Forum Discussion
RBAC role to allow you to see in Exchange admin portal messagetrace
Message Tracking has nothing to do with Message trace actually, won't help you here. To find out which roles you can use for any specific cmdlet, use this:
Get-ManagementRole -Cmdlet Get-MessageTrace
In this case, View-Only Recipients is indeed a match, so it should do.
I have fix the issue, now I can run in gui extended report, and see download.
Now when I click on download report, I get popup to select account. And then I can see working and nothing happens for 2 hours. So what is now correct role to successfully download report. Exist a list, a real list, with features.
I takes several hours before modifications are active, and I real don’t want to try and error for next few months to go through combinations…
Reason that I ask is, because specific role, should not have any global view of infrastructure : I remove commands like…Get-MigrationEndpoint, Get-PhishSimOverridePolicy, Get-ProtectionAlert, Get-ScopeEntities, New-IntraOrganizationConnector,etc…
Role that i create have the following modified groups :
Transport Rules- Copy
Public Folders- Copy
Mail Enabled Public Folders- Copy
Message Tracking- Copy
Audit Logs- Copy
PlacesBuildingManagement- Copy
PlacesDeskManagement- Copy
View-Only Recipients- Copy
Tday i get
Today I did another test.
When click on Download the report.
I have to authenticated
Then receive an error (cca 30sec) : Sorry! Access denied. You don't have permission to open this page. If you're a new user or were recently assigned credentials, please wait 15 minutes and try again.
Need to know, that i remove some cmled from upper copy roles.
For example : MessageTracking I removed :
Add-AvailabilityAddressSpace Get-AvailabilityAddressSpace Get-ScopeAdmins Get-ScopeEntities New-IntraOrganizationConnector New-OrganizationRelationship Remove-AvailabilityAddressSpace
Set-AvailabilityConfig Set-IntraOrganizationConnector Set-OrganizationRelationship Set-UnifiedAuditSetting Start-AuditAssistant Test-DatabaseEvent