Nov 08 2021 07:38 AM
I've come across similar permission issues before but I'll use the latest example. In a M365 tenant I wanted to import a PST file. When I went to the Compliance > Information Governance > Import tab a message stated that I didn't have the necessary permissions to create an import job. I was logged in as a global admin.
What I don't understand is that the Organization Management role group seemingly should have given my global admin access to the functionality, which requires the Mailbox Import Export role. The Assigned tab for the Organization Management role group showed TenantAdmins and the Permissions tab has nearly every role enabled, including Mailbox Import Export.
From my understanding every global admin is a member of TenantAdmins. So assuming my admin user account belongs to TenantAdmins and TenantAdmins is assigned the Mailbox Import Export role, my admin user account should also be assigned the Mailbox Import Export role. But it wasn't working.
I had to add my individual admin account to the Assigned tab for the Organization Management role group. Why is that the case though? Why didn't it simply work with the default config? Am I overlooking something or is this some RBAC glitchiness?
Nov 08 2021 08:31 AM
Nov 08 2021 10:08 AM