Forum Discussion
Security Operator, but can add to TABL
I currently have the Entra ID Security Operator PIM role activated, and I am able to add email addresses to the TABL, as well as managing Anti-Spam and Anti-Phishing policies. In the past, I've needed to be a Security Administrator to do this. Has something changed? If not, could this be an unintended consequence of me activating the MDO workloads for Unified RBAC?
According to the documentation you need to be a member in one of these role groups:
Exchange Online permissions:
1. Organization Management or Security Administrator2. Security Operator (Tenant AllowBlockList Manager)
Entra ID permissions:
Global Admin, Security Admin, Global Reader, Security Reader
Allow or block email using the Tenant Allow/Block List | Microsoft Learn
My impression here is that because of the unified RBAC model this role had to be modified to work.
Hope this helps.
G.
According to the documentation you need to be a member in one of these role groups:
Exchange Online permissions:
1. Organization Management or Security Administrator2. Security Operator (Tenant AllowBlockList Manager)
Entra ID permissions:
Global Admin, Security Admin, Global Reader, Security Reader
Allow or block email using the Tenant Allow/Block List | Microsoft Learn
My impression here is that because of the unified RBAC model this role had to be modified to work.
Hope this helps.
G.
- Hi Gregory,
Thanks very much. I think that you are right and that the role was modified. It's strange that a Global Reader would be able to add items to the TABL, and I need to test this. As for Security Operator, I'm using the Entra ID role, but not the Exchange Online role.
I appreciate the help!- Glad to help! Could ask a favor? If you feel this is the best answer, can you mark it as best answer?
