Thanks for the quick reply! Sorry, but I'm not super-fluent in PS (yet). So I tested your PS command by changing "Remove-ManagementRoleEntry" to "ft" so that it would simply list results. This showed me that it would remove all Cmdlets
from the Retention Management role. (I also finally figured out that ManagementRoleEntries=Cmdlets.)
I'm glad I didn't just run it as is, because a quick check showed that the Retention Management role is also contained in the Organization Management Admin Role Group. If I had just gone ahead and run that command it would have affected members of Org Management,
and I would have disabled everyone's ability to manage retention policies!
For the benefit of those who are looking to solve the same problem, here is what I did:
EAC - Created a copy of the Records Management Admin group - named it "Copy of Records Management"
PS - Created a copy of the Retention Management role - name it "AssignRetentionPolicy"
EAC - Added AssignRetentionPolicy role to Copy of Records Management admin role group
EAC - Removed all other roles from Copy of Records Management admin role group
PS - Removed all other cmdlets from AssignRetentionPolicy role - I left all of the Get cmdlets, and the Set-Mailbox cmdlet, and I removed all the others. Set-Mailbox is the cmdlet used to assign the retention policy to a mailbox - I probably could
have left only this command in the role.
EAC - Added users to the Copy of Records Management Admin Group. Now when they add or edit a mailbox account, the Retention Policy field will be available.
You could also simply edit the default Recipient Management Admin Role group, and add the newly-created AssignRetentionPolicy role. (I think default admin groups allow adding roles, but not deleting them.) Then you would not need the "Copy
of Records Management" Admin Group. I prefer to do it the first way, since it leaves the default groups unchanged.
I did some of it in the EAC, and some using PS. I did use Vishwanath's command as a starting point, which was a big help.
Vishwanath, thanks for your help!