I am really trying to better ubnderstand the basics of RBAC and Exchange 2010. I think i've got it figured out and i have written up a question and would really appreciate any specific help you can provide. Management Role Groups = (Shown by the Get-RoleGroup) command = Is the Universal security group that you assign user accounts or mailboxes to. All of the roles assigned to the role group itself determine what that groups members can do. Management Role = is a container that holds a group of management role entries, these entries define what actions/tasks the members can perform. and It’s important to note that the “Management Role” really is a container which has Management Role Entries added to it so that when it is assigned (the management role to the group) the group members can do all of the things as defined by the entries. Management Role Entries = Is the actual cmdlets that you can run because the entry is assigned to the management role which in-turn is assigned to the management role group which in-turn makes the RBAC model work. I skipped mailbox search here because I wanted to keep this on one page, but basically the MGMT role entry defined (As shown) allows the user to run only the commands that are assigned to the management role group (via the Entries, Management Role and then Group). Management Role Assignment = (From Get-ManagementRoleAssignment)) Assigns a management role to a role group – that is it is responsible for the actual assignment to the role group itself. Meaning because of it when you assign a user to the role group the user gets the correct “cmdlet” or “permissions”. This shows the Name of the “Assignment Role” the Management Role it’s assigned to and the final Role Group its been assigned to “RoleAssigneeName”. (Picture removed) My biggest confusion is the last part - Management role assignment - but please review the whole message. By adding the management role to the management role groups (which are comprised of management role entries have i not assigned the permissions/roles etc) ? Sorry it so long and confusiong... and i appreciate any help. Robert robert was here

I am really trying to better ubnderstand the basics of RBAC and Exchange 2010. I think i've got it figured out and i have written up a question and would really appreciate any specific help you can provide. Management Role Groups = (Shown by the Get-RoleGroup) command = Is the Universal security group that you assign user accounts or mailboxes to. All of the roles assigned to the role group itself determine what that groups members can do. Management Role = is a container that holds a group of management role entries, these entries define what actions/tasks the members can perform. and It’s important to note that the “Management Role” really is a container which has Management Role Entries added to it so that when it is assigned (the management role to the group) the group members can do all of the things as defined by the entries. Management Role Entries = Is the actual cmdlets that you can run because the entry is assigned to the management role which in-turn is assigned to the management role group which in-turn makes the RBAC model work. I skipped mailbox search here because I wanted to keep this on one page, but basically the MGMT role entry defined (As shown) allows the user to run only the commands that are assigned to the management role group (via the Entries, Management Role and then Group). Management Role Assignment = (From Get-ManagementRoleAssignment)) Assigns a management role to a role group – that is it is responsible for the actual assignment to the role group itself. Meaning because of it when you assign a user to the role group the user gets the correct “cmdlet” or “permissions”. This shows the Name of the “Assignment Role” the Management Role it’s assigned to and the final Role Group its been assigned to “RoleAssigneeName”. (Picture removed) My biggest confusion is the last part - Management role assignment - but please review the whole message. By adding the management role to the management role groups (which are comprised of management role entries have i not assigned the permissions/roles etc) ? Sorry it so long and confusiong... and i appreciate any help. Robert robert was here Any ideas? I am really trying to get this worked out so i can better understand it... Thanks again in advance... RobertRobert

Management role assignments are the links between the management role group and the management role. To understand RBAC well, I recommend you refer to the following article: http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exchange-2010-role-based-access-control-part1.html Thanks. NovakPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Have a look at the below mentioned link. Hope so this might help you. http://technet.microsoft.com/en-us/library/dd298183.aspx Thanks Nagaraj N