you can use the GET method to recover all the devices of a specific group or all those associated to the user with which you have authenticated and read. The level of access is therefore that of the user and not for the company. Translated, this means that you can create some code that, after asking the operator to log in via OAuth on TeamViewer, read his contact list and execute the cancellation according to your rules.
One of the least-minded sections of the TeamViewer API manual is the one dedicated to the permissions required to run each REST command. When you encounter the User permission level, it is implied that the operation can be performed only by the user (with script token or app token), and is substantially limited to its scope of validity (the groups to which it has access and all that is connected to the its single authentication).
It is not an operation that the company administrator can perform via API for all accounts. Keep in mind that a single device may be present in the contact list of your company's users with different aliases.