Scopes

All RBAC roles have a scope that tells Exchange what objects they can access and update. You can refine a scope considerably so that a role is scoped on just the objects in an OU, a group of specific users, or everything in the Exchange configuration container. You can also create scopes that restrict users to managing a server or group of servers. Exchange 2010 SP1 adds a new scope to allow you to control access to specific databases. See the section RBAC enhancements in SP1 later in this chapter for more information.

In this example, we look at the scope of the Move Mailboxes role, which is required by anyone who wants to move a mailbox between databases:

Get-ManagementRole 'Move Mailboxes' | Format-List *Scope* ImplicitRecipientReadScope ...

Get Microsoft® Exchange Server 2010 Inside Out now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® Exchange Server 2010 Inside Out by Tony Redmond

Scopes

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly