Auditing Role Access

Administrators can periodically review and remove unnecessary role assignments to ensure the principle of least privilege is followed, maintaining minimal access rights for each user.


Inputs

1. Connection

This field is used to establish a connection to your Google Admin account. It provides the necessary credentials for the action to access your Google Directory and perform the task of deleting a role assignment.

2. Customer Id

The unique identifier of your customer account in the Google Admin Console. This ID is used to scope the operation to your specific customer account. You can either manually enter this ID or use the alias my_customer to represent your current account. If you're working with a multi-domain setup, use this field to specify the correct customer account for the action.

Finding Customer Id:

  • Sign in to your Google Admin console using an administrator account.
  • Go to the “Account settings” page.
  • Under "Profile," you will find your Customer ID.

3. Role Assignment Id

This is the unique identifier of the role assignment you wish to delete. The Role Assignment ID links a specific user, group, or service account to a particular role within your organization. You can retrieve this ID from the Admin Console.

Finding Role Assignment Id:

  • Sign in to your Google Admin console and navigate to the “Admin roles” page.
  • Select the role that you want to remove and click on the role name.
  • The Role Assignment ID will be available in the Role Details page, where it is displayed for your reference.

Example of Using

Scenario:
Imagine you are an admin for a Google Workspace organization, and you’ve assigned a specific role to a user, but after some time, the user no longer requires the permissions associated with that role. To maintain security and ensure the correct roles are assigned, you need to remove this role assignment.

Steps to Set It Up:

  1. Step 1: Connect to Your Google Admin Account

    • Ensure you have a valid connection to your Google Admin account by providing the necessary credentials in the Connection field.

  2. Step 2: Identify Your Customer ID

    • If you manage a single domain, you can use the Customer Id from your Google Admin Console. If you are unsure about the ID, follow the steps provided earlier to locate it.
    • Alternatively, you can use the my_customer alias for simplicity.

  3. Step 3: Find the Role Assignment ID

    • Navigate to the “Admin Roles” section in your Google Admin Console.
    • Locate the role assignment you want to remove, click on the role, and copy the Role Assignment Id. This ID is essential for targeting the correct role assignment.

  4. Step 4: Execute the Action

    • Once the Customer Id and Role Assignment Id are set, execute the "Delete Role Assignment" action. This will remove the specific role assignment from the user or service account that you identified.

  5. Step 5: Confirm the Role Assignment Deletion

    • After executing the action, check the "Role Assignments" list in your Google Admin Console to ensure that the role assignment has been successfully deleted.

This action helps in managing role assignments efficiently, especially when you have many users or roles and need to ensure that permissions are up-to-date and in line with your organization’s needs.

Updated 8 days ago