Forum Discussion
Solved
Creating a Custom RBAC Role for exchange
New-ManagementRole -Parent "View-Only Organization Management" -Name "Custom - ViewOnly Recipients"
Get-ManagementRoleEntry "Custom - ViewOnly Recipients\*" | Where {$_.Name -notlike "*Get-"} | Remove-ManagementRoleEntry
$name = "ServiceDesk Management"
$roles = "Custom - ViewOnly Recipients"
$Description = "Members of this management role group have rights to view Exchange recipient objects in the organization"
New-RoleGroup -Name $name -Roles $roles -ManagedBy "Manager" -Description $Description
i am trying to create a RABC for service desk engineers to view exchange recipients only
could someone confirm the steps below are correct?
- "View-Only Organization Management" is not a built-in role. There's a built-in role group with the same name, but you cannot use a role group for the above process. Try with the "View-Only Recipients" role instead.
2 Replies
- "View-Only Organization Management" is not a built-in role. There's a built-in role group with the same name, but you cannot use a role group for the above process. Try with the "View-Only Recipients" role instead.
- i am trying to restrict the role to use only get-commands. and remving any set commands
Get-ManagementRoleEntry "XXX - ViewOnly Recipients\*" | Where {$_.Name -notlike "*Get"} | Remove-ManagementRoleEntry
however, i receive the error below...
could you help?
Write-ErrorMessage : Cannot process argument transformation on parameter 'Identity'. Cannot convert value "XXX- ViewOnly Recipients" to type "Microsoft.Exchange.Configuration.Tasks.RoleEntryIdParameter". Error: "The format of the value you specified in
the Microsoft.Exchange.Configuration.Tasks.RoleEntryIdParameter parameter isn't valid. Check the value, and then try again.
Parameter name: identity"
