Remove a customer user from a role

How to remove a user from a directory role within a customer account.

Prerequisites

  • Credentials as described in Partner Center authentication. This scenario supports authentication with App+User credentials only.

  • A customer ID (customer-tenant-id). If you don't know the customer's ID, you can look it up in Partner Center by selecting the Customers workspace, then the customer from the customer list, then Account. On the customer's Account page, look for the Microsoft ID in the Customer Account Info section. The Microsoft ID is the same as the customer ID (customer-tenant-id).

GDAP roles

You'll need the following GDAP role:

  • Privileged Role Administrator

C#

To remove a user from a directory role, select the customer with the user to modify with a call to the IAggregatePartner.Customers.ById method, From there, specify the role using the DirectoryRoles.ById method with the directory role ID. Then, access the UserMembers.ById method to identify the user to remove, and the Delete method to remove the user from the role.

// IAggregatePartner partnerOperations;
// string selectedCustomerId;
// string selectedRoleId;
// string selectedUserMemberId;

partnerOperations.Customers.ById(selectedCustomerId).DirectoryRoles.ById(selectedRoleId).UserMembers.ById(selectedUserMemberId).Delete();

Sample: Console test app. Project: Partner Center SDK Samples Class: RemoveCustomerUserMemberFromDirectoryRole.cs

REST request

Request syntax

Method Request URI
DELETE {baseURL}/v1/customers/{customer-tenant-id}/directoryroles/{role-ID}/usermembers/{user-ID} HTTP/1.1

URI parameter

Use the following URI parameters to identify the correct customer, role, and user.

Name Type Required Description
customer-tenant-id guid Y The value is a GUID formatted customer-tenant-id that identifies the customer.
role-id guid Y The value is a GUID formatted role-id that identifies the role.
user-id guid Y The value is a GUID formatted user-id that identifies a single user account.

Request headers

For more information, see Partner Center REST headers.

Request body

None.

Request example

DELETE https://api.partnercenter.microsoft.com/v1/customers/4d3cf487-70f4-4e1e-9ff1-b2bfce8d9f04%20/directoryroles/729827e3-9c14-49f7-bb1b-9608f156bbb8/usermembers/4d3cf487-70f4-4e1e-9ff1-b2bfce8d9f04%20 HTTP/1.1
Authorization: Bearer <token>
Accept: application/json
MS-RequestId: 0a00ec08-6273-46bb-ab6f-14a13959b381
MS-CorrelationId: aaaa0000-bb11-2222-33cc-444444dddddd
X-Locale: en-US
Host: api.partnercenter.microsoft.com
Content-Length: 0
Connection: Keep-Alive

REST response

If the user is removed from the role successfully, the response body is empty.

Response success and error codes

Each response comes with an HTTP status code that indicates success or failure and additional debugging information. Use a network trace tool to read this code, error type, and additional parameters. For the full list, see Partner Center REST error codes.

Response example

HTTP/1.1 204 No Content
Content-Length: 0
MS-CorrelationId: bbbb1111-cc22-3333-44dd-555555eeeeee
MS-RequestId: e784d7aa-8c8d-45ee-8f97-9e09823d7338
MS-CV: es01VX8do0u2aTXw.0
MS-ServerId: 101112616
Date: Tue, 20 Dec 2016 23:16:35 GMT