In a Google Apps domain, admin role management (i.e. create, assign, and update admin roles) is a critical function for super admins that helps them distribute admin responsibilities in a more secure manner. Until now, this functionality was only available via the Admin console UI.

This is what Role management looks like in the Admin console, but now you can also do this programmatically with the Roles API.

Today’s launch of the Roles API (one of the Admin SDK Directory APIs) enables developers to build admin tools that can perform role management programmatically.

This new API will be useful to admins who have built internal admin tools using the Admin SDK and to developers of third-party admin tools. Both can now use the Roles API to provide selective access to Delegated Admins (DAs) to specific admin capabilities within third-party applications.

Here are some examples of use cases where the Roles API can be leveraged:

  • A third-party user management app that relies on the Admin SDK to perform various user-related operations can now use the Roles API to selectively show the capabilities of user management DAs, such as creating/deleting users and resetting passwords.
  • A mobile device management (MDM) app developer looking to build a tool for access by Mobile Management DAs can use the Roles API to determine the privileges of the logged-in DA and selectively display MDM-related admin functionality.
  • Admins (or admin tools) can now programmatically create reports on admin role assignments which can help super admins better manage access to DAs.

For more information and to get started, please check out the Roles API documentation. Google looks forward to helping more admins manage their domains in a more programmatic way so they can focus on more critical aspects of managing their corporate IT infrastructure.