Forum Discussion
RBAC role to allow you to see in Exchange admin portal messagetrace
I have fix the issue, now I can run in gui extended report, and see download.
Now when I click on download report, I get popup to select account. And then I can see working and nothing happens for 2 hours. So what is now correct role to successfully download report. Exist a list, a real list, with features.
I takes several hours before modifications are active, and I real don’t want to try and error for next few months to go through combinations…
Reason that I ask is, because specific role, should not have any global view of infrastructure : I remove commands like…Get-MigrationEndpoint, Get-PhishSimOverridePolicy, Get-ProtectionAlert, Get-ScopeEntities, New-IntraOrganizationConnector,etc…
Role that i create have the following modified groups :
Transport Rules- Copy
Public Folders- Copy
Mail Enabled Public Folders- Copy
Message Tracking- Copy
Audit Logs- Copy
PlacesBuildingManagement- Copy
PlacesDeskManagement- Copy
View-Only Recipients- Copy
Tday i get
Today I did another test.
When click on Download the report.
I have to authenticated
Then receive an error (cca 30sec) : Sorry! Access denied. You don't have permission to open this page. If you're a new user or were recently assigned credentials, please wait 15 minutes and try again.
Need to know, that i remove some cmled from upper copy roles.
For example : MessageTracking I removed :
| Add-AvailabilityAddressSpace |
| Get-AvailabilityAddressSpace |
| Get-ScopeAdmins |
| Get-ScopeEntities |
| New-IntraOrganizationConnector |
| New-OrganizationRelationship |
Remove-AvailabilityAddressSpace
|
| Set-AvailabilityConfig |
| Set-IntraOrganizationConnector |
| Set-OrganizationRelationship |
| Set-UnifiedAuditSetting |
| Start-AuditAssistant |
| Test-DatabaseEvent |