The Exchange Administration Delegation Wizards allows you to define roles at the organization level, or at the administrative group level. Where you define a role, combined with the role that you grant may create “effective” permissions. Effective permissions are permissions granted as a side-effect of a granted permission. For example, when you assign a group view-only permissions at the Organization level, the group will also have view-only permissions at the Administrative Group level. Thus, the effective, or actual, permissions of the group are view-only at both the Organization and Administrative Group levels.
More specifically, at the administrative group level:
- Exchange Administrator includes Exchange View Only Administrator at the organization level.
- Exchange Full Administrator includes both Exchange Administrator at the administrative group level and Exchange View Only Administrator at the organization level.
- Exchange View Only Administrator at the organizational level.
Additionally, at the organization level:
- Exchange View Only Administrator includes Exchange View Only Administrator at the administrative group level.
- Exchange Administrator includes Exchange View Only Administrator at the organization level, which gives Exchange Administrator Exchange View Only Administrator at the administrative group level.
- Exchange Full Administrator includes all other permissions at both the organization and administrative group levels.
The following table provides a summary of the effective permissions versus the granted permissions.
Effective permissions versus granted permissions
Granted Permissions |
AG: View |
AG: Admin |
AG: Full Admin |
ORG: View |
ORG: Admin |
ORG: Full Admin |
AG: Exchange View Only Administrator |
Yes |
None |
None |
Yes |
None |
None |
AG: Exchange Administrator |
Yes |
Yes* |
None |
Yes |
None |
None |
AG: Exchange Full Administrator |
Yes |
Yes* |
Yes* |
Yes |
None |
None |
ORG: Exchange View Only Administrator |
Yes |
None |
None |
Yes |
None |
None |
ORG: Exchange Administrator |
Yes |
Yes |
None |
Yes |
Yes |
None |
ORG: Exchange Full Administrator |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
* = Local administrative group only AG = Administrative group level ORG = Organization level