Required Permissions to Manage Client Access
This is pre-release documentation and subject to change in future releases. [This topic's current status is: Revising Per Copy Edits.]
Applies to: Exchange Server 2010 SP1* *Topic Last Modified: 2010-01-18
To perform administrative tasks on a computer running Microsoft Exchange Server 2010 that has the Client Access server role installed, you must have the required permissions for the user account that you're using to log on. Administrative tasks can be delegated or assigned to users by using Exchange 2010 administrative roles.
The following table summarizes the minimum permissions required to perform administrative tasks on a Client Access server.
Client Access administrator permissions
| Task | Exchange Organization Administrators | Exchange Server Administrators | Exchange Recipient Administrators | Exchange View-Only Administrators |
|---|---|---|---|---|
|
|
X |
|
|
|
|
X |
|
|
|
|
|
X |
|
X |
|
|
|
|
X |
|
|
|
|
X |
|
|
|
|
|
X |
|
|
|
|
X |
|
|
|
X |
|
|
|
|
X |
|
|
|
The following table summarizes the minimum permissions required to perform administrative tasks for Microsoft Exchange ActiveSync.
Exchange ActiveSync administrator permissions
| Task | Exchange Organization Administrators | Exchange Server Administrators | Exchange Recipient Administrators | Exchange View-Only Administrators |
|---|---|---|---|---|
X |
|
|
|
|
X |
|
|
|
|
X |
|
|
|
|
X |
|
|
|
|
|
|
|
X |
|
X |
|
|
|
|
|
X |
|
|
|
|
X |
|
|
|
X |
|
|
|
|
X |
|
|
|
|
X |
|
|
|
|
|
|
X |
|
|
|
X |
|
|
The following table summarizes the minimum permissions required to perform administrative tasks for Outlook Web App.
Outlook Web App administrator permissions
| Task | Exchange Organization Administrators | Exchange Server Administrators | Exchange Recipient Administrators | Exchange View-Only Administrators |
|---|---|---|---|---|
X |
||||
X |
||||
X |
||||
X |
The following table summarizes the minimum permissions required to perform administrative tasks for Outlook Anywhere.
Outlook Anywhere administrator permissions
| Task | Exchange Organization Administrators | Exchange Server Administrators | Exchange Recipient Administrators | Exchange View-Only Administrators |
|---|---|---|---|---|
|
X |
|
|
|
|
X |
|
|
|
|
|
|
X |
|
|
X |
|
|
The following table summarizes the minimum permissions required to perform administrative tasks for POP3 and IMAP4.
POP3 and IMAP4 administrator permissions
| Task | Exchange Organization Administrators | Exchange Server Administrators | Exchange Recipient Administrators | Exchange View-Only Administrators |
|---|---|---|---|---|
X |
||||
X |
||||
X |
||||
X |
Important
Logging on to a computer by using full administrative credentials may pose a security risk to the computer and network. Therefore, as a security best practice, don't log on to a computer by using full administrative credentials when you want to perform routine administrative tasks. Instead, you can use the Secondary Logon service or the Run as command to start applications or additional commands in a different security context without having to log off of the computer. The Run as command prompts you to enter different credentials before the application or command can run. For more information about the Run as command, see Using Run as in the Windows Server 2003, Standard Edition online Help.