James Herbert's Library tagged rbac → View Popular, Search in Google

Mar

2011

Exchange 2010 Role Based Access Control (Part 3)

"There is also another piece of the puzzle to look at, namely management role entries, which we will be doing here in part three. Once we understand what management role entries are, we shall then see what membership of the Discovery Management role group means for a user that needs to perform a mailbox search."

www.msexchange.org/...ased-access-control-part3.html

- Preview

exchange2010 microsoft exchange features role groups 2010 user rbac accessbased useraccesscontrol permissions

in list: Ex2010 Role Based Access Control

Exchange 2010 Role Based Access Control (Part 2)

"Within this article series, we shall concentrate on just a single management role group, namely the Discovery Management role group. As its name implies, assigning a user to this group gives them the ability to be able to perform searches across all employees’ mailboxes for legal reasons. By concentrating on just a single management role group, we will be able to see how the various RBAC components work together to give members of this management role group the ability to perform mailbox searches"

www.msexchange.org/...ased-access-control-part2.html

- Preview

exchange2010 microsoft exchange features role groups 2010 user rbac accessbased useraccesscontrol permissions

in list: Ex2010 Role Based Access Control

Exchange 2010 Role Based Access Control (Part 1)

"The permissions model that Exchange 2010 uses is called Role Based Access Control (RBAC). The key element to RBAC is that it allows fine-grained adjustment so that you can easily control the level of permissions assigned to your users and administrators. For example, if you have help-desk staff that need to manage mailbox quotas, then RBAC allows this."

www.msexchange.org/...ased-access-control-part1.html

- Preview

exchange2010 microsoft exchange user role rbac accessbased useraccesscontrol permissions 2010

in list: Ex2010 Role Based Access Control

- Delegated Setup - This management role group gives members the ability to run the Exchange 2010 setup program and therefore deploy, but not administer, a new Exchange 2010 server. Deployment can only be performed on servers that have already been provisioned by an administrator with additional permissions.
- Discovery Management - A member of the Discovery Management role group has the ability to perform searches of all mailboxes within the Exchange organization as well as implement the Legal Hold feature of Exchange 2010. We shall be looking at this management role group in detail later in this article series.
- Help Desk - The Help Desk management role group gives members permissions that are typically required by members of a help desk, such as modifying users’ details such as their address and phone number.
- Hygiene Management - This management role group is used to provide permissions associated with managing and configuring both the antivirus and anti-spam elements found in Exchange 2010.
- Organization Management - The Organization Management role group is synonymous with the Exchange Full Administrator role in Exchange 2003 and the Exchange Organization Administrators role in Exchange 2007. Essentially, membership of this management role group gives the user the ability to perform pretty much any task in Exchange 2010, with the main missing task being the ability to perform mailbox searches; that itself is achieved via the Discovery Management role group.
- Public Folder Management - This management role group naturally gives members the ability to manage the public folder environment.
- Recipient Management - A member of this management role group can create and modify Exchange recipients.
- Records Management - The Records Management role group gives the ability for members to control and configure the compliance features of Exchange 2010. Examples of such features include transport rules configured on a Hub Transport server as well as message classifications in Outlook.
- Server Management - This management role group gives the ability to manage all Exchange servers within the organization. Permissions granted as membership of this management role group therefore work at the server configuration level found in the Exchange Management Console and do not work at, say, the organization level found in the Exchange Management Console.
- UM Management - As its name suggests, membership of this management role group grants permissions to manage all aspects of the Unified Messaging environment.
- View-Only Organization Management - This management role group allows members to view the configuration of any element found within the Exchange organization.