cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Creating a Custom RBAC Role for exchange

AustinSundar
Copper Contributor

‎Mar 02 2023 06:21 AM

‎Mar 02 2023 06:21 AM

Creating a Custom RBAC Role for exchange 

New-ManagementRole -Parent "View-Only Organization Management" -Name "Custom - ViewOnly Recipients"

Get-ManagementRoleEntry "Custom - ViewOnly Recipients\*" | Where {$_.Name -notlike "*Get-"} | Remove-ManagementRoleEntry

$name = "ServiceDesk Management"
$roles = "Custom - ViewOnly Recipients"
$Description = "Members of this management role group have rights to view Exchange recipient objects in the organization"
New-RoleGroup -Name $name  -Roles $roles  -ManagedBy "Manager" -Description $Description

i am trying to create a RABC for service desk engineers to view exchange recipients only

could someone confirm the steps below are correct?

 

Labels:
761 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by AustinSundar (Copper Contributor)
Vasil Michev

‎Mar 02 2023 11:32 PM

‎Mar 02 2023 11:32 PM

Solution

Re: Creating a Custom RBAC Role for exchange

"View-Only Organization Management" is not a built-in role. There's a built-in role group with the same name, but you cannot use a role group for the above process. Try with the "View-Only Recipients" role instead.
0 Likes
Reply
AustinSundar

‎Mar 08 2023 05:58 AM

‎Mar 08 2023 05:58 AM

Re: Creating a Custom RBAC Role for exchange

i am trying to restrict the role to use only get-commands. and remving any set commands
Get-ManagementRoleEntry "XXX - ViewOnly Recipients\*" | Where {$_.Name -notlike "*Get"} | Remove-ManagementRoleEntry
however, i receive the error below...
could you help?

Write-ErrorMessage : Cannot process argument transformation on parameter 'Identity'. Cannot convert value "XXX- ViewOnly Recipients" to type "Microsoft.Exchange.Configuration.Tasks.RoleEntryIdParameter". Error: "The format of the value you specified in
the Microsoft.Exchange.Configuration.Tasks.RoleEntryIdParameter parameter isn't valid. Check the value, and then try again.
Parameter name: identity"

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by AustinSundar (Copper Contributor)
Vasil Michev

‎Mar 02 2023 11:32 PM

‎Mar 02 2023 11:32 PM

Solution

Re: Creating a Custom RBAC Role for exchange

"View-Only Organization Management" is not a built-in role. There's a built-in role group with the same name, but you cannot use a role group for the above process. Try with the "View-Only Recipients" role instead.

View solution in original post

0 Likes
Reply