Use Role Base Access Control to control the users to create moderation rules for only specific users in a NT group or OU via ECP
Dear all We would like to delagate the the ECP to some managers to add moderation for their subordinate, and I have create the below Role group and Role and put them together, then the manager can only add moderation rules via the ECP. But anyway to limit the manager to only add moderation rules for his subordinates? I have try to add a management scope with a AD group which all her subordinate were added and then assign it to the write scope of the management role group but seems not working, the manager can still add moderation rule for all users. Management Role Group - Finance Moderator Group with Finance manager AD account added Management Role - Moderation Rules Role with Moderation Rules cmdlet added Best regards Alex Tsang
April 30th, 2012 2:22pm

Management Role - Moderation Rules Role with Moderation Rules cmdlet added Hi Alex, Could you please post the cmdlet which you used to create the Role here? And New-ManagementScope cmdlet. "moderation rules": Do you mean Moderation with transport rules? An example is better. http://blogs.technet.com/b/exchange/archive/2009/12/16/moderation-with-transport-rules.aspxFrank Wang TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 2nd, 2012 2:08am

Hi Alex, Any updates?Frank Wang TechNet Community Support
May 3rd, 2012 9:46pm

Dear Frank Sorry for the late, and let me elaborate more what I want to do. Yes I mean moderation with tranport rule and the below is what I want. When the users add new transport rules in the rules action of the mail control of the ECP, I want to use RBAC to limit the user to create only moderation transport rule for their subordinate. Firstly, I created a new role called Finance Moderation Roles by using the below command new-managementrole -name "Finance Moderation Roles" -Parent "transport rules" Then I remove the unused parameters of the new-transportrule role entries so that user can only add moderation transport rule by using the below commands remove-managementroleentry "Finance Moderation Roles\New-TransportRule" Add-ManagementRoleEntry "Finance Moderation Roles\New-TransportRule" -Parameters AdComparisonAttribute....... Then I created a Management Role called Finance Mailboxes by using the below command New-ManagementScope -Name "Finance Mailboxes" -RecipientRoot "demo.technergy.local/Users" -RecipientRestrictionFilter {memberOfGroup -eq "Finance"} Then I created a new Role Group and then assign the above Role and management scope to this role group new-rolegroup -name "Finance Moderation Role Group" -Roles "Finance Moderation Roles" -CustomReceipientWriteScope "Finance Mailboxes" At last, I add new members to this Role group in the ECP. After I did above command, the users in the Role Group can only see moderation transport rules such as "Forward the message for approval" in the ECP but when the users select the sender of this moderation transport rule, the full GAL will be shown and all users can be selectd.
Free Windows Admin Tool Kit Click here and download it now
May 5th, 2012 6:30am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics