What are the effective permissions of Exchange roles

The Exchange Administration Delegation Wizards allows you to define roles at the organization level, or at the administrative group level. Where you define a role, combined with the role that you grant may create “effective” permissions. Effective permissions are permissions granted as a side-effect of a granted permission. For example, when you assign a group view-only permissions at the Organization level, the group will also have view-only permissions at the Administrative Group level. Thus, the effective, or actual, permissions of the group are view-only at both the Organization and Administrative Group levels.
More specifically, at the administrative group level:

  • Exchange Administrator includes Exchange View Only Administrator at the organization level.
  • Exchange Full Administrator includes both Exchange Administrator at the administrative group level and Exchange View Only Administrator at the organization level.
  • Exchange View Only Administrator at the organizational level.

Additionally, at the organization level:

  • Exchange View Only Administrator includes Exchange View Only Administrator at the administrative group level.
  • Exchange Administrator includes Exchange View Only Administrator at the organization level, which gives Exchange Administrator Exchange View Only Administrator at the administrative group level.
  • Exchange Full Administrator includes all other permissions at both the organization and administrative group levels.

The following table provides a summary of the effective permissions versus the granted permissions.

Effective permissions versus granted permissions

Granted Permissions AG: View AG: Admin AG: Full Admin ORG: View ORG: Admin ORG: Full Admin
AG: Exchange View Only Administrator Yes None None Yes None None
AG: Exchange Administrator Yes Yes* None Yes None None
AG: Exchange Full Administrator Yes Yes* Yes* Yes None None
ORG: Exchange View Only Administrator Yes None None Yes None None
ORG: Exchange Administrator Yes Yes None Yes Yes None
ORG: Exchange Full Administrator Yes Yes Yes Yes Yes Yes

* = Local administrative group only  AG = Administrative group level  ORG = Organization level

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply