Forum Discussion
RBAC Building role - command without parameters
I need to create an RBAC role for a user group to perform specific tasks, ensuring all required parameters are included in their PowerShell commands.
For Explanation :
Set-Mailbox with all options
When I’m building role, and adding only Set-Mailbox, will this allow the user to use all parameters like : -Identity, -Alias, -ForwardingAddress
Or i need to define all of them… : -AcceptMessagesOnlyFrom -AcceptMessagesOnlyFromDLMembers -AcceptMessagesOnlyFromSendersOrMembers -DeliverToMailboxAndForward -DisplayName -ExternalOofOptions -ForwardingAddress -ForwardingSmtpAddress -GrantSendOnBehalfTo -Id…..
2 Replies
Not sure I understand the question. If you want the user to have access to all parameters included in the definition of a given cmdlet, this is the default behavior and you don't need to make any adjustments. Just make sure you are adding the "correct" cmdlet, as the available parameters can differ between "versions of the cmdlet in different roles.
If you only want to enable specific parameters, then you have to make adjustments, for example:
Set-ManagementRoleEntry "Your_role_name\Set-Mailbox" -Parameters Name,Alias,blabla
I have created custom role :
New-RoleGroup -Name "Exchange Service Admin V1" -Description "blablabal" -Roles "AuditLogs - Clone","PublicFolders - Clone","MailEnabledPublicFolders - Clone","ViewOnlyRecipients - Clone","TransportRules - Clone","PlacesBuildingManagement - Clone","TenantPlacesManagement - Clone","MessageTracking - Clone"
I have successfully run command Set-mailbox mailto:user@domain.somthin -IssueWarningQuota 20GB -ProhibitSendQuota 30GB
Set-mailbox is available in :
"AuditLogs - Clone"
"PublicFolders - Clone"
"AuditLogs - Clone" Has the following parameters :
AuditAdmin
AuditDelegate
AuditEnabled
AuditLogAgeLimit
AuditOwner
DefaultAuditSet
Force
Identity
"PublicFolders - Clone" Has the following parameters :
DefaultPublicFolderMailbox
Identity
IsExcludedFromServingHierarchy
PublicFolder
