不允许从全局管理员内置角色中删除自身

问：

问：如何删除“安全管理员”角色？

我正在使用 Java API 来分配“安全管理员”。

java 代码如下所示。

  final DirectoryObject dirObjectCreated = Objects.requireNonNull(graphClient
                            .directoryRoles(ROLE_TEMPLATE_ID + "=" + SECURITY_ADMIN_TEMPLATE_ID)
                            .members()
                            .references())
                    .buildRequest()
                    .post(directoryObject);
 

这工作正常。

当我尝试删除此“安全管理员”时，我收到错误

Removing self from Global Administrator built-in role is not allowed.

我正在尝试遵循 URL

方法：DELETE

网址： https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments/y-RKG-FULL-ID

似乎不允许删除该角色。我查看了此链接中的示例 11 https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-assign-graph

示例 11 中的此链接说

We prevent users from deleting their own Global Administrator role to avoid a scenario where a tenant has zero Global Administrators. Removing other roles assigned to self is allowed.

我的令牌具有以下角色

"roles": [
    "Mail.ReadWrite",
    "Domain.ReadWrite.All",
    "Group.Read.All",
    "Directory.Read.All",
    "User.Read.All",
    "Domain.Read.All",
    "RoleManagement.ReadWrite.Directory",
    "Application.Read.All"
  ]