Forum Discussion
Office 365 Groups
Hey Guys, Simple question, is there a way to make it so a user who has Service Administrator permissions in Office 365 and (Recipients Role, Distribution Groups Role) in Exchange Online RBAC can modify group membership for Office 365 Groups?
Here is the error the user is getting when trying to modify an Office 365 Group:
Is there anyway to allow a user to modify group membership for Office 365 groups without granting user management role?
Thanks,
Robert
The problem is Groups are not Exchange objects, they are AAD objects. While you can certainly govern some settings via the ExO cmdlets, AAD remains the source of authority, thus the portal requires you to have the necessary permissions to run the corresponding AAD cmdlets/API calls.
That said, if you are OK with using the EAC or PowerShell, you can certainly use an Exchange admin (or non-admin with the relevant permissions) to manage them. All you need is to have the Mail Recipients role assigned.
14 Replies
- Well, according to the error you are getting, you need to be at least EXO Administrator + User Administrator so I guess that User Role is not enough
- Right. If i add the user administrator role it works as expected. I just need to know if there is a way to make it so a non-admin (who has all the exchange role group permissions) can edit Office 365 Group membership.
The problem is Groups are not Exchange objects, they are AAD objects. While you can certainly govern some settings via the ExO cmdlets, AAD remains the source of authority, thus the portal requires you to have the necessary permissions to run the corresponding AAD cmdlets/API calls.
That said, if you are OK with using the EAC or PowerShell, you can certainly use an Exchange admin (or non-admin with the relevant permissions) to manage them. All you need is to have the Mail Recipients role assigned.
