(RBAC) Role Based Access Control in Exchange Server 2016.

Exchange 2016 includes a large set of predefined permissions, based on the Role Based Access Control (RBAC) permissions model, which you can use right away to easily grant permissions to your administrators and users.

Role-based permissions

A role defines the set of tasks that an administrator or user can perform.

There are two types of roles

• Administrative roles (Role Groups): These roles contain permissions that can be assigned to administrators or specialist users
• End-user roles (Role Assignment Policies): These roles, assigned using role assignment policies, enable users to manage aspects of their own mailbox and distribution groups owned by user.

Roles give permissions to perform tasks to administrators and users by making cmdlets available to those who are assigned the roles.

Built-in role groups

Role groups enable you to grant permissions to administrators and specialist users.

1. Organization Management
2. View-only Organization Management
3. Recipient Management
4. UM Management
5. Help Desk
6. Hygiene Management
7. Records Management
8. Discovery Management
9. Public Folder Management
10. Server Management
11. Delegated Setup
12. Compliance Management

Role assignment policies

Exchange 2016 provides role assignment policies so that you can control what settings your users can configure on their own mailboxes and on distribution groups they own. Role assignment policies are added directly to mailboxes, and each mailbox can only be associated with one role assignment policy at a time.

Permissions are added to role assignment policies using end-user roles

“Default Role Assignment Policy” is only is the only one role assignment policy in exchange 2016, administrator can modify or create new policy and assign the same to certain users.

In my next post we will go through how do we create custom role and role assignment policy and assigned them to users.