E2K10 – RABC: Jane the Administrator


Need to implement a role group which only can provision the mailboxes to a set of Mailbox Databases

  1. To create a SG-DatabasesScope custom management scope, which matches only the databases located in SG

    New-ManagementScope -Name “SG-DatabasesScope” -DatabaseList DBSG01,DBSG02,DBSG03 

  2. To create a role group with the SG Databases custom management scope, and assigned all of the same management roles that are also assigned to the Recipient Management built-in role group. This gives users added to the SG Recipient Management SG custom role group the same permissions as those users added to the Recipient Management role group

$RoleGroup = Get-RoleGroup “Recipient Management”

New-RoleGroup “Recipient Management SG” -Roles $RoleGroup.Roles -CustomConfigWriteScope SG-DatabasesScope

3. Add “SG User Operators” UG into this role group

Reference

Jane the Administrator http://technet.microsoft.com/en-us/library/dd298183.aspx

Database & Server Scoping Scenarios – RBAC Exchange 2010 http://charlesgate86.wordpress.com/2011/08/30/database-server-scoping-scenarios-rbac-exchange-2010/

Exchange 2010 RBAC: Limit management for VIP users http://penetrateit.wordpress.com/2011/04/01/exchange-2010-rbac-limit-management-of-vip-users-2/

[Jonson] good example

Exchange 2010 – Role Based Access Control http://muc-ug.org.in/index.php/articles/exchange-2010/115-exchange-2010-role-based-access-control.html

[Jonson] another example

Permissions and Role Based Access Control (RBAC) http://www.petri.co.il/role-based-access-control-exchange-2010.htm

Exchange Server 2010 Role Based Access Control http://www.windowsitpro.com/project-plans/exchangeserver2010/detail-working/catpath/database-administration/topic/exchange-2010-role-based-access-control-129219/page/3

Securing MS Exchange 2010: Role Based Access Control (RBAC) Simplified http://www.opsvault.com/securing-ms-exchange-2010-role-based-access-control-rbac-simplified/

Advertisements
This entry was posted in Exchange 2010. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s