Forum Discussion
Delegate role for release quarantine email only
Hi Community,
I am looking for any role or any way to customize the role for manage/release email in EAC quarantine. For our service desk, I only intend to let them release the quarantine email only in EAC or Security & Compliance Center, rather than give them higher privileged to be able to do other stuff like tracing the emails.
The similar role I could find in EAC is “Transport Hygiene” role. But that role will have access to the anti-spam and anti-malware polices. Any way we can restrict the permission further? Thanks.
Regards,
Yang
- DeepakRandhawaIron ContributorI did this and it worked:-
New-ManagementRole -Parent "Transport Hygiene" -Name "Custom Role for Helpdesk - Manage Quarantine"
$RoleEntry=Get-ManagementRoleEntry "Custom Role for Helpdesk - Manage Quarantine\*" | Where {!($_.Name -match "Quarantine")}
$RoleEntry|%{$n=$_.name;$name="Custom Role for Helpdesk - Manage Quarantine\$n";$name;Remove-ManagementRoleEntry -Identity $name -Confirm:$0}
Now add the "Custom Role for Helpdesk - Manage Quarantine" role entry to the role group using UI.
If you are creating a new role group remember to add "View-Only Organization Management"- YU YangCopper Contributor
Thanks for your quick reply. Your information is really helpful.
But I found that I still can trace the emails if I add my role to View-Only Organization Management. I tried to use the similar PS you provided to restrict the role entries further, but with no luck.
- DeepakRandhawaIron Contributor
View-Only Organization Management was required to access ECP portal only. You can remove it now and still be able to access ECP and then only option available in mailflow will be Accepted Domains.