Exchange (2010-2013) RBAC how-to – 2 useful links

  • Article

 

This post is just to outline 2 very useful articles to understand and use RBAC role model…

 

1- Daily operations and getting RBAC info (finding admin rights for a user, finding parameters, etc…) from our excellent and beloved Rhoderick Milne such ase

  • in which RBAC role is a specific cmdlet (example, which RBAC role enable an admin to set mailbox parameters and information with Set-Mailbox, which RBAC role enable an admin to export a mailbox to a PST, etc…)
  • in which RBAC role is a specific parameter (example, we’re looking which RBAC role enable an admin to set encryption on servers using the –EncryptionRequired parameter – which belongs to the Set-RPCClientAccess commandlet)
  • finding who is a member of a role group
  • getting what someone can do
  • show users that are grandet permissions provided by a specific role
  • what someone can do to a specific object
  • etc….

Exchange RBAC Tips N Tricks - PowerShell

https://blogs.technet.com/b/rmilne/archive/2014/02/18/exchange-rbac-tips-n-tricks-_2d00_-powershell.aspx

 

2- Basics about RBAC – attempt to simply explain what RBAC is (valid for E2010 and E2013 – just have additional role groups or management roles for E2013)

Securing MS Exchange 2010: Role Based Access Control (RBAC) Simplified

https://blogs.technet.com/b/mspfe/archive/2010/11/23/securing_2d00_ms_2d00_exchange_2d00_2010_2d00_role_2d00_based_2d00_access_2d00_control_2d00_rbac_2d00_simplified.aspx