RBAC basics

RBAC in Exchange is often described in the form of a triangle (Figure 4-1) to show how roles, role groups, scopes, and assignments fit together.

A diagram showing the major parts of role-based access control as implemented in Exchange 2013: a management role (what can be done), a role group (a group of roles designed to contain sufficient functionality to accomplish some task), scope (what objects can be affected), and the role assignment, which ties everything together by linking the other components to users.

Figure 4-1. The RBAC triangle

These are the major elements of RBAC as implemented in Exchange:

  • Management role. A collection of role entries that define the set of cmdlets and parameters a user can run. For example, the Mailbox Import Export role permits users to import or export mailbox data to and from PSTs.

  • Management role group. A container for a group of management role entries that collectively enable a user to function in a role such as recipient management. Exchange includes a default set ...

Get Microsoft Exchange Server 2013: Mailbox and High Availability now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial