Search This Blog

Friday, October 23, 2009

RBAC - Role Based Access Control

Exchange 2010 usses role based access control to add administrative permissions to Exchange.
Role based access control means that permission can be set more granulary than in previous versions.
This means that add-ExchangeAdministrator will no longer work.
You still have a set of default roles which are created at the moment you install exchange 2010 (or extend the schema for Exchange 2010).
Get-rolegroup should give you the list of all groups which currently exist within your organization.
[PS] C:\Windows\system32>get-rolegroup list 'name'
Name : Organization Management
Name : Public Folder Management
Name : Recipient Management
Name : View-Only Organization Management
Name : UM Management
Name : Help Desk
Name : Records Management
Name : Discovery Management
Name : Server Management
Name : Delegated Setup
Name : Hygiene Management

Let say you want to add the user "Max" as exchange Full administrator.
You would following command:
"Add-rolegroupmember -role organization management -identity max"

You can create you own roles to provide specific permissions to your administrators.

No comments:

Post a Comment